Talos Rules 2018-10-16
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-ie, exploit-kit, file-image, file-other, malware-backdoor, malware-cnc, policy-other, protocol-voip and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2018-10-16 13:33:08 UTC

Snort Subscriber Rules Update

Date: 2018-10-16

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:48169 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48158 <-> DISABLED <-> FILE-OTHER WECON LeviStudio UMP file stack buffer overflow attempt (file-other.rules)
 * 1:48155 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules)
 * 1:48153 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules)
 * 1:48148 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules)
 * 1:48157 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules)
 * 1:48147 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules)
 * 1:48152 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules)
 * 1:48151 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules)
 * 1:48163 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox escape attempt (browser-ie.rules)
 * 1:48156 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules)
 * 1:48166 <-> DISABLED <-> SERVER-WEBAPP Joomla Component Swap Factory SQL injection attempt (server-webapp.rules)
 * 1:48143 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt (server-webapp.rules)
 * 1:48161 <-> DISABLED <-> SERVER-WEBAPP Joomba component Article Factory Manager SQL injection attempt (server-webapp.rules)
 * 1:48145 <-> DISABLED <-> FILE-OTHER McAfee True Key dll-load exploit attempt (file-other.rules)
 * 1:48142 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt (server-webapp.rules)
 * 1:48159 <-> DISABLED <-> FILE-OTHER WECON LeviStudio UMP file stack buffer overflow attempt (file-other.rules)
 * 1:48146 <-> DISABLED <-> MALWARE-BACKDOOR Rebhip variant runtime detection (malware-backdoor.rules)
 * 1:48149 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules)
 * 1:48144 <-> DISABLED <-> FILE-OTHER McAfee True Key dll-load exploit attempt (file-other.rules)
 * 1:48162 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox escape attempt (browser-ie.rules)
 * 1:48141 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt (server-webapp.rules)
 * 1:48167 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48171 <-> DISABLED <-> SERVER-WEBAPP Joomla Component eXtroForms SQL injection attempt (server-webapp.rules)
 * 1:48170 <-> DISABLED <-> SERVER-WEBAPP Joomla Component eXtroForms SQL injection attempt (server-webapp.rules)
 * 1:48164 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center FileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:48168 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48160 <-> DISABLED <-> POLICY-OTHER Infrasightlabs vScopeServer admin user creation attempt (policy-other.rules)
 * 1:48165 <-> DISABLED <-> SERVER-WEBAPP Joomla Component Swap Factory SQL injection attempt (server-webapp.rules)
 * 1:48150 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules)
 * 1:48154 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules)

Modified Rules:


 * 1:32382 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS SRTP extension parsing denial-of-service attempt (server-other.rules)
 * 1:12004 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules)
 * 1:30730 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules)
 * 1:12002 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules)
 * 1:31180 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (server-other.rules)
 * 1:30729 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules)
 * 1:45578 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP options request denial of service attempt (protocol-voip.rules)
 * 1:30727 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules)
 * 1:30731 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules)
 * 1:45577 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP invite request denial of service attempt (protocol-voip.rules)
 * 1:45579 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP subscribe request denial of service attempt (protocol-voip.rules)
 * 1:48134 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (file-image.rules)
 * 1:38778 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (file-other.rules)
 * 1:30728 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules)
 * 1:28238 <-> DISABLED <-> EXPLOIT-KIT Multiple exploit kits malicious pdf download (exploit-kit.rules)
 * 1:30733 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules)
 * 1:20400 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules)
 * 1:27901 <-> DISABLED <-> PROTOCOL-VOIP Ghost call attack attempt (protocol-voip.rules)
 * 1:19389 <-> DISABLED <-> PROTOCOL-VOIP REGISTER flood (protocol-voip.rules)
 * 1:27900 <-> DISABLED <-> PROTOCOL-VOIP Excessive number of SIP 4xx responses potential user or password guessing attempt (protocol-voip.rules)
 * 1:20398 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules)
 * 1:25799 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit pdf request (exploit-kit.rules)
 * 1:27899 <-> DISABLED <-> PROTOCOL-VOIP Possible SIP OPTIONS service information gathering attempt (protocol-voip.rules)
 * 1:30734 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules)
 * 1:38779 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (file-other.rules)
 * 1:12003 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules)
 * 1:20402 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules)
 * 1:30732 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules)
 * 1:20396 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood attempt (protocol-voip.rules)
 * 1:31181 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (server-other.rules)

2018-10-16 13:33:08 UTC

Snort Subscriber Rules Update

Date: 2018-10-16

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:48164 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center FileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:48171 <-> DISABLED <-> SERVER-WEBAPP Joomla Component eXtroForms SQL injection attempt (server-webapp.rules)
 * 1:48161 <-> DISABLED <-> SERVER-WEBAPP Joomba component Article Factory Manager SQL injection attempt (server-webapp.rules)
 * 1:48146 <-> DISABLED <-> MALWARE-BACKDOOR Rebhip variant runtime detection (malware-backdoor.rules)
 * 1:48169 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48165 <-> DISABLED <-> SERVER-WEBAPP Joomla Component Swap Factory SQL injection attempt (server-webapp.rules)
 * 1:48151 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules)
 * 1:48167 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48150 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules)
 * 1:48170 <-> DISABLED <-> SERVER-WEBAPP Joomla Component eXtroForms SQL injection attempt (server-webapp.rules)
 * 1:48168 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48153 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules)
 * 1:48158 <-> DISABLED <-> FILE-OTHER WECON LeviStudio UMP file stack buffer overflow attempt (file-other.rules)
 * 1:48162 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox escape attempt (browser-ie.rules)
 * 1:48156 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules)
 * 1:48147 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules)
 * 1:48144 <-> DISABLED <-> FILE-OTHER McAfee True Key dll-load exploit attempt (file-other.rules)
 * 1:48157 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules)
 * 1:48159 <-> DISABLED <-> FILE-OTHER WECON LeviStudio UMP file stack buffer overflow attempt (file-other.rules)
 * 1:48149 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules)
 * 1:48148 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules)
 * 1:48143 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt (server-webapp.rules)
 * 1:48160 <-> DISABLED <-> POLICY-OTHER Infrasightlabs vScopeServer admin user creation attempt (policy-other.rules)
 * 1:48142 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt (server-webapp.rules)
 * 1:48166 <-> DISABLED <-> SERVER-WEBAPP Joomla Component Swap Factory SQL injection attempt (server-webapp.rules)
 * 1:48145 <-> DISABLED <-> FILE-OTHER McAfee True Key dll-load exploit attempt (file-other.rules)
 * 1:48141 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt (server-webapp.rules)
 * 1:48155 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules)
 * 1:48154 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules)
 * 1:48163 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox escape attempt (browser-ie.rules)
 * 1:48152 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules)

Modified Rules:


 * 1:45578 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP options request denial of service attempt (protocol-voip.rules)
 * 1:31180 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (server-other.rules)
 * 1:45577 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP invite request denial of service attempt (protocol-voip.rules)
 * 1:48134 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (file-image.rules)
 * 1:45579 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP subscribe request denial of service attempt (protocol-voip.rules)
 * 1:38778 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (file-other.rules)
 * 1:12002 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules)
 * 1:12003 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules)
 * 1:38779 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (file-other.rules)
 * 1:12004 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules)
 * 1:19389 <-> DISABLED <-> PROTOCOL-VOIP REGISTER flood (protocol-voip.rules)
 * 1:20396 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood attempt (protocol-voip.rules)
 * 1:20398 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules)
 * 1:20400 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules)
 * 1:20402 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules)
 * 1:25799 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit pdf request (exploit-kit.rules)
 * 1:27899 <-> DISABLED <-> PROTOCOL-VOIP Possible SIP OPTIONS service information gathering attempt (protocol-voip.rules)
 * 1:27900 <-> DISABLED <-> PROTOCOL-VOIP Excessive number of SIP 4xx responses potential user or password guessing attempt (protocol-voip.rules)
 * 1:27901 <-> DISABLED <-> PROTOCOL-VOIP Ghost call attack attempt (protocol-voip.rules)
 * 1:28238 <-> DISABLED <-> EXPLOIT-KIT Multiple exploit kits malicious pdf download (exploit-kit.rules)
 * 1:30727 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules)
 * 1:30728 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules)
 * 1:30729 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules)
 * 1:30730 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules)
 * 1:30731 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules)
 * 1:30732 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules)
 * 1:31181 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (server-other.rules)
 * 1:30733 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules)
 * 1:30734 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules)
 * 1:32382 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS SRTP extension parsing denial-of-service attempt (server-other.rules)

2018-10-16 13:33:08 UTC

Snort Subscriber Rules Update

Date: 2018-10-16

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:48167 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (snort3-server-other.rules)
 * 1:48166 <-> DISABLED <-> SERVER-WEBAPP Joomla Component Swap Factory SQL injection attempt (snort3-server-webapp.rules)
 * 1:48170 <-> DISABLED <-> SERVER-WEBAPP Joomla Component eXtroForms SQL injection attempt (snort3-server-webapp.rules)
 * 1:48169 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (snort3-server-other.rules)
 * 1:48163 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox escape attempt (snort3-browser-ie.rules)
 * 1:48164 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center FileDownloadServlet directory traversal attempt (snort3-server-webapp.rules)
 * 1:48141 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt (snort3-server-webapp.rules)
 * 1:48168 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (snort3-server-other.rules)
 * 1:48142 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt (snort3-server-webapp.rules)
 * 1:48143 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt (snort3-server-webapp.rules)
 * 1:48144 <-> DISABLED <-> FILE-OTHER McAfee True Key dll-load exploit attempt (snort3-file-other.rules)
 * 1:48145 <-> DISABLED <-> FILE-OTHER McAfee True Key dll-load exploit attempt (snort3-file-other.rules)
 * 1:48146 <-> DISABLED <-> MALWARE-BACKDOOR Rebhip variant runtime detection (snort3-malware-backdoor.rules)
 * 1:48147 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (snort3-malware-cnc.rules)
 * 1:48148 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (snort3-malware-cnc.rules)
 * 1:48149 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (snort3-malware-cnc.rules)
 * 1:48150 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (snort3-malware-cnc.rules)
 * 1:48151 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (snort3-malware-cnc.rules)
 * 1:48152 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (snort3-malware-cnc.rules)
 * 1:48153 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (snort3-malware-cnc.rules)
 * 1:48154 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (snort3-malware-cnc.rules)
 * 1:48155 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (snort3-malware-cnc.rules)
 * 1:48156 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (snort3-malware-cnc.rules)
 * 1:48157 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (snort3-malware-cnc.rules)
 * 1:48171 <-> DISABLED <-> SERVER-WEBAPP Joomla Component eXtroForms SQL injection attempt (snort3-server-webapp.rules)
 * 1:48158 <-> DISABLED <-> FILE-OTHER WECON LeviStudio UMP file stack buffer overflow attempt (snort3-file-other.rules)
 * 1:48159 <-> DISABLED <-> FILE-OTHER WECON LeviStudio UMP file stack buffer overflow attempt (snort3-file-other.rules)
 * 1:48160 <-> DISABLED <-> POLICY-OTHER Infrasightlabs vScopeServer admin user creation attempt (snort3-policy-other.rules)
 * 1:48161 <-> DISABLED <-> SERVER-WEBAPP Joomba component Article Factory Manager SQL injection attempt (snort3-server-webapp.rules)
 * 1:48162 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox escape attempt (snort3-browser-ie.rules)
 * 1:48165 <-> DISABLED <-> SERVER-WEBAPP Joomla Component Swap Factory SQL injection attempt (snort3-server-webapp.rules)

Modified Rules:


 * 1:45578 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP options request denial of service attempt (snort3-protocol-voip.rules)
 * 1:28238 <-> DISABLED <-> EXPLOIT-KIT Multiple exploit kits malicious pdf download (snort3-exploit-kit.rules)
 * 1:27901 <-> DISABLED <-> PROTOCOL-VOIP Ghost call attack attempt (snort3-protocol-voip.rules)
 * 1:30733 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (snort3-server-other.rules)
 * 1:30732 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (snort3-server-other.rules)
 * 1:25799 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit pdf request (snort3-exploit-kit.rules)
 * 1:20402 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (snort3-protocol-voip.rules)
 * 1:30729 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (snort3-server-other.rules)
 * 1:30728 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (snort3-server-other.rules)
 * 1:30727 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (snort3-server-other.rules)
 * 1:20396 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood attempt (snort3-protocol-voip.rules)
 * 1:38779 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (snort3-file-other.rules)
 * 1:45579 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP subscribe request denial of service attempt (snort3-protocol-voip.rules)
 * 1:19389 <-> DISABLED <-> PROTOCOL-VOIP REGISTER flood (snort3-protocol-voip.rules)
 * 1:27900 <-> DISABLED <-> PROTOCOL-VOIP Excessive number of SIP 4xx responses potential user or password guessing attempt (snort3-protocol-voip.rules)
 * 1:27899 <-> DISABLED <-> PROTOCOL-VOIP Possible SIP OPTIONS service information gathering attempt (snort3-protocol-voip.rules)
 * 1:45577 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP invite request denial of service attempt (snort3-protocol-voip.rules)
 * 1:38778 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (snort3-file-other.rules)
 * 1:48134 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (snort3-file-image.rules)
 * 1:30734 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (snort3-server-other.rules)
 * 1:30731 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (snort3-server-other.rules)
 * 1:30730 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (snort3-server-other.rules)
 * 1:12004 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (snort3-protocol-voip.rules)
 * 1:20398 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (snort3-protocol-voip.rules)
 * 1:12002 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (snort3-protocol-voip.rules)
 * 1:20400 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (snort3-protocol-voip.rules)
 * 1:31181 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (snort3-server-other.rules)
 * 1:32382 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS SRTP extension parsing denial-of-service attempt (snort3-server-other.rules)
 * 1:12003 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (snort3-protocol-voip.rules)
 * 1:31180 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (snort3-server-other.rules)

2018-10-16 13:33:08 UTC

Snort Subscriber Rules Update

Date: 2018-10-16

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:48166 <-> DISABLED <-> SERVER-WEBAPP Joomla Component Swap Factory SQL injection attempt (server-webapp.rules)
 * 1:48164 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center FileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:48169 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48167 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48171 <-> DISABLED <-> SERVER-WEBAPP Joomla Component eXtroForms SQL injection attempt (server-webapp.rules)
 * 1:48170 <-> DISABLED <-> SERVER-WEBAPP Joomla Component eXtroForms SQL injection attempt (server-webapp.rules)
 * 1:48168 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48163 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox escape attempt (browser-ie.rules)
 * 1:48165 <-> DISABLED <-> SERVER-WEBAPP Joomla Component Swap Factory SQL injection attempt (server-webapp.rules)
 * 1:48159 <-> DISABLED <-> FILE-OTHER WECON LeviStudio UMP file stack buffer overflow attempt (file-other.rules)
 * 1:48162 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox escape attempt (browser-ie.rules)
 * 1:48155 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules)
 * 1:48160 <-> DISABLED <-> POLICY-OTHER Infrasightlabs vScopeServer admin user creation attempt (policy-other.rules)
 * 1:48161 <-> DISABLED <-> SERVER-WEBAPP Joomba component Article Factory Manager SQL injection attempt (server-webapp.rules)
 * 1:48158 <-> DISABLED <-> FILE-OTHER WECON LeviStudio UMP file stack buffer overflow attempt (file-other.rules)
 * 1:48151 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules)
 * 1:48157 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules)
 * 1:48156 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules)
 * 1:48154 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules)
 * 1:48147 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules)
 * 1:48152 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules)
 * 1:48153 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules)
 * 1:48150 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules)
 * 1:48143 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt (server-webapp.rules)
 * 1:48148 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules)
 * 1:48149 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules)
 * 1:48146 <-> DISABLED <-> MALWARE-BACKDOOR Rebhip variant runtime detection (malware-backdoor.rules)
 * 1:48144 <-> DISABLED <-> FILE-OTHER McAfee True Key dll-load exploit attempt (file-other.rules)
 * 1:48145 <-> DISABLED <-> FILE-OTHER McAfee True Key dll-load exploit attempt (file-other.rules)
 * 1:48142 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt (server-webapp.rules)
 * 1:48141 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:12003 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules)
 * 1:12002 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules)
 * 1:20398 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules)
 * 1:38778 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (file-other.rules)
 * 1:38779 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (file-other.rules)
 * 1:45578 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP options request denial of service attempt (protocol-voip.rules)
 * 1:45579 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP subscribe request denial of service attempt (protocol-voip.rules)
 * 1:48134 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (file-image.rules)
 * 1:45577 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP invite request denial of service attempt (protocol-voip.rules)
 * 1:20402 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules)
 * 1:27899 <-> DISABLED <-> PROTOCOL-VOIP Possible SIP OPTIONS service information gathering attempt (protocol-voip.rules)
 * 1:25799 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit pdf request (exploit-kit.rules)
 * 1:27901 <-> DISABLED <-> PROTOCOL-VOIP Ghost call attack attempt (protocol-voip.rules)
 * 1:28238 <-> DISABLED <-> EXPLOIT-KIT Multiple exploit kits malicious pdf download (exploit-kit.rules)
 * 1:30727 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules)
 * 1:20400 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules)
 * 1:30729 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules)
 * 1:30730 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules)
 * 1:30731 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules)
 * 1:27900 <-> DISABLED <-> PROTOCOL-VOIP Excessive number of SIP 4xx responses potential user or password guessing attempt (protocol-voip.rules)
 * 1:30732 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules)
 * 1:30733 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules)
 * 1:30734 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules)
 * 1:30728 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules)
 * 1:31181 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (server-other.rules)
 * 1:32382 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS SRTP extension parsing denial-of-service attempt (server-other.rules)
 * 1:20396 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood attempt (protocol-voip.rules)
 * 1:31180 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (server-other.rules)
 * 1:19389 <-> DISABLED <-> PROTOCOL-VOIP REGISTER flood (protocol-voip.rules)
 * 1:12004 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules)

2018-10-16 13:33:08 UTC

Snort Subscriber Rules Update

Date: 2018-10-16

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:48163 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox escape attempt (browser-ie.rules)
 * 1:48171 <-> DISABLED <-> SERVER-WEBAPP Joomla Component eXtroForms SQL injection attempt (server-webapp.rules)
 * 1:48170 <-> DISABLED <-> SERVER-WEBAPP Joomla Component eXtroForms SQL injection attempt (server-webapp.rules)
 * 1:48169 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48168 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48166 <-> DISABLED <-> SERVER-WEBAPP Joomla Component Swap Factory SQL injection attempt (server-webapp.rules)
 * 1:48157 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules)
 * 1:48158 <-> DISABLED <-> FILE-OTHER WECON LeviStudio UMP file stack buffer overflow attempt (file-other.rules)
 * 1:48159 <-> DISABLED <-> FILE-OTHER WECON LeviStudio UMP file stack buffer overflow attempt (file-other.rules)
 * 1:48160 <-> DISABLED <-> POLICY-OTHER Infrasightlabs vScopeServer admin user creation attempt (policy-other.rules)
 * 1:48155 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules)
 * 1:48156 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules)
 * 1:48153 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules)
 * 1:48154 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules)
 * 1:48151 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules)
 * 1:48152 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules)
 * 1:48149 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules)
 * 1:48150 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules)
 * 1:48147 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules)
 * 1:48148 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules)
 * 1:48145 <-> DISABLED <-> FILE-OTHER McAfee True Key dll-load exploit attempt (file-other.rules)
 * 1:48146 <-> DISABLED <-> MALWARE-BACKDOOR Rebhip variant runtime detection (malware-backdoor.rules)
 * 1:48143 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt (server-webapp.rules)
 * 1:48144 <-> DISABLED <-> FILE-OTHER McAfee True Key dll-load exploit attempt (file-other.rules)
 * 1:48141 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt (server-webapp.rules)
 * 1:48142 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt (server-webapp.rules)
 * 1:48164 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center FileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:48161 <-> DISABLED <-> SERVER-WEBAPP Joomba component Article Factory Manager SQL injection attempt (server-webapp.rules)
 * 1:48165 <-> DISABLED <-> SERVER-WEBAPP Joomla Component Swap Factory SQL injection attempt (server-webapp.rules)
 * 1:48162 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox escape attempt (browser-ie.rules)
 * 1:48167 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)

Modified Rules:


 * 1:32382 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS SRTP extension parsing denial-of-service attempt (server-other.rules)
 * 1:38779 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (file-other.rules)
 * 1:45578 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP options request denial of service attempt (protocol-voip.rules)
 * 1:45577 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP invite request denial of service attempt (protocol-voip.rules)
 * 1:45579 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP subscribe request denial of service attempt (protocol-voip.rules)
 * 1:48134 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (file-image.rules)
 * 1:30729 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules)
 * 1:30730 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules)
 * 1:30727 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules)
 * 1:30728 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules)
 * 1:27901 <-> DISABLED <-> PROTOCOL-VOIP Ghost call attack attempt (protocol-voip.rules)
 * 1:28238 <-> DISABLED <-> EXPLOIT-KIT Multiple exploit kits malicious pdf download (exploit-kit.rules)
 * 1:27899 <-> DISABLED <-> PROTOCOL-VOIP Possible SIP OPTIONS service information gathering attempt (protocol-voip.rules)
 * 1:27900 <-> DISABLED <-> PROTOCOL-VOIP Excessive number of SIP 4xx responses potential user or password guessing attempt (protocol-voip.rules)
 * 1:20402 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules)
 * 1:25799 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit pdf request (exploit-kit.rules)
 * 1:20398 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules)
 * 1:20400 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules)
 * 1:19389 <-> DISABLED <-> PROTOCOL-VOIP REGISTER flood (protocol-voip.rules)
 * 1:20396 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood attempt (protocol-voip.rules)
 * 1:12003 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules)
 * 1:30733 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules)
 * 1:12004 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules)
 * 1:12002 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules)
 * 1:30734 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules)
 * 1:38778 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (file-other.rules)
 * 1:31181 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (server-other.rules)
 * 1:30731 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules)
 * 1:31180 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (server-other.rules)
 * 1:30732 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules)

2018-10-16 13:33:08 UTC

Snort Subscriber Rules Update

Date: 2018-10-16

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:48156 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules)
 * 1:48155 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules)
 * 1:48154 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules)
 * 1:48153 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules)
 * 1:48152 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules)
 * 1:48151 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules)
 * 1:48150 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules)
 * 1:48149 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules)
 * 1:48148 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules)
 * 1:48147 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules)
 * 1:48146 <-> DISABLED <-> MALWARE-BACKDOOR Rebhip variant runtime detection (malware-backdoor.rules)
 * 1:48145 <-> DISABLED <-> FILE-OTHER McAfee True Key dll-load exploit attempt (file-other.rules)
 * 1:48144 <-> DISABLED <-> FILE-OTHER McAfee True Key dll-load exploit attempt (file-other.rules)
 * 1:48143 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt (server-webapp.rules)
 * 1:48142 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt (server-webapp.rules)
 * 1:48141 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt (server-webapp.rules)
 * 1:48171 <-> DISABLED <-> SERVER-WEBAPP Joomla Component eXtroForms SQL injection attempt (server-webapp.rules)
 * 1:48170 <-> DISABLED <-> SERVER-WEBAPP Joomla Component eXtroForms SQL injection attempt (server-webapp.rules)
 * 1:48169 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48168 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48167 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48166 <-> DISABLED <-> SERVER-WEBAPP Joomla Component Swap Factory SQL injection attempt (server-webapp.rules)
 * 1:48165 <-> DISABLED <-> SERVER-WEBAPP Joomla Component Swap Factory SQL injection attempt (server-webapp.rules)
 * 1:48164 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center FileDownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:48163 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox escape attempt (browser-ie.rules)
 * 1:48162 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox escape attempt (browser-ie.rules)
 * 1:48161 <-> DISABLED <-> SERVER-WEBAPP Joomba component Article Factory Manager SQL injection attempt (server-webapp.rules)
 * 1:48160 <-> DISABLED <-> POLICY-OTHER Infrasightlabs vScopeServer admin user creation attempt (policy-other.rules)
 * 1:48159 <-> DISABLED <-> FILE-OTHER WECON LeviStudio UMP file stack buffer overflow attempt (file-other.rules)
 * 1:48158 <-> DISABLED <-> FILE-OTHER WECON LeviStudio UMP file stack buffer overflow attempt (file-other.rules)
 * 1:48157 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules)

Modified Rules:


 * 1:32382 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS SRTP extension parsing denial-of-service attempt (server-other.rules)
 * 1:48134 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (file-image.rules)
 * 1:12002 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules)
 * 1:12003 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules)
 * 1:12004 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules)
 * 1:19389 <-> DISABLED <-> PROTOCOL-VOIP REGISTER flood (protocol-voip.rules)
 * 1:20396 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood attempt (protocol-voip.rules)
 * 1:20398 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules)
 * 1:20400 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules)
 * 1:20402 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules)
 * 1:25799 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit pdf request (exploit-kit.rules)
 * 1:27899 <-> DISABLED <-> PROTOCOL-VOIP Possible SIP OPTIONS service information gathering attempt (protocol-voip.rules)
 * 1:27900 <-> DISABLED <-> PROTOCOL-VOIP Excessive number of SIP 4xx responses potential user or password guessing attempt (protocol-voip.rules)
 * 1:27901 <-> DISABLED <-> PROTOCOL-VOIP Ghost call attack attempt (protocol-voip.rules)
 * 1:28238 <-> DISABLED <-> EXPLOIT-KIT Multiple exploit kits malicious pdf download (exploit-kit.rules)
 * 1:30727 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules)
 * 1:30728 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules)
 * 1:30729 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules)
 * 1:30730 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules)
 * 1:30731 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules)
 * 1:30732 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules)
 * 1:30733 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules)
 * 1:30734 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules)
 * 1:38778 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (file-other.rules)
 * 1:38779 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (file-other.rules)
 * 1:45578 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP options request denial of service attempt (protocol-voip.rules)
 * 1:45577 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP invite request denial of service attempt (protocol-voip.rules)
 * 1:45579 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP subscribe request denial of service attempt (protocol-voip.rules)
 * 1:31180 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (server-other.rules)
 * 1:31181 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (server-other.rules)