Talos Rules 2019-01-31
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the file-office, file-other, malware-cnc, malware-other, os-windows and server-other rule sets to provide coverage for emerging threats from these technologies.

Change logs

2019-01-31 22:33:39 UTC

Snort Subscriber Rules Update

Date: 2019-01-31

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:49080 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules)
 * 1:49076 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules)
 * 1:49071 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Anatova variant detected (malware-other.rules)
 * 1:49079 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules)
 * 1:49049 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:49072 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Anatova variant network share encryption attempt (malware-other.rules)
 * 1:49073 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules)
 * 1:49068 <-> ENABLED <-> MALWARE-CNC Win.Doc.Dropper GandCrab ramsomware download attempt (malware-cnc.rules)
 * 1:49078 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules)
 * 1:49077 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules)
 * 1:49070 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Anatova variant detected (malware-other.rules)
 * 1:49054 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules)
 * 1:49062 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules)
 * 1:49050 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC S7-1500 remote denial of service attempt (protocol-scada.rules)
 * 1:49051 <-> DISABLED <-> SERVER-OTHER Ewon router default credential login attempt (server-other.rules)
 * 1:49053 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules)
 * 1:49052 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules)
 * 1:49063 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules)
 * 1:49055 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules)
 * 1:49056 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules)
 * 1:49057 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules)
 * 1:49058 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules)
 * 1:49060 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules)
 * 1:49059 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules)
 * 1:49061 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules)
 * 1:49064 <-> DISABLED <-> SERVER-OTHER Westermo router default credential login attempt (server-other.rules)
 * 1:49065 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner getSystemState attempt (server-other.rules)
 * 1:49066 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner fingerprinting attempt (server-other.rules)
 * 1:49048 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:49067 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner fingerprinting attempt (server-other.rules)
 * 1:49074 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules)
 * 1:49069 <-> ENABLED <-> MALWARE-CNC Win.Doc.Dropper GandCrab ramsomware download attempt (malware-cnc.rules)
 * 1:49075 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules)

Modified Rules:


 * 1:48785 <-> DISABLED <-> SERVER-OTHER SQLite FTS integer overflow attempt (server-other.rules)
 * 1:48786 <-> DISABLED <-> SERVER-OTHER SQLite FTS integer overflow attempt (server-other.rules)
 * 1:49041 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt (os-windows.rules)
 * 1:49040 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt (os-windows.rules)

2019-01-31 22:33:39 UTC

Snort Subscriber Rules Update

Date: 2019-01-31

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:49075 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules)
 * 1:49080 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules)
 * 1:49073 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules)
 * 1:49049 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:49048 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:49055 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules)
 * 1:49078 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules)
 * 1:49079 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules)
 * 1:49070 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Anatova variant detected (malware-other.rules)
 * 1:49057 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules)
 * 1:49058 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules)
 * 1:49059 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules)
 * 1:49060 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules)
 * 1:49061 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules)
 * 1:49062 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules)
 * 1:49063 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules)
 * 1:49065 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner getSystemState attempt (server-other.rules)
 * 1:49064 <-> DISABLED <-> SERVER-OTHER Westermo router default credential login attempt (server-other.rules)
 * 1:49066 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner fingerprinting attempt (server-other.rules)
 * 1:49054 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules)
 * 1:49056 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules)
 * 1:49067 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner fingerprinting attempt (server-other.rules)
 * 1:49068 <-> ENABLED <-> MALWARE-CNC Win.Doc.Dropper GandCrab ramsomware download attempt (malware-cnc.rules)
 * 1:49069 <-> ENABLED <-> MALWARE-CNC Win.Doc.Dropper GandCrab ramsomware download attempt (malware-cnc.rules)
 * 1:49050 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC S7-1500 remote denial of service attempt (protocol-scada.rules)
 * 1:49051 <-> DISABLED <-> SERVER-OTHER Ewon router default credential login attempt (server-other.rules)
 * 1:49072 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Anatova variant network share encryption attempt (malware-other.rules)
 * 1:49077 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules)
 * 1:49074 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules)
 * 1:49076 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules)
 * 1:49052 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules)
 * 1:49053 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules)
 * 1:49071 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Anatova variant detected (malware-other.rules)

Modified Rules:


 * 1:48785 <-> DISABLED <-> SERVER-OTHER SQLite FTS integer overflow attempt (server-other.rules)
 * 1:49041 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt (os-windows.rules)
 * 1:48786 <-> DISABLED <-> SERVER-OTHER SQLite FTS integer overflow attempt (server-other.rules)
 * 1:49040 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt (os-windows.rules)

2019-01-31 22:33:39 UTC

Snort Subscriber Rules Update

Date: 2019-01-31

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:49075 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (snort3-file-other.rules)
 * 1:49048 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (snort3-file-office.rules)
 * 1:49071 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Anatova variant detected (snort3-malware-other.rules)
 * 1:49080 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (snort3-file-other.rules)
 * 1:49050 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC S7-1500 remote denial of service attempt (snort3-protocol-scada.rules)
 * 1:49079 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (snort3-file-other.rules)
 * 1:49076 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (snort3-file-other.rules)
 * 1:49077 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (snort3-file-other.rules)
 * 1:49078 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (snort3-file-other.rules)
 * 1:49051 <-> DISABLED <-> SERVER-OTHER Ewon router default credential login attempt (snort3-server-other.rules)
 * 1:49052 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (snort3-server-other.rules)
 * 1:49053 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (snort3-server-other.rules)
 * 1:49049 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (snort3-file-office.rules)
 * 1:49054 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (snort3-server-other.rules)
 * 1:49070 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Anatova variant detected (snort3-malware-other.rules)
 * 1:49068 <-> ENABLED <-> MALWARE-CNC Win.Doc.Dropper GandCrab ramsomware download attempt (snort3-malware-cnc.rules)
 * 1:49069 <-> ENABLED <-> MALWARE-CNC Win.Doc.Dropper GandCrab ramsomware download attempt (snort3-malware-cnc.rules)
 * 1:49066 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner fingerprinting attempt (snort3-server-other.rules)
 * 1:49067 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner fingerprinting attempt (snort3-server-other.rules)
 * 1:49064 <-> DISABLED <-> SERVER-OTHER Westermo router default credential login attempt (snort3-server-other.rules)
 * 1:49065 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner getSystemState attempt (snort3-server-other.rules)
 * 1:49063 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (snort3-server-other.rules)
 * 1:49062 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (snort3-server-other.rules)
 * 1:49060 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (snort3-server-other.rules)
 * 1:49061 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (snort3-server-other.rules)
 * 1:49058 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (snort3-server-other.rules)
 * 1:49059 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (snort3-server-other.rules)
 * 1:49056 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (snort3-server-other.rules)
 * 1:49057 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (snort3-server-other.rules)
 * 1:49055 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (snort3-server-other.rules)
 * 1:49074 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (snort3-file-other.rules)
 * 1:49072 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Anatova variant network share encryption attempt (snort3-malware-other.rules)
 * 1:49073 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (snort3-file-other.rules)

Modified Rules:


 * 1:48785 <-> DISABLED <-> SERVER-OTHER SQLite FTS integer overflow attempt (snort3-server-other.rules)
 * 1:49041 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt (snort3-os-windows.rules)
 * 1:48786 <-> DISABLED <-> SERVER-OTHER SQLite FTS integer overflow attempt (snort3-server-other.rules)
 * 1:49040 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt (snort3-os-windows.rules)

2019-01-31 22:33:39 UTC

Snort Subscriber Rules Update

Date: 2019-01-31

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:49048 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:49074 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules)
 * 1:49050 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC S7-1500 remote denial of service attempt (protocol-scada.rules)
 * 1:49052 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules)
 * 1:49053 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules)
 * 1:49080 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules)
 * 1:49079 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules)
 * 1:49078 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules)
 * 1:49077 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules)
 * 1:49049 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:49076 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules)
 * 1:49075 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules)
 * 1:49051 <-> DISABLED <-> SERVER-OTHER Ewon router default credential login attempt (server-other.rules)
 * 1:49054 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules)
 * 1:49073 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules)
 * 1:49071 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Anatova variant detected (malware-other.rules)
 * 1:49072 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Anatova variant network share encryption attempt (malware-other.rules)
 * 1:49069 <-> ENABLED <-> MALWARE-CNC Win.Doc.Dropper GandCrab ramsomware download attempt (malware-cnc.rules)
 * 1:49070 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Anatova variant detected (malware-other.rules)
 * 1:49067 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner fingerprinting attempt (server-other.rules)
 * 1:49068 <-> ENABLED <-> MALWARE-CNC Win.Doc.Dropper GandCrab ramsomware download attempt (malware-cnc.rules)
 * 1:49065 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner getSystemState attempt (server-other.rules)
 * 1:49066 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner fingerprinting attempt (server-other.rules)
 * 1:49063 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules)
 * 1:49064 <-> DISABLED <-> SERVER-OTHER Westermo router default credential login attempt (server-other.rules)
 * 1:49061 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules)
 * 1:49062 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules)
 * 1:49059 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules)
 * 1:49060 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules)
 * 1:49057 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules)
 * 1:49058 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules)
 * 1:49055 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules)
 * 1:49056 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules)

Modified Rules:


 * 1:48786 <-> DISABLED <-> SERVER-OTHER SQLite FTS integer overflow attempt (server-other.rules)
 * 1:48785 <-> DISABLED <-> SERVER-OTHER SQLite FTS integer overflow attempt (server-other.rules)
 * 1:49041 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt (os-windows.rules)
 * 1:49040 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt (os-windows.rules)

2019-01-31 22:33:39 UTC

Snort Subscriber Rules Update

Date: 2019-01-31

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:49054 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules)
 * 1:49053 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules)
 * 1:49052 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules)
 * 1:49051 <-> DISABLED <-> SERVER-OTHER Ewon router default credential login attempt (server-other.rules)
 * 1:49050 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC S7-1500 remote denial of service attempt (protocol-scada.rules)
 * 1:49049 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:49048 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:49075 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules)
 * 1:49074 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules)
 * 1:49073 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules)
 * 1:49072 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Anatova variant network share encryption attempt (malware-other.rules)
 * 1:49071 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Anatova variant detected (malware-other.rules)
 * 1:49070 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Anatova variant detected (malware-other.rules)
 * 1:49069 <-> ENABLED <-> MALWARE-CNC Win.Doc.Dropper GandCrab ramsomware download attempt (malware-cnc.rules)
 * 1:49068 <-> ENABLED <-> MALWARE-CNC Win.Doc.Dropper GandCrab ramsomware download attempt (malware-cnc.rules)
 * 1:49067 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner fingerprinting attempt (server-other.rules)
 * 1:49066 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner fingerprinting attempt (server-other.rules)
 * 1:49065 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner getSystemState attempt (server-other.rules)
 * 1:49064 <-> DISABLED <-> SERVER-OTHER Westermo router default credential login attempt (server-other.rules)
 * 1:49063 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules)
 * 1:49062 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules)
 * 1:49061 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules)
 * 1:49060 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules)
 * 1:49059 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules)
 * 1:49058 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules)
 * 1:49057 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules)
 * 1:49056 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules)
 * 1:49055 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules)
 * 1:49080 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules)
 * 1:49079 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules)
 * 1:49078 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules)
 * 1:49077 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules)
 * 1:49076 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules)

Modified Rules:


 * 1:48786 <-> DISABLED <-> SERVER-OTHER SQLite FTS integer overflow attempt (server-other.rules)
 * 1:49040 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt (os-windows.rules)
 * 1:49041 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt (os-windows.rules)
 * 1:48785 <-> DISABLED <-> SERVER-OTHER SQLite FTS integer overflow attempt (server-other.rules)