Talos Rules 2019-04-25
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-firefox, browser-ie, browser-plugins, deleted, file-pdf, malware-cnc, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2019-04-25 13:43:52 UTC

Snort Subscriber Rules Update

Date: 2019-04-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:49923 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center userRequest command injection attempt (server-webapp.rules)
 * 1:49922 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center userRequest command injection attempt (server-webapp.rules)
 * 1:49921 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center userRequest command injection attempt (server-webapp.rules)
 * 1:49920 <-> DISABLED <-> SERVER-WEBAPP generic cross site scripting via url attempt (server-webapp.rules)
 * 1:49919 <-> DISABLED <-> SERVER-WEBAPP generic session fixation attempt (server-webapp.rules)
 * 1:49918 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength appendItem use after free attempt (browser-firefox.rules)
 * 1:49917 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength appendItem use after free attempt (browser-firefox.rules)
 * 1:49916 <-> ENABLED <-> MALWARE-CNC Win.Malware.JasperLoader update request (malware-cnc.rules)
 * 1:49915 <-> ENABLED <-> MALWARE-CNC Win.Downloader.JasperLoader outbound connection (malware-cnc.rules)
 * 1:49914 <-> ENABLED <-> MALWARE-CNC Win.Downloader.JasperLoader outbound connection (malware-cnc.rules)
 * 1:49913 <-> ENABLED <-> MALWARE-CNC Win.Malware.JasperLoader file download request (malware-cnc.rules)
 * 1:49905 <-> DISABLED <-> BROWSER-PLUGINS Tom Sawyer GET extension ActiveX function call access attempt (browser-plugins.rules)
 * 1:49904 <-> DISABLED <-> BROWSER-PLUGINS Tom Sawyer GET extension ActiveX function call access attempt (browser-plugins.rules)
 * 1:49903 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:49902 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:49901 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:49900 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt (browser-plugins.rules)
 * 1:30700 <-> DISABLED <-> DELETED PSEKoQnSC3lM54tb0njF (deleted.rules)
 * 1:30581 <-> DISABLED <-> DELETED lCE9AFxy45YWUJ4i25c0 (deleted.rules)
 * 1:49938 <-> DISABLED <-> SERVER-WEBAPP Tenda Wireless N150 Router cross-site request forgery attempt (server-webapp.rules)
 * 1:49937 <-> DISABLED <-> SERVER-WEBAPP Tenda Wireless N150 Router cross-site request forgery attempt (server-webapp.rules)
 * 1:49936 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.RogueRobin executable file download attempt (malware-other.rules)
 * 1:49935 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.RogueRobin executable file download attempt (malware-other.rules)
 * 1:49934 <-> ENABLED <-> MALWARE-OTHER Xls.Dropper.RogueRobin file download attempt (malware-other.rules)
 * 1:49933 <-> ENABLED <-> MALWARE-OTHER Xls.Dropper.RogueRobin file download attempt (malware-other.rules)
 * 1:49932 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules)
 * 1:49931 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules)
 * 1:49930 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules)
 * 1:49929 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules)
 * 1:49928 <-> DISABLED <-> SERVER-WEBAPP Multiple products HTML5 ping DDoS attempt (server-webapp.rules)
 * 1:49927 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS Point of Sale Driver stack buffer overflow attempt (browser-plugins.rules)
 * 1:49926 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center tsmRequest command injection attempt (server-webapp.rules)
 * 1:49925 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center tsmRequest command injection attempt (server-webapp.rules)
 * 1:49924 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center tsmRequest command injection attempt (server-webapp.rules)
 * 3:49906 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0814 attack attempt (file-pdf.rules)
 * 3:49907 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0814 attack attempt (file-pdf.rules)
 * 3:49908 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0815 attack attempt (file-pdf.rules)
 * 3:49909 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0815 attack attempt (file-pdf.rules)
 * 3:49910 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0816 attack attempt (file-pdf.rules)
 * 3:49911 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0816 attack attempt (file-pdf.rules)
 * 3:49912 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0811 attack attempt (protocol-other.rules)

Modified Rules:


 * 1:35479 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer RecyclableObject type-confusion remote code execution attempt (browser-ie.rules)
 * 1:35972 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Embedded Windows Media Player CMarkup object use after free attempt (browser-ie.rules)
 * 1:49759 <-> DISABLED <-> BROWSER-PLUGINS GE Intelligent Platforms Proficy HTML help ActiveX function call attempt (browser-plugins.rules)
 * 1:40880 <-> DISABLED <-> SERVER-WEBAPP Multiple products invalid HTTP request attempt (server-webapp.rules)
 * 1:34948 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center userRequest command injection attempt (server-webapp.rules)
 * 1:34949 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center tsmRequest command injection attempt (server-webapp.rules)
 * 1:35969 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Embedded Windows Media Player CMarkup object use after free attempt (browser-ie.rules)
 * 1:35971 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Embedded Windows Media Player CMarkup object use after free attempt (browser-ie.rules)
 * 1:40367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt (browser-ie.rules)
 * 1:35970 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Embedded Windows Media Player CMarkup object use after free attempt (browser-ie.rules)
 * 1:35480 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer RecyclableObject type-confusion remote code execution attempt (browser-ie.rules)
 * 1:40366 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt (browser-ie.rules)

2019-04-25 13:43:52 UTC

Snort Subscriber Rules Update

Date: 2019-04-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:49902 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:30581 <-> DISABLED <-> DELETED lCE9AFxy45YWUJ4i25c0 (deleted.rules)
 * 1:49924 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center tsmRequest command injection attempt (server-webapp.rules)
 * 1:49904 <-> DISABLED <-> BROWSER-PLUGINS Tom Sawyer GET extension ActiveX function call access attempt (browser-plugins.rules)
 * 1:49900 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt (browser-plugins.rules)
 * 1:49905 <-> DISABLED <-> BROWSER-PLUGINS Tom Sawyer GET extension ActiveX function call access attempt (browser-plugins.rules)
 * 1:49922 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center userRequest command injection attempt (server-webapp.rules)
 * 1:49913 <-> ENABLED <-> MALWARE-CNC Win.Malware.JasperLoader file download request (malware-cnc.rules)
 * 1:30700 <-> DISABLED <-> DELETED PSEKoQnSC3lM54tb0njF (deleted.rules)
 * 1:49921 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center userRequest command injection attempt (server-webapp.rules)
 * 1:49931 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules)
 * 1:49932 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules)
 * 1:49933 <-> ENABLED <-> MALWARE-OTHER Xls.Dropper.RogueRobin file download attempt (malware-other.rules)
 * 1:49935 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.RogueRobin executable file download attempt (malware-other.rules)
 * 1:49934 <-> ENABLED <-> MALWARE-OTHER Xls.Dropper.RogueRobin file download attempt (malware-other.rules)
 * 1:49918 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength appendItem use after free attempt (browser-firefox.rules)
 * 1:49936 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.RogueRobin executable file download attempt (malware-other.rules)
 * 1:49914 <-> ENABLED <-> MALWARE-CNC Win.Downloader.JasperLoader outbound connection (malware-cnc.rules)
 * 1:49937 <-> DISABLED <-> SERVER-WEBAPP Tenda Wireless N150 Router cross-site request forgery attempt (server-webapp.rules)
 * 1:49938 <-> DISABLED <-> SERVER-WEBAPP Tenda Wireless N150 Router cross-site request forgery attempt (server-webapp.rules)
 * 1:49919 <-> DISABLED <-> SERVER-WEBAPP generic session fixation attempt (server-webapp.rules)
 * 1:49929 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules)
 * 1:49930 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules)
 * 1:49927 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS Point of Sale Driver stack buffer overflow attempt (browser-plugins.rules)
 * 1:49928 <-> DISABLED <-> SERVER-WEBAPP Multiple products HTML5 ping DDoS attempt (server-webapp.rules)
 * 1:49925 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center tsmRequest command injection attempt (server-webapp.rules)
 * 1:49926 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center tsmRequest command injection attempt (server-webapp.rules)
 * 1:49923 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center userRequest command injection attempt (server-webapp.rules)
 * 1:49920 <-> DISABLED <-> SERVER-WEBAPP generic cross site scripting via url attempt (server-webapp.rules)
 * 1:49917 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength appendItem use after free attempt (browser-firefox.rules)
 * 1:49915 <-> ENABLED <-> MALWARE-CNC Win.Downloader.JasperLoader outbound connection (malware-cnc.rules)
 * 1:49916 <-> ENABLED <-> MALWARE-CNC Win.Malware.JasperLoader update request (malware-cnc.rules)
 * 1:49903 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:49901 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 3:49906 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0814 attack attempt (file-pdf.rules)
 * 3:49907 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0814 attack attempt (file-pdf.rules)
 * 3:49908 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0815 attack attempt (file-pdf.rules)
 * 3:49909 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0815 attack attempt (file-pdf.rules)
 * 3:49910 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0816 attack attempt (file-pdf.rules)
 * 3:49911 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0816 attack attempt (file-pdf.rules)
 * 3:49912 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0811 attack attempt (protocol-other.rules)

Modified Rules:


 * 1:35480 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer RecyclableObject type-confusion remote code execution attempt (browser-ie.rules)
 * 1:49759 <-> DISABLED <-> BROWSER-PLUGINS GE Intelligent Platforms Proficy HTML help ActiveX function call attempt (browser-plugins.rules)
 * 1:34948 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center userRequest command injection attempt (server-webapp.rules)
 * 1:40880 <-> DISABLED <-> SERVER-WEBAPP Multiple products invalid HTTP request attempt (server-webapp.rules)
 * 1:35972 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Embedded Windows Media Player CMarkup object use after free attempt (browser-ie.rules)
 * 1:35969 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Embedded Windows Media Player CMarkup object use after free attempt (browser-ie.rules)
 * 1:34949 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center tsmRequest command injection attempt (server-webapp.rules)
 * 1:35970 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Embedded Windows Media Player CMarkup object use after free attempt (browser-ie.rules)
 * 1:40367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt (browser-ie.rules)
 * 1:35971 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Embedded Windows Media Player CMarkup object use after free attempt (browser-ie.rules)
 * 1:35479 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer RecyclableObject type-confusion remote code execution attempt (browser-ie.rules)
 * 1:40366 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt (browser-ie.rules)

2019-04-25 13:43:52 UTC

Snort Subscriber Rules Update

Date: 2019-04-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:49900 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt (browser-plugins.rules)
 * 1:49914 <-> ENABLED <-> MALWARE-CNC Win.Downloader.JasperLoader outbound connection (malware-cnc.rules)
 * 1:49936 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.RogueRobin executable file download attempt (malware-other.rules)
 * 1:49935 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.RogueRobin executable file download attempt (malware-other.rules)
 * 1:49934 <-> ENABLED <-> MALWARE-OTHER Xls.Dropper.RogueRobin file download attempt (malware-other.rules)
 * 1:49918 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength appendItem use after free attempt (browser-firefox.rules)
 * 1:49902 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:49901 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:49938 <-> DISABLED <-> SERVER-WEBAPP Tenda Wireless N150 Router cross-site request forgery attempt (server-webapp.rules)
 * 1:49937 <-> DISABLED <-> SERVER-WEBAPP Tenda Wireless N150 Router cross-site request forgery attempt (server-webapp.rules)
 * 1:30581 <-> DISABLED <-> DELETED lCE9AFxy45YWUJ4i25c0 (deleted.rules)
 * 1:49913 <-> ENABLED <-> MALWARE-CNC Win.Malware.JasperLoader file download request (malware-cnc.rules)
 * 1:49905 <-> DISABLED <-> BROWSER-PLUGINS Tom Sawyer GET extension ActiveX function call access attempt (browser-plugins.rules)
 * 1:30700 <-> DISABLED <-> DELETED PSEKoQnSC3lM54tb0njF (deleted.rules)
 * 1:49921 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center userRequest command injection attempt (server-webapp.rules)
 * 1:49922 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center userRequest command injection attempt (server-webapp.rules)
 * 1:49924 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center tsmRequest command injection attempt (server-webapp.rules)
 * 1:49904 <-> DISABLED <-> BROWSER-PLUGINS Tom Sawyer GET extension ActiveX function call access attempt (browser-plugins.rules)
 * 1:49931 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules)
 * 1:49932 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules)
 * 1:49933 <-> ENABLED <-> MALWARE-OTHER Xls.Dropper.RogueRobin file download attempt (malware-other.rules)
 * 1:49930 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules)
 * 1:49919 <-> DISABLED <-> SERVER-WEBAPP generic session fixation attempt (server-webapp.rules)
 * 1:49928 <-> DISABLED <-> SERVER-WEBAPP Multiple products HTML5 ping DDoS attempt (server-webapp.rules)
 * 1:49929 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules)
 * 1:49926 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center tsmRequest command injection attempt (server-webapp.rules)
 * 1:49927 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS Point of Sale Driver stack buffer overflow attempt (browser-plugins.rules)
 * 1:49925 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center tsmRequest command injection attempt (server-webapp.rules)
 * 1:49923 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center userRequest command injection attempt (server-webapp.rules)
 * 1:49920 <-> DISABLED <-> SERVER-WEBAPP generic cross site scripting via url attempt (server-webapp.rules)
 * 1:49916 <-> ENABLED <-> MALWARE-CNC Win.Malware.JasperLoader update request (malware-cnc.rules)
 * 1:49917 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength appendItem use after free attempt (browser-firefox.rules)
 * 1:49903 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:49915 <-> ENABLED <-> MALWARE-CNC Win.Downloader.JasperLoader outbound connection (malware-cnc.rules)
 * 3:49906 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0814 attack attempt (file-pdf.rules)
 * 3:49907 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0814 attack attempt (file-pdf.rules)
 * 3:49908 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0815 attack attempt (file-pdf.rules)
 * 3:49909 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0815 attack attempt (file-pdf.rules)
 * 3:49910 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0816 attack attempt (file-pdf.rules)
 * 3:49911 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0816 attack attempt (file-pdf.rules)
 * 3:49912 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0811 attack attempt (protocol-other.rules)

Modified Rules:


 * 1:49759 <-> DISABLED <-> BROWSER-PLUGINS GE Intelligent Platforms Proficy HTML help ActiveX function call attempt (browser-plugins.rules)
 * 1:35972 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Embedded Windows Media Player CMarkup object use after free attempt (browser-ie.rules)
 * 1:34948 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center userRequest command injection attempt (server-webapp.rules)
 * 1:40880 <-> DISABLED <-> SERVER-WEBAPP Multiple products invalid HTTP request attempt (server-webapp.rules)
 * 1:34949 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center tsmRequest command injection attempt (server-webapp.rules)
 * 1:35971 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Embedded Windows Media Player CMarkup object use after free attempt (browser-ie.rules)
 * 1:40366 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt (browser-ie.rules)
 * 1:35969 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Embedded Windows Media Player CMarkup object use after free attempt (browser-ie.rules)
 * 1:35970 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Embedded Windows Media Player CMarkup object use after free attempt (browser-ie.rules)
 * 1:40367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt (browser-ie.rules)
 * 1:35480 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer RecyclableObject type-confusion remote code execution attempt (browser-ie.rules)
 * 1:35479 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer RecyclableObject type-confusion remote code execution attempt (browser-ie.rules)

2019-04-25 13:43:52 UTC

Snort Subscriber Rules Update

Date: 2019-04-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:49937 <-> DISABLED <-> SERVER-WEBAPP Tenda Wireless N150 Router cross-site request forgery attempt (snort3-server-webapp.rules)
 * 1:30700 <-> DISABLED <-> DELETED PSEKoQnSC3lM54tb0njF (snort3-deleted.rules)
 * 1:49901 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (snort3-browser-plugins.rules)
 * 1:49905 <-> DISABLED <-> BROWSER-PLUGINS Tom Sawyer GET extension ActiveX function call access attempt (snort3-browser-plugins.rules)
 * 1:49923 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center userRequest command injection attempt (snort3-server-webapp.rules)
 * 1:49928 <-> DISABLED <-> SERVER-WEBAPP Multiple products HTML5 ping DDoS attempt (snort3-server-webapp.rules)
 * 1:49934 <-> ENABLED <-> MALWARE-OTHER Xls.Dropper.RogueRobin file download attempt (snort3-malware-other.rules)
 * 1:49913 <-> ENABLED <-> MALWARE-CNC Win.Malware.JasperLoader file download request (snort3-malware-cnc.rules)
 * 1:49919 <-> DISABLED <-> SERVER-WEBAPP generic session fixation attempt (snort3-server-webapp.rules)
 * 1:49920 <-> DISABLED <-> SERVER-WEBAPP generic cross site scripting via url attempt (snort3-server-webapp.rules)
 * 1:49921 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center userRequest command injection attempt (snort3-server-webapp.rules)
 * 1:49926 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center tsmRequest command injection attempt (snort3-server-webapp.rules)
 * 1:49927 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS Point of Sale Driver stack buffer overflow attempt (snort3-browser-plugins.rules)
 * 1:49935 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.RogueRobin executable file download attempt (snort3-malware-other.rules)
 * 1:49904 <-> DISABLED <-> BROWSER-PLUGINS Tom Sawyer GET extension ActiveX function call access attempt (snort3-browser-plugins.rules)
 * 1:49924 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center tsmRequest command injection attempt (snort3-server-webapp.rules)
 * 1:49930 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (snort3-browser-plugins.rules)
 * 1:49932 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (snort3-browser-plugins.rules)
 * 1:49929 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (snort3-browser-plugins.rules)
 * 1:49933 <-> ENABLED <-> MALWARE-OTHER Xls.Dropper.RogueRobin file download attempt (snort3-malware-other.rules)
 * 1:49931 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (snort3-browser-plugins.rules)
 * 1:49900 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt (snort3-browser-plugins.rules)
 * 1:49938 <-> DISABLED <-> SERVER-WEBAPP Tenda Wireless N150 Router cross-site request forgery attempt (snort3-server-webapp.rules)
 * 1:49915 <-> ENABLED <-> MALWARE-CNC Win.Downloader.JasperLoader outbound connection (snort3-malware-cnc.rules)
 * 1:49917 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength appendItem use after free attempt (snort3-browser-firefox.rules)
 * 1:49922 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center userRequest command injection attempt (snort3-server-webapp.rules)
 * 1:49914 <-> ENABLED <-> MALWARE-CNC Win.Downloader.JasperLoader outbound connection (snort3-malware-cnc.rules)
 * 1:49916 <-> ENABLED <-> MALWARE-CNC Win.Malware.JasperLoader update request (snort3-malware-cnc.rules)
 * 1:49918 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength appendItem use after free attempt (snort3-browser-firefox.rules)
 * 1:30581 <-> DISABLED <-> DELETED lCE9AFxy45YWUJ4i25c0 (snort3-deleted.rules)
 * 1:49903 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (snort3-browser-plugins.rules)
 * 1:49902 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (snort3-browser-plugins.rules)
 * 1:49925 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center tsmRequest command injection attempt (snort3-server-webapp.rules)
 * 1:49936 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.RogueRobin executable file download attempt (snort3-malware-other.rules)

Modified Rules:


 * 1:40366 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt (snort3-browser-ie.rules)
 * 1:35971 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Embedded Windows Media Player CMarkup object use after free attempt (snort3-browser-ie.rules)
 * 1:49759 <-> DISABLED <-> BROWSER-PLUGINS GE Intelligent Platforms Proficy HTML help ActiveX function call attempt (snort3-browser-plugins.rules)
 * 1:34949 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center tsmRequest command injection attempt (snort3-server-webapp.rules)
 * 1:35972 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Embedded Windows Media Player CMarkup object use after free attempt (snort3-browser-ie.rules)
 * 1:34948 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center userRequest command injection attempt (snort3-server-webapp.rules)
 * 1:35480 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer RecyclableObject type-confusion remote code execution attempt (snort3-browser-ie.rules)
 * 1:35969 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Embedded Windows Media Player CMarkup object use after free attempt (snort3-browser-ie.rules)
 * 1:35970 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Embedded Windows Media Player CMarkup object use after free attempt (snort3-browser-ie.rules)
 * 1:40880 <-> DISABLED <-> SERVER-WEBAPP Multiple products invalid HTTP request attempt (snort3-server-webapp.rules)
 * 1:35479 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer RecyclableObject type-confusion remote code execution attempt (snort3-browser-ie.rules)
 * 1:40367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt (snort3-browser-ie.rules)

2019-04-25 13:43:52 UTC

Snort Subscriber Rules Update

Date: 2019-04-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:49900 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt (browser-plugins.rules)
 * 1:49905 <-> DISABLED <-> BROWSER-PLUGINS Tom Sawyer GET extension ActiveX function call access attempt (browser-plugins.rules)
 * 1:49913 <-> ENABLED <-> MALWARE-CNC Win.Malware.JasperLoader file download request (malware-cnc.rules)
 * 1:49937 <-> DISABLED <-> SERVER-WEBAPP Tenda Wireless N150 Router cross-site request forgery attempt (server-webapp.rules)
 * 1:49916 <-> ENABLED <-> MALWARE-CNC Win.Malware.JasperLoader update request (malware-cnc.rules)
 * 1:30581 <-> DISABLED <-> DELETED lCE9AFxy45YWUJ4i25c0 (deleted.rules)
 * 1:49914 <-> ENABLED <-> MALWARE-CNC Win.Downloader.JasperLoader outbound connection (malware-cnc.rules)
 * 1:49903 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:49921 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center userRequest command injection attempt (server-webapp.rules)
 * 1:49923 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center userRequest command injection attempt (server-webapp.rules)
 * 1:49904 <-> DISABLED <-> BROWSER-PLUGINS Tom Sawyer GET extension ActiveX function call access attempt (browser-plugins.rules)
 * 1:49935 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.RogueRobin executable file download attempt (malware-other.rules)
 * 1:49936 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.RogueRobin executable file download attempt (malware-other.rules)
 * 1:49928 <-> DISABLED <-> SERVER-WEBAPP Multiple products HTML5 ping DDoS attempt (server-webapp.rules)
 * 1:49925 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center tsmRequest command injection attempt (server-webapp.rules)
 * 1:49931 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules)
 * 1:49930 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules)
 * 1:49902 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:49929 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules)
 * 1:49932 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules)
 * 1:49938 <-> DISABLED <-> SERVER-WEBAPP Tenda Wireless N150 Router cross-site request forgery attempt (server-webapp.rules)
 * 1:49933 <-> ENABLED <-> MALWARE-OTHER Xls.Dropper.RogueRobin file download attempt (malware-other.rules)
 * 1:49926 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center tsmRequest command injection attempt (server-webapp.rules)
 * 1:30700 <-> DISABLED <-> DELETED PSEKoQnSC3lM54tb0njF (deleted.rules)
 * 1:49922 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center userRequest command injection attempt (server-webapp.rules)
 * 1:49924 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center tsmRequest command injection attempt (server-webapp.rules)
 * 1:49919 <-> DISABLED <-> SERVER-WEBAPP generic session fixation attempt (server-webapp.rules)
 * 1:49920 <-> DISABLED <-> SERVER-WEBAPP generic cross site scripting via url attempt (server-webapp.rules)
 * 1:49915 <-> ENABLED <-> MALWARE-CNC Win.Downloader.JasperLoader outbound connection (malware-cnc.rules)
 * 1:49918 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength appendItem use after free attempt (browser-firefox.rules)
 * 1:49927 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS Point of Sale Driver stack buffer overflow attempt (browser-plugins.rules)
 * 1:49917 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength appendItem use after free attempt (browser-firefox.rules)
 * 1:49901 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:49934 <-> ENABLED <-> MALWARE-OTHER Xls.Dropper.RogueRobin file download attempt (malware-other.rules)
 * 3:49906 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0814 attack attempt (file-pdf.rules)
 * 3:49907 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0814 attack attempt (file-pdf.rules)
 * 3:49908 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0815 attack attempt (file-pdf.rules)
 * 3:49909 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0815 attack attempt (file-pdf.rules)
 * 3:49910 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0816 attack attempt (file-pdf.rules)
 * 3:49911 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0816 attack attempt (file-pdf.rules)
 * 3:49912 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0811 attack attempt (protocol-other.rules)

Modified Rules:


 * 1:35479 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer RecyclableObject type-confusion remote code execution attempt (browser-ie.rules)
 * 1:35972 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Embedded Windows Media Player CMarkup object use after free attempt (browser-ie.rules)
 * 1:35969 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Embedded Windows Media Player CMarkup object use after free attempt (browser-ie.rules)
 * 1:49759 <-> DISABLED <-> BROWSER-PLUGINS GE Intelligent Platforms Proficy HTML help ActiveX function call attempt (browser-plugins.rules)
 * 1:40880 <-> DISABLED <-> SERVER-WEBAPP Multiple products invalid HTTP request attempt (server-webapp.rules)
 * 1:40367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt (browser-ie.rules)
 * 1:40366 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt (browser-ie.rules)
 * 1:35480 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer RecyclableObject type-confusion remote code execution attempt (browser-ie.rules)
 * 1:34949 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center tsmRequest command injection attempt (server-webapp.rules)
 * 1:34948 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center userRequest command injection attempt (server-webapp.rules)
 * 1:35970 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Embedded Windows Media Player CMarkup object use after free attempt (browser-ie.rules)
 * 1:35971 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Embedded Windows Media Player CMarkup object use after free attempt (browser-ie.rules)

2019-04-25 13:43:52 UTC

Snort Subscriber Rules Update

Date: 2019-04-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:49922 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center userRequest command injection attempt (server-webapp.rules)
 * 1:49924 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center tsmRequest command injection attempt (server-webapp.rules)
 * 1:49934 <-> ENABLED <-> MALWARE-OTHER Xls.Dropper.RogueRobin file download attempt (malware-other.rules)
 * 1:49935 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.RogueRobin executable file download attempt (malware-other.rules)
 * 1:30700 <-> DISABLED <-> DELETED PSEKoQnSC3lM54tb0njF (deleted.rules)
 * 1:49938 <-> DISABLED <-> SERVER-WEBAPP Tenda Wireless N150 Router cross-site request forgery attempt (server-webapp.rules)
 * 1:49901 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:30581 <-> DISABLED <-> DELETED lCE9AFxy45YWUJ4i25c0 (deleted.rules)
 * 1:49914 <-> ENABLED <-> MALWARE-CNC Win.Downloader.JasperLoader outbound connection (malware-cnc.rules)
 * 1:49936 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.RogueRobin executable file download attempt (malware-other.rules)
 * 1:49920 <-> DISABLED <-> SERVER-WEBAPP generic cross site scripting via url attempt (server-webapp.rules)
 * 1:49913 <-> ENABLED <-> MALWARE-CNC Win.Malware.JasperLoader file download request (malware-cnc.rules)
 * 1:49917 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength appendItem use after free attempt (browser-firefox.rules)
 * 1:49916 <-> ENABLED <-> MALWARE-CNC Win.Malware.JasperLoader update request (malware-cnc.rules)
 * 1:49915 <-> ENABLED <-> MALWARE-CNC Win.Downloader.JasperLoader outbound connection (malware-cnc.rules)
 * 1:49918 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength appendItem use after free attempt (browser-firefox.rules)
 * 1:49902 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:49905 <-> DISABLED <-> BROWSER-PLUGINS Tom Sawyer GET extension ActiveX function call access attempt (browser-plugins.rules)
 * 1:49900 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt (browser-plugins.rules)
 * 1:49923 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center userRequest command injection attempt (server-webapp.rules)
 * 1:49903 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:49921 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center userRequest command injection attempt (server-webapp.rules)
 * 1:49904 <-> DISABLED <-> BROWSER-PLUGINS Tom Sawyer GET extension ActiveX function call access attempt (browser-plugins.rules)
 * 1:49930 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules)
 * 1:49926 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center tsmRequest command injection attempt (server-webapp.rules)
 * 1:49919 <-> DISABLED <-> SERVER-WEBAPP generic session fixation attempt (server-webapp.rules)
 * 1:49928 <-> DISABLED <-> SERVER-WEBAPP Multiple products HTML5 ping DDoS attempt (server-webapp.rules)
 * 1:49929 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules)
 * 1:49927 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS Point of Sale Driver stack buffer overflow attempt (browser-plugins.rules)
 * 1:49925 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center tsmRequest command injection attempt (server-webapp.rules)
 * 1:49937 <-> DISABLED <-> SERVER-WEBAPP Tenda Wireless N150 Router cross-site request forgery attempt (server-webapp.rules)
 * 1:49931 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules)
 * 1:49932 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules)
 * 1:49933 <-> ENABLED <-> MALWARE-OTHER Xls.Dropper.RogueRobin file download attempt (malware-other.rules)
 * 3:49906 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0814 attack attempt (file-pdf.rules)
 * 3:49907 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0814 attack attempt (file-pdf.rules)
 * 3:49908 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0815 attack attempt (file-pdf.rules)
 * 3:49909 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0815 attack attempt (file-pdf.rules)
 * 3:49910 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0816 attack attempt (file-pdf.rules)
 * 3:49911 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0816 attack attempt (file-pdf.rules)
 * 3:49912 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0811 attack attempt (protocol-other.rules)

Modified Rules:


 * 1:40880 <-> DISABLED <-> SERVER-WEBAPP Multiple products invalid HTTP request attempt (server-webapp.rules)
 * 1:35479 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer RecyclableObject type-confusion remote code execution attempt (browser-ie.rules)
 * 1:35971 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Embedded Windows Media Player CMarkup object use after free attempt (browser-ie.rules)
 * 1:49759 <-> DISABLED <-> BROWSER-PLUGINS GE Intelligent Platforms Proficy HTML help ActiveX function call attempt (browser-plugins.rules)
 * 1:35480 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer RecyclableObject type-confusion remote code execution attempt (browser-ie.rules)
 * 1:40366 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt (browser-ie.rules)
 * 1:35970 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Embedded Windows Media Player CMarkup object use after free attempt (browser-ie.rules)
 * 1:40367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt (browser-ie.rules)
 * 1:34948 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center userRequest command injection attempt (server-webapp.rules)
 * 1:35969 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Embedded Windows Media Player CMarkup object use after free attempt (browser-ie.rules)
 * 1:35972 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Embedded Windows Media Player CMarkup object use after free attempt (browser-ie.rules)
 * 1:34949 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center tsmRequest command injection attempt (server-webapp.rules)