Talos Rules 2017-11-28
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-firefox, browser-ie, browser-other, file-image, file-other, file-pdf, indicator-compromise, malware-cnc, policy-other, protocol-tftp and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2983

2017-11-28 20:15:22 UTC

Snort Subscriber Rules Update

Date: 2017-11-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:44993 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk Plus policy bypass attempt (server-webapp.rules)
 * 1:45046 <-> ENABLED <-> SERVER-OTHER Exim malformed BDAT code execution attempt (server-other.rules)
 * 1:45044 <-> DISABLED <-> FILE-PDF Adobe Reader out of bounds memory access violation attempt (file-pdf.rules)
 * 1:45045 <-> DISABLED <-> FILE-PDF Adobe Reader out of bounds memory access violation attempt (file-pdf.rules)
 * 1:45043 <-> DISABLED <-> BROWSER-OTHER Adobe Acrobat Pro WebCapture information disclosure attempt (browser-other.rules)
 * 1:45004 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:44998 <-> ENABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules)
 * 1:45030 <-> DISABLED <-> FILE-PDF JPEG2000 image coding style default information disclosure attempt (file-pdf.rules)
 * 1:45007 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:44996 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk Plus policy bypass attempt (server-webapp.rules)
 * 1:44999 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails file inclusion attempt (server-webapp.rules)
 * 1:45001 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information leak attempt (server-webapp.rules)
 * 1:45000 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails file inclusion attempt (server-webapp.rules)
 * 1:45039 <-> DISABLED <-> SERVER-WEBAPP Joomla LDAP authentication plugin information disclosure exploitation attempt (server-webapp.rules)
 * 1:45041 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules)
 * 1:45005 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:44991 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products CSS rendering out-of-bounds array write attempt (browser-firefox.rules)
 * 1:45002 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:44992 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk Plus policy bypass attempt (server-webapp.rules)
 * 1:45006 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45003 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45008 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45009 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45010 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45011 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45012 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45013 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45014 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45015 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45016 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45024 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules)
 * 1:45023 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules)
 * 1:45027 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules)
 * 1:45028 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules)
 * 1:45029 <-> DISABLED <-> FILE-PDF JPEG2000 image coding style default information disclosure attempt (file-pdf.rules)
 * 1:45031 <-> DISABLED <-> FILE-OTHER Adobe Acrobat JPEG2000 out of bounds buffer overflow attempt (file-other.rules)
 * 1:45032 <-> DISABLED <-> FILE-OTHER Adobe Acrobat JPEG2000 out of bounds buffer overflow attempt (file-other.rules)
 * 1:45042 <-> DISABLED <-> BROWSER-OTHER Adobe Acrobat Pro WebCapture information disclosure attempt (browser-other.rules)
 * 1:44995 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk Plus policy bypass attempt (server-webapp.rules)
 * 1:44997 <-> ENABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules)
 * 1:45040 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules)
 * 1:45038 <-> DISABLED <-> SERVER-WEBAPP Joomla LDAP authentication plugin information disclosure exploitation attempt (server-webapp.rules)
 * 1:45035 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules)
 * 1:45037 <-> DISABLED <-> SERVER-WEBAPP Joomla LDAP authentication plugin information disclosure exploitation attempt (server-webapp.rules)
 * 1:45036 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules)
 * 1:44994 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk Plus policy bypass attempt (server-webapp.rules)
 * 3:45017 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0497 attack attempt (file-image.rules)
 * 3:45018 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0497 attack attempt (file-image.rules)
 * 3:45019 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0490 attack attempt (file-image.rules)
 * 3:45020 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0490 attack attempt (file-image.rules)
 * 3:45021 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0491 attack attempt (file-image.rules)
 * 3:45022 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0491 attack attempt (file-image.rules)
 * 3:45025 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0489 attack attempt (file-image.rules)
 * 3:45026 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0489 attack attempt (file-image.rules)
 * 3:45033 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0488 attack attempt (file-image.rules)
 * 3:45034 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0488 attack attempt (file-image.rules)
 * 3:45047 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0499 attack attempt (file-image.rules)
 * 3:45048 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0499 attack attempt (file-image.rules)
 * 3:45049 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0492 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:43599 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object type confusion remote code execution attempt (browser-ie.rules)
 * 1:44728 <-> DISABLED <-> INDICATOR-COMPROMISE Meterpreter payload download attempt (indicator-compromise.rules)
 * 1:42311 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules)
 * 1:42312 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules)
 * 1:42286 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules)
 * 1:2337 <-> DISABLED <-> PROTOCOL-TFTP PUT filename overflow attempt (protocol-tftp.rules)
 * 1:41095 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 authentication bypass attempt (server-webapp.rules)
 * 1:42285 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules)
 * 1:18077 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products CSS rendering out-of-bounds array write attempt (browser-firefox.rules)
 * 1:42376 <-> DISABLED <-> POLICY-OTHER eicar file detected (policy-other.rules)
 * 1:42375 <-> DISABLED <-> POLICY-OTHER eicar file detected (policy-other.rules)
 * 1:42374 <-> DISABLED <-> POLICY-OTHER eicar file detected (policy-other.rules)
 * 1:42373 <-> DISABLED <-> POLICY-OTHER eicar file detected (policy-other.rules)
 * 1:43598 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object type confusion remote code execution attempt (browser-ie.rules)
 * 3:44863 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0483 attack attempt (server-webapp.rules)

2990

2017-11-28 20:15:22 UTC

Snort Subscriber Rules Update

Date: 2017-11-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:45000 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails file inclusion attempt (server-webapp.rules)
 * 1:44992 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk Plus policy bypass attempt (server-webapp.rules)
 * 1:44993 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk Plus policy bypass attempt (server-webapp.rules)
 * 1:45030 <-> DISABLED <-> FILE-PDF JPEG2000 image coding style default information disclosure attempt (file-pdf.rules)
 * 1:45009 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45007 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:44998 <-> ENABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules)
 * 1:44997 <-> ENABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules)
 * 1:45001 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information leak attempt (server-webapp.rules)
 * 1:45002 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:44999 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails file inclusion attempt (server-webapp.rules)
 * 1:44996 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk Plus policy bypass attempt (server-webapp.rules)
 * 1:44994 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk Plus policy bypass attempt (server-webapp.rules)
 * 1:45003 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45004 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45005 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:44991 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products CSS rendering out-of-bounds array write attempt (browser-firefox.rules)
 * 1:45006 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45008 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45010 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45011 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45012 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45013 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45014 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45015 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45016 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45023 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules)
 * 1:45024 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules)
 * 1:45027 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules)
 * 1:45028 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules)
 * 1:45029 <-> DISABLED <-> FILE-PDF JPEG2000 image coding style default information disclosure attempt (file-pdf.rules)
 * 1:45031 <-> DISABLED <-> FILE-OTHER Adobe Acrobat JPEG2000 out of bounds buffer overflow attempt (file-other.rules)
 * 1:45032 <-> DISABLED <-> FILE-OTHER Adobe Acrobat JPEG2000 out of bounds buffer overflow attempt (file-other.rules)
 * 1:45046 <-> ENABLED <-> SERVER-OTHER Exim malformed BDAT code execution attempt (server-other.rules)
 * 1:45045 <-> DISABLED <-> FILE-PDF Adobe Reader out of bounds memory access violation attempt (file-pdf.rules)
 * 1:45044 <-> DISABLED <-> FILE-PDF Adobe Reader out of bounds memory access violation attempt (file-pdf.rules)
 * 1:45043 <-> DISABLED <-> BROWSER-OTHER Adobe Acrobat Pro WebCapture information disclosure attempt (browser-other.rules)
 * 1:45042 <-> DISABLED <-> BROWSER-OTHER Adobe Acrobat Pro WebCapture information disclosure attempt (browser-other.rules)
 * 1:45041 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules)
 * 1:45038 <-> DISABLED <-> SERVER-WEBAPP Joomla LDAP authentication plugin information disclosure exploitation attempt (server-webapp.rules)
 * 1:45039 <-> DISABLED <-> SERVER-WEBAPP Joomla LDAP authentication plugin information disclosure exploitation attempt (server-webapp.rules)
 * 1:45040 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules)
 * 1:45036 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules)
 * 1:45037 <-> DISABLED <-> SERVER-WEBAPP Joomla LDAP authentication plugin information disclosure exploitation attempt (server-webapp.rules)
 * 1:45035 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules)
 * 1:44995 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk Plus policy bypass attempt (server-webapp.rules)
 * 3:45018 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0497 attack attempt (file-image.rules)
 * 3:45026 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0489 attack attempt (file-image.rules)
 * 3:45025 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0489 attack attempt (file-image.rules)
 * 3:45019 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0490 attack attempt (file-image.rules)
 * 3:45033 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0488 attack attempt (file-image.rules)
 * 3:45034 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0488 attack attempt (file-image.rules)
 * 3:45047 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0499 attack attempt (file-image.rules)
 * 3:45021 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0491 attack attempt (file-image.rules)
 * 3:45049 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0492 attack attempt (server-webapp.rules)
 * 3:45017 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0497 attack attempt (file-image.rules)
 * 3:45022 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0491 attack attempt (file-image.rules)
 * 3:45020 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0490 attack attempt (file-image.rules)
 * 3:45048 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0499 attack attempt (file-image.rules)

Modified Rules:


 * 1:42374 <-> DISABLED <-> POLICY-OTHER eicar file detected (policy-other.rules)
 * 1:42375 <-> DISABLED <-> POLICY-OTHER eicar file detected (policy-other.rules)
 * 1:42376 <-> DISABLED <-> POLICY-OTHER eicar file detected (policy-other.rules)
 * 1:43599 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object type confusion remote code execution attempt (browser-ie.rules)
 * 1:42286 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules)
 * 1:42373 <-> DISABLED <-> POLICY-OTHER eicar file detected (policy-other.rules)
 * 1:42312 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules)
 * 1:44728 <-> DISABLED <-> INDICATOR-COMPROMISE Meterpreter payload download attempt (indicator-compromise.rules)
 * 1:41095 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 authentication bypass attempt (server-webapp.rules)
 * 1:42311 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules)
 * 1:18077 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products CSS rendering out-of-bounds array write attempt (browser-firefox.rules)
 * 1:2337 <-> DISABLED <-> PROTOCOL-TFTP PUT filename overflow attempt (protocol-tftp.rules)
 * 1:42285 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules)
 * 1:43598 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object type confusion remote code execution attempt (browser-ie.rules)
 * 3:44863 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0483 attack attempt (server-webapp.rules)

29110

2017-11-28 20:15:22 UTC

Snort Subscriber Rules Update

Date: 2017-11-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:45046 <-> ENABLED <-> SERVER-OTHER Exim malformed BDAT code execution attempt (server-other.rules)
 * 1:45045 <-> DISABLED <-> FILE-PDF Adobe Reader out of bounds memory access violation attempt (file-pdf.rules)
 * 1:45044 <-> DISABLED <-> FILE-PDF Adobe Reader out of bounds memory access violation attempt (file-pdf.rules)
 * 1:45043 <-> DISABLED <-> BROWSER-OTHER Adobe Acrobat Pro WebCapture information disclosure attempt (browser-other.rules)
 * 1:45042 <-> DISABLED <-> BROWSER-OTHER Adobe Acrobat Pro WebCapture information disclosure attempt (browser-other.rules)
 * 1:45041 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules)
 * 1:45040 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules)
 * 1:45039 <-> DISABLED <-> SERVER-WEBAPP Joomla LDAP authentication plugin information disclosure exploitation attempt (server-webapp.rules)
 * 1:45038 <-> DISABLED <-> SERVER-WEBAPP Joomla LDAP authentication plugin information disclosure exploitation attempt (server-webapp.rules)
 * 1:45037 <-> DISABLED <-> SERVER-WEBAPP Joomla LDAP authentication plugin information disclosure exploitation attempt (server-webapp.rules)
 * 1:45036 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules)
 * 1:45035 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules)
 * 1:45032 <-> DISABLED <-> FILE-OTHER Adobe Acrobat JPEG2000 out of bounds buffer overflow attempt (file-other.rules)
 * 1:45031 <-> DISABLED <-> FILE-OTHER Adobe Acrobat JPEG2000 out of bounds buffer overflow attempt (file-other.rules)
 * 1:45030 <-> DISABLED <-> FILE-PDF JPEG2000 image coding style default information disclosure attempt (file-pdf.rules)
 * 1:45029 <-> DISABLED <-> FILE-PDF JPEG2000 image coding style default information disclosure attempt (file-pdf.rules)
 * 1:45028 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules)
 * 1:45027 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules)
 * 1:45024 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules)
 * 1:45023 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules)
 * 1:45016 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45015 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45014 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45013 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45012 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45011 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45010 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45009 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45008 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45007 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45006 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45005 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45004 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45003 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45002 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45001 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information leak attempt (server-webapp.rules)
 * 1:45000 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails file inclusion attempt (server-webapp.rules)
 * 1:44999 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails file inclusion attempt (server-webapp.rules)
 * 1:44998 <-> ENABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules)
 * 1:44997 <-> ENABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules)
 * 1:44996 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk Plus policy bypass attempt (server-webapp.rules)
 * 1:44995 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk Plus policy bypass attempt (server-webapp.rules)
 * 1:44994 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk Plus policy bypass attempt (server-webapp.rules)
 * 1:44993 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk Plus policy bypass attempt (server-webapp.rules)
 * 1:44992 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk Plus policy bypass attempt (server-webapp.rules)
 * 1:44991 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products CSS rendering out-of-bounds array write attempt (browser-firefox.rules)
 * 3:45017 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0497 attack attempt (file-image.rules)
 * 3:45018 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0497 attack attempt (file-image.rules)
 * 3:45019 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0490 attack attempt (file-image.rules)
 * 3:45020 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0490 attack attempt (file-image.rules)
 * 3:45021 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0491 attack attempt (file-image.rules)
 * 3:45022 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0491 attack attempt (file-image.rules)
 * 3:45025 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0489 attack attempt (file-image.rules)
 * 3:45026 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0489 attack attempt (file-image.rules)
 * 3:45033 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0488 attack attempt (file-image.rules)
 * 3:45034 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0488 attack attempt (file-image.rules)
 * 3:45047 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0499 attack attempt (file-image.rules)
 * 3:45048 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0499 attack attempt (file-image.rules)
 * 3:45049 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0492 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:42376 <-> DISABLED <-> POLICY-OTHER eicar file detected (policy-other.rules)
 * 1:42375 <-> DISABLED <-> POLICY-OTHER eicar file detected (policy-other.rules)
 * 1:42373 <-> DISABLED <-> POLICY-OTHER eicar file detected (policy-other.rules)
 * 1:42374 <-> DISABLED <-> POLICY-OTHER eicar file detected (policy-other.rules)
 * 1:43599 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object type confusion remote code execution attempt (browser-ie.rules)
 * 1:44728 <-> DISABLED <-> INDICATOR-COMPROMISE Meterpreter payload download attempt (indicator-compromise.rules)
 * 1:18077 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products CSS rendering out-of-bounds array write attempt (browser-firefox.rules)
 * 1:2337 <-> DISABLED <-> PROTOCOL-TFTP PUT filename overflow attempt (protocol-tftp.rules)
 * 1:41095 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 authentication bypass attempt (server-webapp.rules)
 * 1:42285 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules)
 * 1:42286 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules)
 * 1:42311 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules)
 * 1:42312 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules)
 * 1:43598 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object type confusion remote code execution attempt (browser-ie.rules)
 * 3:44863 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0483 attack attempt (server-webapp.rules)