Talos Rules 2017-08-31
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the blacklist, browser-ie, file-flash, file-image, file-multimedia, file-other, file-pdf, malware-cnc, malware-other, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2017-08-31 13:56:39 UTC

Snort Subscriber Rules Update

Date: 2017-08-31

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:44219 <-> DISABLED <-> SERVER-OTHER HP data protector OmniInet service NULL dereference denial of service attempt (server-other.rules)
 * 1:44218 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Shell Handler remote code execution attempt (os-windows.rules)
 * 1:44213 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Tarayt (blacklist.rules)
 * 1:44212 <-> ENABLED <-> MALWARE-CNC Tarayt outbound connection attempt (malware-cnc.rules)
 * 1:44193 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer frameBorder denial of service attempt (browser-ie.rules)
 * 1:44221 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules)
 * 1:44201 <-> DISABLED <-> SERVER-OTHER Verso NetPerformer frame relay access device telnet buffer overflow attempt (server-other.rules)
 * 1:44191 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center dbman BackupDBase opcode command injection attempt (server-other.rules)
 * 1:44204 <-> DISABLED <-> FILE-OTHER VideoLAN VLC Media Player Ogg/Vorbis denial of service attempt (file-other.rules)
 * 1:44190 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cyfshent variant outbound connection (malware-cnc.rules)
 * 1:44202 <-> DISABLED <-> SERVER-OTHER Sybase M-Business Anywhere agSoap.exe closing tag buffer overflow attempt (server-other.rules)
 * 1:44197 <-> DISABLED <-> BROWSER-IE Internet Explorer CCaret memory corruption attempt (browser-ie.rules)
 * 1:44203 <-> DISABLED <-> SERVER-OTHER HP Data Protector memory corruption attempt (server-other.rules)
 * 1:44205 <-> DISABLED <-> FILE-OTHER VideoLAN VLC Media Player Ogg/Vorbis denial of service attempt (file-other.rules)
 * 1:44206 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (file-pdf.rules)
 * 1:44207 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (file-pdf.rules)
 * 1:44208 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (file-pdf.rules)
 * 1:44209 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (file-pdf.rules)
 * 1:44210 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bullrat variant outbound connection (malware-cnc.rules)
 * 1:44196 <-> DISABLED <-> BROWSER-IE Internet Explorer CCaret memory corruption attempt (browser-ie.rules)
 * 1:44192 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer frameBorder denial of service attempt (browser-ie.rules)
 * 1:44222 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules)
 * 1:44214 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Win.Trojan.Graftor (blacklist.rules)
 * 1:44199 <-> DISABLED <-> BROWSER-IE Microsoft Internet print table of links cross site scripting attempt (browser-ie.rules)
 * 1:44215 <-> DISABLED <-> SERVER-OTHER Sybase Open Server TDS login packet stack memory corruption attempt (server-other.rules)
 * 1:44198 <-> DISABLED <-> BROWSER-IE Internet Explorer CCaret memory corruption attempt (browser-ie.rules)
 * 1:44211 <-> ENABLED <-> MALWARE-CNC Tarayt outbound connection attempt (malware-cnc.rules)
 * 1:44200 <-> DISABLED <-> BROWSER-IE Microsoft Internet print table of links cross site scripting attempt (browser-ie.rules)
 * 1:44216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Shell Handler remote code execution attempt (os-windows.rules)
 * 1:44217 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Shell Handler remote code execution attempt (os-windows.rules)
 * 1:44194 <-> DISABLED <-> FILE-MULTIMEDIA multiple audio players playlist file handling heap overflow attempt (file-multimedia.rules)
 * 1:44220 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules)
 * 1:44195 <-> DISABLED <-> BROWSER-IE Internet Explorer CCaret memory corruption attempt (browser-ie.rules)
 * 3:44230 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44226 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44229 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44227 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44228 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44225 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44189 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0421 attack attempt (server-other.rules)
 * 3:44223 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44224 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)

Modified Rules:


 * 1:26169 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CCaret use after free attempt (browser-ie.rules)
 * 1:32856 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules)
 * 1:42817 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules)
 * 1:16739 <-> DISABLED <-> FILE-MULTIMEDIA Multiple audio players playlist file handling heap overflow attempt (file-multimedia.rules)
 * 1:44078 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Nemucod file download (malware-other.rules)
 * 1:32855 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules)
 * 1:18777 <-> DISABLED <-> SERVER-OTHER HP data protector OmniInet service NULL dereference denial of service attempt (server-other.rules)
 * 1:42818 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules)
 * 1:16414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Shell Handler remote code execution attempt (os-windows.rules)
 * 1:19155 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector Media Operations SignInName Parameter overflow attempt (server-webapp.rules)
 * 1:25603 <-> DISABLED <-> SERVER-OTHER Sybase Open Server TDS login packet stack memory corruption attempt (server-other.rules)
 * 1:26168 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CCaret use after free attempt (browser-ie.rules)

2017-08-31 13:56:39 UTC

Snort Subscriber Rules Update

Date: 2017-08-31

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:44217 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Shell Handler remote code execution attempt (os-windows.rules)
 * 1:44214 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Win.Trojan.Graftor (blacklist.rules)
 * 1:44198 <-> DISABLED <-> BROWSER-IE Internet Explorer CCaret memory corruption attempt (browser-ie.rules)
 * 1:44213 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Tarayt (blacklist.rules)
 * 1:44204 <-> DISABLED <-> FILE-OTHER VideoLAN VLC Media Player Ogg/Vorbis denial of service attempt (file-other.rules)
 * 1:44195 <-> DISABLED <-> BROWSER-IE Internet Explorer CCaret memory corruption attempt (browser-ie.rules)
 * 1:44200 <-> DISABLED <-> BROWSER-IE Microsoft Internet print table of links cross site scripting attempt (browser-ie.rules)
 * 1:44201 <-> DISABLED <-> SERVER-OTHER Verso NetPerformer frame relay access device telnet buffer overflow attempt (server-other.rules)
 * 1:44194 <-> DISABLED <-> FILE-MULTIMEDIA multiple audio players playlist file handling heap overflow attempt (file-multimedia.rules)
 * 1:44196 <-> DISABLED <-> BROWSER-IE Internet Explorer CCaret memory corruption attempt (browser-ie.rules)
 * 1:44197 <-> DISABLED <-> BROWSER-IE Internet Explorer CCaret memory corruption attempt (browser-ie.rules)
 * 1:44203 <-> DISABLED <-> SERVER-OTHER HP Data Protector memory corruption attempt (server-other.rules)
 * 1:44205 <-> DISABLED <-> FILE-OTHER VideoLAN VLC Media Player Ogg/Vorbis denial of service attempt (file-other.rules)
 * 1:44206 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (file-pdf.rules)
 * 1:44202 <-> DISABLED <-> SERVER-OTHER Sybase M-Business Anywhere agSoap.exe closing tag buffer overflow attempt (server-other.rules)
 * 1:44207 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (file-pdf.rules)
 * 1:44208 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (file-pdf.rules)
 * 1:44209 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (file-pdf.rules)
 * 1:44210 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bullrat variant outbound connection (malware-cnc.rules)
 * 1:44211 <-> ENABLED <-> MALWARE-CNC Tarayt outbound connection attempt (malware-cnc.rules)
 * 1:44212 <-> ENABLED <-> MALWARE-CNC Tarayt outbound connection attempt (malware-cnc.rules)
 * 1:44199 <-> DISABLED <-> BROWSER-IE Microsoft Internet print table of links cross site scripting attempt (browser-ie.rules)
 * 1:44215 <-> DISABLED <-> SERVER-OTHER Sybase Open Server TDS login packet stack memory corruption attempt (server-other.rules)
 * 1:44216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Shell Handler remote code execution attempt (os-windows.rules)
 * 1:44222 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules)
 * 1:44221 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules)
 * 1:44190 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cyfshent variant outbound connection (malware-cnc.rules)
 * 1:44192 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer frameBorder denial of service attempt (browser-ie.rules)
 * 1:44193 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer frameBorder denial of service attempt (browser-ie.rules)
 * 1:44191 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center dbman BackupDBase opcode command injection attempt (server-other.rules)
 * 1:44220 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules)
 * 1:44218 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Shell Handler remote code execution attempt (os-windows.rules)
 * 1:44219 <-> DISABLED <-> SERVER-OTHER HP data protector OmniInet service NULL dereference denial of service attempt (server-other.rules)
 * 3:44229 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44230 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44227 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44228 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44225 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44226 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44224 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44223 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44189 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0421 attack attempt (server-other.rules)

Modified Rules:


 * 1:26168 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CCaret use after free attempt (browser-ie.rules)
 * 1:26169 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CCaret use after free attempt (browser-ie.rules)
 * 1:42817 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules)
 * 1:16739 <-> DISABLED <-> FILE-MULTIMEDIA Multiple audio players playlist file handling heap overflow attempt (file-multimedia.rules)
 * 1:44078 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Nemucod file download (malware-other.rules)
 * 1:19155 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector Media Operations SignInName Parameter overflow attempt (server-webapp.rules)
 * 1:42818 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules)
 * 1:16414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Shell Handler remote code execution attempt (os-windows.rules)
 * 1:18777 <-> DISABLED <-> SERVER-OTHER HP data protector OmniInet service NULL dereference denial of service attempt (server-other.rules)
 * 1:32856 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules)
 * 1:32855 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules)
 * 1:25603 <-> DISABLED <-> SERVER-OTHER Sybase Open Server TDS login packet stack memory corruption attempt (server-other.rules)

2017-08-31 13:56:39 UTC

Snort Subscriber Rules Update

Date: 2017-08-31

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:44222 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules)
 * 1:44221 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules)
 * 1:44220 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules)
 * 1:44219 <-> DISABLED <-> SERVER-OTHER HP data protector OmniInet service NULL dereference denial of service attempt (server-other.rules)
 * 1:44218 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Shell Handler remote code execution attempt (os-windows.rules)
 * 1:44217 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Shell Handler remote code execution attempt (os-windows.rules)
 * 1:44216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Shell Handler remote code execution attempt (os-windows.rules)
 * 1:44215 <-> DISABLED <-> SERVER-OTHER Sybase Open Server TDS login packet stack memory corruption attempt (server-other.rules)
 * 1:44214 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Win.Trojan.Graftor (blacklist.rules)
 * 1:44213 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Tarayt (blacklist.rules)
 * 1:44212 <-> ENABLED <-> MALWARE-CNC Tarayt outbound connection attempt (malware-cnc.rules)
 * 1:44211 <-> ENABLED <-> MALWARE-CNC Tarayt outbound connection attempt (malware-cnc.rules)
 * 1:44210 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bullrat variant outbound connection (malware-cnc.rules)
 * 1:44209 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (file-pdf.rules)
 * 1:44208 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (file-pdf.rules)
 * 1:44207 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (file-pdf.rules)
 * 1:44206 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (file-pdf.rules)
 * 1:44205 <-> DISABLED <-> FILE-OTHER VideoLAN VLC Media Player Ogg/Vorbis denial of service attempt (file-other.rules)
 * 1:44204 <-> DISABLED <-> FILE-OTHER VideoLAN VLC Media Player Ogg/Vorbis denial of service attempt (file-other.rules)
 * 1:44203 <-> DISABLED <-> SERVER-OTHER HP Data Protector memory corruption attempt (server-other.rules)
 * 1:44202 <-> DISABLED <-> SERVER-OTHER Sybase M-Business Anywhere agSoap.exe closing tag buffer overflow attempt (server-other.rules)
 * 1:44201 <-> DISABLED <-> SERVER-OTHER Verso NetPerformer frame relay access device telnet buffer overflow attempt (server-other.rules)
 * 1:44200 <-> DISABLED <-> BROWSER-IE Microsoft Internet print table of links cross site scripting attempt (browser-ie.rules)
 * 1:44199 <-> DISABLED <-> BROWSER-IE Microsoft Internet print table of links cross site scripting attempt (browser-ie.rules)
 * 1:44198 <-> DISABLED <-> BROWSER-IE Internet Explorer CCaret memory corruption attempt (browser-ie.rules)
 * 1:44197 <-> DISABLED <-> BROWSER-IE Internet Explorer CCaret memory corruption attempt (browser-ie.rules)
 * 1:44196 <-> DISABLED <-> BROWSER-IE Internet Explorer CCaret memory corruption attempt (browser-ie.rules)
 * 1:44195 <-> DISABLED <-> BROWSER-IE Internet Explorer CCaret memory corruption attempt (browser-ie.rules)
 * 1:44194 <-> DISABLED <-> FILE-MULTIMEDIA multiple audio players playlist file handling heap overflow attempt (file-multimedia.rules)
 * 1:44193 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer frameBorder denial of service attempt (browser-ie.rules)
 * 1:44192 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer frameBorder denial of service attempt (browser-ie.rules)
 * 1:44191 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center dbman BackupDBase opcode command injection attempt (server-other.rules)
 * 1:44190 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cyfshent variant outbound connection (malware-cnc.rules)
 * 3:44229 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44230 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44228 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44227 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44226 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44224 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44225 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)
 * 3:44189 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0421 attack attempt (server-other.rules)
 * 3:44223 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules)

Modified Rules:


 * 1:44078 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Nemucod file download (malware-other.rules)
 * 1:32856 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules)
 * 1:26169 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CCaret use after free attempt (browser-ie.rules)
 * 1:18777 <-> DISABLED <-> SERVER-OTHER HP data protector OmniInet service NULL dereference denial of service attempt (server-other.rules)
 * 1:42817 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules)
 * 1:19155 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector Media Operations SignInName Parameter overflow attempt (server-webapp.rules)
 * 1:16739 <-> DISABLED <-> FILE-MULTIMEDIA Multiple audio players playlist file handling heap overflow attempt (file-multimedia.rules)
 * 1:16414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Shell Handler remote code execution attempt (os-windows.rules)
 * 1:42818 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules)
 * 1:32855 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules)
 * 1:26168 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CCaret use after free attempt (browser-ie.rules)
 * 1:25603 <-> DISABLED <-> SERVER-OTHER Sybase Open Server TDS login packet stack memory corruption attempt (server-other.rules)