Talos Rules 2017-08-22
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-firefox, browser-ie, browser-other, browser-plugins, deleted, file-flash, file-identify, file-image, file-multimedia, file-office, file-other, file-pdf, indicator-compromise, malware-cnc, protocol-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2017-08-22 23:50:08 UTC

Snort Subscriber Rules Update

Date: 2017-08-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:44069 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules)
 * 1:44068 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules)
 * 1:44067 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules)
 * 1:44066 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules)
 * 1:44065 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules)
 * 1:44064 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules)
 * 1:44062 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44061 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44060 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44059 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44058 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file EMR_ALPHABLEND record memory corruption attempt (file-other.rules)
 * 1:44057 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file EMR_ALPHABLEND record memory corruption attempt (file-other.rules)
 * 1:44056 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules)
 * 1:44055 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules)
 * 1:44054 <-> DISABLED <-> FILE-PDF Adobe Professional JPEG file invalid quantization table use-after-free attempt (file-pdf.rules)
 * 1:44053 <-> DISABLED <-> FILE-PDF Adobe Professional JPEG file invalid quantization table use-after-free attempt (file-pdf.rules)
 * 1:44052 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word EPS filter PostScript object use after free attempt (file-office.rules)
 * 1:44051 <-> DISABLED <-> BROWSER-OTHER Apple Safari document.write buffer overflow attempt (browser-other.rules)
 * 1:44050 <-> DISABLED <-> BROWSER-OTHER Apple Safari document.write buffer overflow attempt (browser-other.rules)
 * 1:44049 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules)
 * 1:44048 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules)
 * 1:44047 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules)
 * 1:44046 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules)
 * 1:44045 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox invalid watchpoint memory corruption attempt (browser-firefox.rules)
 * 1:44044 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox invalid watchpoint memory corruption attempt (browser-firefox.rules)
 * 1:44043 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers JavaScript argument passing code execution attempt (browser-firefox.rules)
 * 1:44042 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hupigon Connection attempt (malware-cnc.rules)
 * 1:44041 <-> DISABLED <-> SERVER-OTHER LCDproc test_func buffer overflow attempt (server-other.rules)
 * 1:44040 <-> DISABLED <-> FILE-PDF Foxit PDF Reader Launch action buffer overflow attempt (file-pdf.rules)
 * 1:44039 <-> DISABLED <-> FILE-PDF Foxit PDF Reader Launch action buffer overflow attempt (file-pdf.rules)
 * 1:44038 <-> DISABLED <-> SERVER-OTHER LCDproc parse_all_client_messages buffer overflow attempt (server-other.rules)
 * 1:44037 <-> ENABLED <-> INDICATOR-COMPROMISE DNS request for known malware sinkhole domain iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com - WannaCry (indicator-compromise.rules)
 * 1:44036 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid access attempt (browser-plugins.rules)
 * 1:44035 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid access attempt (browser-plugins.rules)
 * 1:44034 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Professional EMF file JPEG Huffman table memory corrupt attempt (file-other.rules)
 * 1:44033 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Professional EMF file JPEG Huffman table memory corrupt attempt (file-other.rules)
 * 1:44032 <-> DISABLED <-> FILE-OFFICE Powerpoint Viewer malformed msoDrawing property table buffer overflow attempt (file-office.rules)
 * 1:44031 <-> DISABLED <-> FILE-OFFICE Powerpoint Viewer malformed msoDrawing property table buffer overflow attempt (file-office.rules)
 * 1:44030 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint ppt file attachment detected file attachment detected (file-identify.rules)
 * 1:44029 <-> DISABLED <-> DELETED 5urthfgbq4ershgq3hsttsgn (deleted.rules)
 * 1:44028 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules)
 * 1:44027 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules)
 * 1:44026 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44025 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44024 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44023 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44022 <-> DISABLED <-> DELETED asdfasdfasdfadsfadgdfgadgg (deleted.rules)
 * 1:44021 <-> DISABLED <-> SERVER-WEBAPP Dell OpenManage server application field buffer overflow attempt (server-webapp.rules)
 * 1:44020 <-> DISABLED <-> FILE-IMAGE malformed png missing IHDR (file-image.rules)
 * 1:44019 <-> DISABLED <-> FILE-IMAGE malformed png missing IHDR (file-image.rules)
 * 1:44018 <-> DISABLED <-> DELETED qw34redfaqwefsdfcasdfvadsfadfdf (deleted.rules)
 * 1:44017 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules)
 * 1:44016 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules)
 * 1:44015 <-> DISABLED <-> PROTOCOL-OTHER STCP heartbeat chunk denial of service attempt (protocol-other.rules)
 * 1:44014 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader exportAsXFAStr use after free attempt (file-pdf.rules)
 * 1:44013 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader exportAsXFAStr use after free attempt (file-pdf.rules)
 * 3:44063 <-> ENABLED <-> SERVER-WEBAPP Cisco Ultra Services Framework AutoVNF directory traversal attempt (server-webapp.rules)

Modified Rules:


 * 1:16005 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers JavaScript argument passing code execution attempt (browser-firefox.rules)
 * 1:22003 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid access attempt (browser-plugins.rules)
 * 1:32817 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules)
 * 1:32818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules)
 * 1:40404 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer eval type confusion attempt (browser-ie.rules)
 * 1:40405 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer eval type confusion attempt (browser-ie.rules)
 * 1:41954 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer textarea type confusion attempt (browser-ie.rules)
 * 1:41955 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer textarea type confusion attempt (browser-ie.rules)
 * 1:42212 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded JPEG 2000 flst heap overflow attempt (file-pdf.rules)
 * 1:42213 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded JPEG 2000 flst heap overflow attempt (file-pdf.rules)
 * 1:43642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox multiple vulnerabilities memory corruption attempt (browser-firefox.rules)
 * 1:43883 <-> ENABLED <-> FILE-PDF Acrobat Reader FontDescriptor object type confusion attempt (file-pdf.rules)
 * 1:43884 <-> ENABLED <-> FILE-PDF Acrobat Reader FontDescriptor object type confusion attempt (file-pdf.rules)
 * 1:8369 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid access attempt (browser-plugins.rules)
 * 1:17549 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Error Handling Code Execution (browser-ie.rules)

2017-08-22 23:50:08 UTC

Snort Subscriber Rules Update

Date: 2017-08-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:44053 <-> DISABLED <-> FILE-PDF Adobe Professional JPEG file invalid quantization table use-after-free attempt (file-pdf.rules)
 * 1:44054 <-> DISABLED <-> FILE-PDF Adobe Professional JPEG file invalid quantization table use-after-free attempt (file-pdf.rules)
 * 1:44051 <-> DISABLED <-> BROWSER-OTHER Apple Safari document.write buffer overflow attempt (browser-other.rules)
 * 1:44052 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word EPS filter PostScript object use after free attempt (file-office.rules)
 * 1:44049 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules)
 * 1:44050 <-> DISABLED <-> BROWSER-OTHER Apple Safari document.write buffer overflow attempt (browser-other.rules)
 * 1:44048 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules)
 * 1:44047 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules)
 * 1:44045 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox invalid watchpoint memory corruption attempt (browser-firefox.rules)
 * 1:44046 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules)
 * 1:44044 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox invalid watchpoint memory corruption attempt (browser-firefox.rules)
 * 1:44028 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules)
 * 1:44023 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44022 <-> DISABLED <-> DELETED asdfasdfasdfadsfadgdfgadgg (deleted.rules)
 * 1:44021 <-> DISABLED <-> SERVER-WEBAPP Dell OpenManage server application field buffer overflow attempt (server-webapp.rules)
 * 1:44014 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader exportAsXFAStr use after free attempt (file-pdf.rules)
 * 1:44015 <-> DISABLED <-> PROTOCOL-OTHER STCP heartbeat chunk denial of service attempt (protocol-other.rules)
 * 1:44017 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules)
 * 1:44018 <-> DISABLED <-> DELETED qw34redfaqwefsdfcasdfvadsfadfdf (deleted.rules)
 * 1:44019 <-> DISABLED <-> FILE-IMAGE malformed png missing IHDR (file-image.rules)
 * 1:44024 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44025 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44026 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44027 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules)
 * 1:44029 <-> DISABLED <-> DELETED 5urthfgbq4ershgq3hsttsgn (deleted.rules)
 * 1:44030 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint ppt file attachment detected file attachment detected (file-identify.rules)
 * 1:44031 <-> DISABLED <-> FILE-OFFICE Powerpoint Viewer malformed msoDrawing property table buffer overflow attempt (file-office.rules)
 * 1:44032 <-> DISABLED <-> FILE-OFFICE Powerpoint Viewer malformed msoDrawing property table buffer overflow attempt (file-office.rules)
 * 1:44033 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Professional EMF file JPEG Huffman table memory corrupt attempt (file-other.rules)
 * 1:44034 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Professional EMF file JPEG Huffman table memory corrupt attempt (file-other.rules)
 * 1:44035 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid access attempt (browser-plugins.rules)
 * 1:44036 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid access attempt (browser-plugins.rules)
 * 1:44037 <-> ENABLED <-> INDICATOR-COMPROMISE DNS request for known malware sinkhole domain iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com - WannaCry (indicator-compromise.rules)
 * 1:44038 <-> DISABLED <-> SERVER-OTHER LCDproc parse_all_client_messages buffer overflow attempt (server-other.rules)
 * 1:44039 <-> DISABLED <-> FILE-PDF Foxit PDF Reader Launch action buffer overflow attempt (file-pdf.rules)
 * 1:44040 <-> DISABLED <-> FILE-PDF Foxit PDF Reader Launch action buffer overflow attempt (file-pdf.rules)
 * 1:44041 <-> DISABLED <-> SERVER-OTHER LCDproc test_func buffer overflow attempt (server-other.rules)
 * 1:44042 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hupigon Connection attempt (malware-cnc.rules)
 * 1:44043 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers JavaScript argument passing code execution attempt (browser-firefox.rules)
 * 1:44013 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader exportAsXFAStr use after free attempt (file-pdf.rules)
 * 1:44069 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules)
 * 1:44068 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules)
 * 1:44067 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules)
 * 1:44066 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules)
 * 1:44065 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules)
 * 1:44064 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules)
 * 1:44062 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44061 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44020 <-> DISABLED <-> FILE-IMAGE malformed png missing IHDR (file-image.rules)
 * 1:44060 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44059 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44057 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file EMR_ALPHABLEND record memory corruption attempt (file-other.rules)
 * 1:44058 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file EMR_ALPHABLEND record memory corruption attempt (file-other.rules)
 * 1:44056 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules)
 * 1:44055 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules)
 * 1:44016 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules)
 * 3:44063 <-> ENABLED <-> SERVER-WEBAPP Cisco Ultra Services Framework AutoVNF directory traversal attempt (server-webapp.rules)

Modified Rules:


 * 1:16005 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers JavaScript argument passing code execution attempt (browser-firefox.rules)
 * 1:41955 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer textarea type confusion attempt (browser-ie.rules)
 * 1:42212 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded JPEG 2000 flst heap overflow attempt (file-pdf.rules)
 * 1:8369 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox multiple vulnerabilities memory corruption attempt (browser-firefox.rules)
 * 1:43883 <-> ENABLED <-> FILE-PDF Acrobat Reader FontDescriptor object type confusion attempt (file-pdf.rules)
 * 1:42213 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded JPEG 2000 flst heap overflow attempt (file-pdf.rules)
 * 1:43884 <-> ENABLED <-> FILE-PDF Acrobat Reader FontDescriptor object type confusion attempt (file-pdf.rules)
 * 1:17549 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Error Handling Code Execution (browser-ie.rules)
 * 1:40405 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer eval type confusion attempt (browser-ie.rules)
 * 1:41954 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer textarea type confusion attempt (browser-ie.rules)
 * 1:40404 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer eval type confusion attempt (browser-ie.rules)
 * 1:32817 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules)
 * 1:32818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules)
 * 1:22003 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid access attempt (browser-plugins.rules)

2017-08-22 23:50:08 UTC

Snort Subscriber Rules Update

Date: 2017-08-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:44054 <-> DISABLED <-> FILE-PDF Adobe Professional JPEG file invalid quantization table use-after-free attempt (file-pdf.rules)
 * 1:44013 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader exportAsXFAStr use after free attempt (file-pdf.rules)
 * 1:44022 <-> DISABLED <-> DELETED asdfasdfasdfadsfadgdfgadgg (deleted.rules)
 * 1:44048 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules)
 * 1:44019 <-> DISABLED <-> FILE-IMAGE malformed png missing IHDR (file-image.rules)
 * 1:44015 <-> DISABLED <-> PROTOCOL-OTHER STCP heartbeat chunk denial of service attempt (protocol-other.rules)
 * 1:44058 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file EMR_ALPHABLEND record memory corruption attempt (file-other.rules)
 * 1:44059 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44061 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44060 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44062 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44064 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules)
 * 1:44065 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules)
 * 1:44066 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules)
 * 1:44067 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules)
 * 1:44068 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules)
 * 1:44069 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules)
 * 1:44025 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44026 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44027 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules)
 * 1:44028 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules)
 * 1:44024 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44029 <-> DISABLED <-> DELETED 5urthfgbq4ershgq3hsttsgn (deleted.rules)
 * 1:44030 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint ppt file attachment detected file attachment detected (file-identify.rules)
 * 1:44031 <-> DISABLED <-> FILE-OFFICE Powerpoint Viewer malformed msoDrawing property table buffer overflow attempt (file-office.rules)
 * 1:44032 <-> DISABLED <-> FILE-OFFICE Powerpoint Viewer malformed msoDrawing property table buffer overflow attempt (file-office.rules)
 * 1:44033 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Professional EMF file JPEG Huffman table memory corrupt attempt (file-other.rules)
 * 1:44034 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Professional EMF file JPEG Huffman table memory corrupt attempt (file-other.rules)
 * 1:44035 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid access attempt (browser-plugins.rules)
 * 1:44036 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid access attempt (browser-plugins.rules)
 * 1:44037 <-> ENABLED <-> INDICATOR-COMPROMISE DNS request for known malware sinkhole domain iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com - WannaCry (indicator-compromise.rules)
 * 1:44038 <-> DISABLED <-> SERVER-OTHER LCDproc parse_all_client_messages buffer overflow attempt (server-other.rules)
 * 1:44039 <-> DISABLED <-> FILE-PDF Foxit PDF Reader Launch action buffer overflow attempt (file-pdf.rules)
 * 1:44040 <-> DISABLED <-> FILE-PDF Foxit PDF Reader Launch action buffer overflow attempt (file-pdf.rules)
 * 1:44041 <-> DISABLED <-> SERVER-OTHER LCDproc test_func buffer overflow attempt (server-other.rules)
 * 1:44042 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hupigon Connection attempt (malware-cnc.rules)
 * 1:44021 <-> DISABLED <-> SERVER-WEBAPP Dell OpenManage server application field buffer overflow attempt (server-webapp.rules)
 * 1:44043 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers JavaScript argument passing code execution attempt (browser-firefox.rules)
 * 1:44020 <-> DISABLED <-> FILE-IMAGE malformed png missing IHDR (file-image.rules)
 * 1:44017 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules)
 * 1:44044 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox invalid watchpoint memory corruption attempt (browser-firefox.rules)
 * 1:44018 <-> DISABLED <-> DELETED qw34redfaqwefsdfcasdfvadsfadfdf (deleted.rules)
 * 1:44016 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules)
 * 1:44045 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox invalid watchpoint memory corruption attempt (browser-firefox.rules)
 * 1:44046 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules)
 * 1:44047 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules)
 * 1:44050 <-> DISABLED <-> BROWSER-OTHER Apple Safari document.write buffer overflow attempt (browser-other.rules)
 * 1:44049 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules)
 * 1:44052 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word EPS filter PostScript object use after free attempt (file-office.rules)
 * 1:44051 <-> DISABLED <-> BROWSER-OTHER Apple Safari document.write buffer overflow attempt (browser-other.rules)
 * 1:44023 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44053 <-> DISABLED <-> FILE-PDF Adobe Professional JPEG file invalid quantization table use-after-free attempt (file-pdf.rules)
 * 1:44014 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader exportAsXFAStr use after free attempt (file-pdf.rules)
 * 1:44056 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules)
 * 1:44057 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file EMR_ALPHABLEND record memory corruption attempt (file-other.rules)
 * 1:44055 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules)
 * 3:44063 <-> ENABLED <-> SERVER-WEBAPP Cisco Ultra Services Framework AutoVNF directory traversal attempt (server-webapp.rules)

Modified Rules:


 * 1:8369 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43883 <-> ENABLED <-> FILE-PDF Acrobat Reader FontDescriptor object type confusion attempt (file-pdf.rules)
 * 1:43884 <-> ENABLED <-> FILE-PDF Acrobat Reader FontDescriptor object type confusion attempt (file-pdf.rules)
 * 1:17549 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Error Handling Code Execution (browser-ie.rules)
 * 1:16005 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers JavaScript argument passing code execution attempt (browser-firefox.rules)
 * 1:22003 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid access attempt (browser-plugins.rules)
 * 1:32817 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules)
 * 1:40404 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer eval type confusion attempt (browser-ie.rules)
 * 1:40405 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer eval type confusion attempt (browser-ie.rules)
 * 1:41954 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer textarea type confusion attempt (browser-ie.rules)
 * 1:41955 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer textarea type confusion attempt (browser-ie.rules)
 * 1:42212 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded JPEG 2000 flst heap overflow attempt (file-pdf.rules)
 * 1:42213 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded JPEG 2000 flst heap overflow attempt (file-pdf.rules)
 * 1:43642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox multiple vulnerabilities memory corruption attempt (browser-firefox.rules)
 * 1:32818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules)