Talos Rules 2020-02-18
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-chrome, browser-ie, browser-plugins, browser-webkit, file-pdf, malware-cnc, malware-other, malware-tools, protocol-scada and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2020-02-18 13:08:55 UTC

Snort Subscriber Rules Update

Date: 2020-02-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53111 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules)
 * 1:53110 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules)
 * 1:53109 <-> DISABLED <-> SERVER-OTHER RabbitMQ X-Reason HTTP header denial-of-service attempt (server-other.rules)
 * 1:53138 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (malware-other.rules)
 * 1:53137 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (malware-other.rules)
 * 1:53136 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (malware-other.rules)
 * 1:53135 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.Carrotbat variant download attempt (malware-other.rules)
 * 1:53134 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (malware-other.rules)
 * 1:53133 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (malware-other.rules)
 * 1:53132 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Syscon variant payload download attempt (malware-other.rules)
 * 1:53131 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Syscon variant payload download attempt (malware-other.rules)
 * 1:53130 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (malware-other.rules)
 * 1:53129 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.Carrotbat variant download attempt (malware-other.rules)
 * 1:53124 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit cached page universal cross-site scripting attempt (browser-webkit.rules)
 * 1:53123 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit cached page universal cross-site scripting attempt (browser-webkit.rules)
 * 1:53122 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit cached page memory corruption attempt (browser-webkit.rules)
 * 1:53121 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit cached page memory corruption attempt (browser-webkit.rules)
 * 1:53120 <-> DISABLED <-> SERVER-WEBAPP Wordpress DreamworkGallery plugin arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:53119 <-> DISABLED <-> SERVER-WEBAPP Wordpress DreamworkGallery plugin file upload attempt (server-webapp.rules)
 * 1:53118 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Data Analyzer 3.5 ActiveX clsid access (browser-plugins.rules)
 * 1:53117 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Data Analyzer 3.5 ActiveX use-after-free attempt (browser-plugins.rules)
 * 1:53116 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Data Analyzer 3.5 ActiveX use-after-free attempt (browser-plugins.rules)
 * 1:53113 <-> DISABLED <-> MALWARE-TOOLS Win.Dropper.WiryJMPer variant download attempt (malware-tools.rules)
 * 1:53112 <-> DISABLED <-> MALWARE-TOOLS Win.Dropper.WiryJMPer variant download attempt (malware-tools.rules)
 * 1:53147 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant payload download attempt (malware-cnc.rules)
 * 1:53146 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 FindSharedFunctionInfo out-of-bounds read attempt (browser-chrome.rules)
 * 1:53145 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 FindSharedFunctionInfo out-of-bounds read attempt (browser-chrome.rules)
 * 1:53144 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Syscon variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53143 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Syscon variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53142 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Syscon variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53141 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Carrotball variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53140 <-> ENABLED <-> MALWARE-CNC Doc.Downloader.Carrotball variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53139 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Syscon variant payload download attempt (malware-other.rules)
 * 3:53128 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1007 attack attempt (protocol-scada.rules)
 * 3:53126 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1008 attack attempt (protocol-scada.rules)
 * 3:53127 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1007 attack attempt (protocol-scada.rules)
 * 3:53115 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1013 attack attempt (file-pdf.rules)
 * 3:53125 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1005 attack attempt (protocol-scada.rules)
 * 3:53114 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1013 attack attempt (file-pdf.rules)

Modified Rules:


 * 1:52239 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules)
 * 1:52240 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules)
 * 1:46268 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant payload download attempt (malware-cnc.rules)
 * 1:46270 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant payload download attempt (malware-cnc.rules)
 * 1:16419 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Data Analyzer 3.5 ActiveX clsid access (browser-plugins.rules)

2020-02-18 13:08:55 UTC

Snort Subscriber Rules Update

Date: 2020-02-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53141 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Carrotball variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53113 <-> DISABLED <-> MALWARE-TOOLS Win.Dropper.WiryJMPer variant download attempt (malware-tools.rules)
 * 1:53142 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Syscon variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53110 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules)
 * 1:53123 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit cached page universal cross-site scripting attempt (browser-webkit.rules)
 * 1:53111 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules)
 * 1:53119 <-> DISABLED <-> SERVER-WEBAPP Wordpress DreamworkGallery plugin file upload attempt (server-webapp.rules)
 * 1:53120 <-> DISABLED <-> SERVER-WEBAPP Wordpress DreamworkGallery plugin arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:53112 <-> DISABLED <-> MALWARE-TOOLS Win.Dropper.WiryJMPer variant download attempt (malware-tools.rules)
 * 1:53121 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit cached page memory corruption attempt (browser-webkit.rules)
 * 1:53118 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Data Analyzer 3.5 ActiveX clsid access (browser-plugins.rules)
 * 1:53122 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit cached page memory corruption attempt (browser-webkit.rules)
 * 1:53117 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Data Analyzer 3.5 ActiveX use-after-free attempt (browser-plugins.rules)
 * 1:53124 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit cached page universal cross-site scripting attempt (browser-webkit.rules)
 * 1:53129 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.Carrotbat variant download attempt (malware-other.rules)
 * 1:53130 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (malware-other.rules)
 * 1:53131 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Syscon variant payload download attempt (malware-other.rules)
 * 1:53145 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 FindSharedFunctionInfo out-of-bounds read attempt (browser-chrome.rules)
 * 1:53143 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Syscon variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53144 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Syscon variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53132 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Syscon variant payload download attempt (malware-other.rules)
 * 1:53133 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (malware-other.rules)
 * 1:53134 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (malware-other.rules)
 * 1:53135 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.Carrotbat variant download attempt (malware-other.rules)
 * 1:53136 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (malware-other.rules)
 * 1:53137 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (malware-other.rules)
 * 1:53138 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (malware-other.rules)
 * 1:53139 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Syscon variant payload download attempt (malware-other.rules)
 * 1:53109 <-> DISABLED <-> SERVER-OTHER RabbitMQ X-Reason HTTP header denial-of-service attempt (server-other.rules)
 * 1:53147 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant payload download attempt (malware-cnc.rules)
 * 1:53146 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 FindSharedFunctionInfo out-of-bounds read attempt (browser-chrome.rules)
 * 1:53140 <-> ENABLED <-> MALWARE-CNC Doc.Downloader.Carrotball variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53116 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Data Analyzer 3.5 ActiveX use-after-free attempt (browser-plugins.rules)
 * 3:53128 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1007 attack attempt (protocol-scada.rules)
 * 3:53126 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1008 attack attempt (protocol-scada.rules)
 * 3:53127 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1007 attack attempt (protocol-scada.rules)
 * 3:53125 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1005 attack attempt (protocol-scada.rules)
 * 3:53115 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1013 attack attempt (file-pdf.rules)
 * 3:53114 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1013 attack attempt (file-pdf.rules)

Modified Rules:


 * 1:52239 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules)
 * 1:52240 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules)
 * 1:46268 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant payload download attempt (malware-cnc.rules)
 * 1:46270 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant payload download attempt (malware-cnc.rules)
 * 1:16419 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Data Analyzer 3.5 ActiveX clsid access (browser-plugins.rules)

2020-02-18 13:08:55 UTC

Snort Subscriber Rules Update

Date: 2020-02-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53141 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Carrotball variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53147 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant payload download attempt (malware-cnc.rules)
 * 1:53146 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 FindSharedFunctionInfo out-of-bounds read attempt (browser-chrome.rules)
 * 1:53144 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Syscon variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53145 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 FindSharedFunctionInfo out-of-bounds read attempt (browser-chrome.rules)
 * 1:53143 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Syscon variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53123 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit cached page universal cross-site scripting attempt (browser-webkit.rules)
 * 1:53109 <-> DISABLED <-> SERVER-OTHER RabbitMQ X-Reason HTTP header denial-of-service attempt (server-other.rules)
 * 1:53110 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules)
 * 1:53111 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules)
 * 1:53119 <-> DISABLED <-> SERVER-WEBAPP Wordpress DreamworkGallery plugin file upload attempt (server-webapp.rules)
 * 1:53112 <-> DISABLED <-> MALWARE-TOOLS Win.Dropper.WiryJMPer variant download attempt (malware-tools.rules)
 * 1:53118 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Data Analyzer 3.5 ActiveX clsid access (browser-plugins.rules)
 * 1:53121 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit cached page memory corruption attempt (browser-webkit.rules)
 * 1:53122 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit cached page memory corruption attempt (browser-webkit.rules)
 * 1:53113 <-> DISABLED <-> MALWARE-TOOLS Win.Dropper.WiryJMPer variant download attempt (malware-tools.rules)
 * 1:53120 <-> DISABLED <-> SERVER-WEBAPP Wordpress DreamworkGallery plugin arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:53117 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Data Analyzer 3.5 ActiveX use-after-free attempt (browser-plugins.rules)
 * 1:53142 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Syscon variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53124 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit cached page universal cross-site scripting attempt (browser-webkit.rules)
 * 1:53129 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.Carrotbat variant download attempt (malware-other.rules)
 * 1:53130 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (malware-other.rules)
 * 1:53131 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Syscon variant payload download attempt (malware-other.rules)
 * 1:53132 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Syscon variant payload download attempt (malware-other.rules)
 * 1:53133 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (malware-other.rules)
 * 1:53134 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (malware-other.rules)
 * 1:53135 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.Carrotbat variant download attempt (malware-other.rules)
 * 1:53136 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (malware-other.rules)
 * 1:53137 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (malware-other.rules)
 * 1:53138 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (malware-other.rules)
 * 1:53116 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Data Analyzer 3.5 ActiveX use-after-free attempt (browser-plugins.rules)
 * 1:53140 <-> ENABLED <-> MALWARE-CNC Doc.Downloader.Carrotball variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53139 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Syscon variant payload download attempt (malware-other.rules)
 * 3:53127 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1007 attack attempt (protocol-scada.rules)
 * 3:53114 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1013 attack attempt (file-pdf.rules)
 * 3:53128 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1007 attack attempt (protocol-scada.rules)
 * 3:53125 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1005 attack attempt (protocol-scada.rules)
 * 3:53126 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1008 attack attempt (protocol-scada.rules)
 * 3:53115 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1013 attack attempt (file-pdf.rules)

Modified Rules:


 * 1:52240 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules)
 * 1:46268 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant payload download attempt (malware-cnc.rules)
 * 1:52239 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules)
 * 1:46270 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant payload download attempt (malware-cnc.rules)
 * 1:16419 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Data Analyzer 3.5 ActiveX clsid access (browser-plugins.rules)

2020-02-18 13:08:55 UTC

Snort Subscriber Rules Update

Date: 2020-02-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53141 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Carrotball variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53143 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Syscon variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53142 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Syscon variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53144 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Syscon variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53113 <-> DISABLED <-> MALWARE-TOOLS Win.Dropper.WiryJMPer variant download attempt (malware-tools.rules)
 * 1:53110 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules)
 * 1:53109 <-> DISABLED <-> SERVER-OTHER RabbitMQ X-Reason HTTP header denial-of-service attempt (server-other.rules)
 * 1:53123 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit cached page universal cross-site scripting attempt (browser-webkit.rules)
 * 1:53118 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Data Analyzer 3.5 ActiveX clsid access (browser-plugins.rules)
 * 1:53111 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules)
 * 1:53119 <-> DISABLED <-> SERVER-WEBAPP Wordpress DreamworkGallery plugin file upload attempt (server-webapp.rules)
 * 1:53121 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit cached page memory corruption attempt (browser-webkit.rules)
 * 1:53120 <-> DISABLED <-> SERVER-WEBAPP Wordpress DreamworkGallery plugin arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:53117 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Data Analyzer 3.5 ActiveX use-after-free attempt (browser-plugins.rules)
 * 1:53124 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit cached page universal cross-site scripting attempt (browser-webkit.rules)
 * 1:53129 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.Carrotbat variant download attempt (malware-other.rules)
 * 1:53130 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (malware-other.rules)
 * 1:53131 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Syscon variant payload download attempt (malware-other.rules)
 * 1:53132 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Syscon variant payload download attempt (malware-other.rules)
 * 1:53133 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (malware-other.rules)
 * 1:53134 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (malware-other.rules)
 * 1:53145 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 FindSharedFunctionInfo out-of-bounds read attempt (browser-chrome.rules)
 * 1:53135 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.Carrotbat variant download attempt (malware-other.rules)
 * 1:53136 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (malware-other.rules)
 * 1:53137 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (malware-other.rules)
 * 1:53112 <-> DISABLED <-> MALWARE-TOOLS Win.Dropper.WiryJMPer variant download attempt (malware-tools.rules)
 * 1:53138 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (malware-other.rules)
 * 1:53140 <-> ENABLED <-> MALWARE-CNC Doc.Downloader.Carrotball variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53116 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Data Analyzer 3.5 ActiveX use-after-free attempt (browser-plugins.rules)
 * 1:53139 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Syscon variant payload download attempt (malware-other.rules)
 * 1:53122 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit cached page memory corruption attempt (browser-webkit.rules)
 * 1:53146 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 FindSharedFunctionInfo out-of-bounds read attempt (browser-chrome.rules)
 * 1:53147 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant payload download attempt (malware-cnc.rules)
 * 3:53125 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1005 attack attempt (protocol-scada.rules)
 * 3:53115 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1013 attack attempt (file-pdf.rules)
 * 3:53127 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1007 attack attempt (protocol-scada.rules)
 * 3:53126 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1008 attack attempt (protocol-scada.rules)
 * 3:53114 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1013 attack attempt (file-pdf.rules)
 * 3:53128 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1007 attack attempt (protocol-scada.rules)

Modified Rules:


 * 1:46270 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant payload download attempt (malware-cnc.rules)
 * 1:52239 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules)
 * 1:52240 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules)
 * 1:46268 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant payload download attempt (malware-cnc.rules)
 * 1:16419 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Data Analyzer 3.5 ActiveX clsid access (browser-plugins.rules)

2020-02-18 13:08:55 UTC

Snort Subscriber Rules Update

Date: 2020-02-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53143 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Syscon variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53141 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Carrotball variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53142 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Syscon variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53144 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Syscon variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53112 <-> DISABLED <-> MALWARE-TOOLS Win.Dropper.WiryJMPer variant download attempt (malware-tools.rules)
 * 1:53123 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit cached page universal cross-site scripting attempt (browser-webkit.rules)
 * 1:53111 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules)
 * 1:53113 <-> DISABLED <-> MALWARE-TOOLS Win.Dropper.WiryJMPer variant download attempt (malware-tools.rules)
 * 1:53119 <-> DISABLED <-> SERVER-WEBAPP Wordpress DreamworkGallery plugin file upload attempt (server-webapp.rules)
 * 1:53110 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules)
 * 1:53121 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit cached page memory corruption attempt (browser-webkit.rules)
 * 1:53117 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Data Analyzer 3.5 ActiveX use-after-free attempt (browser-plugins.rules)
 * 1:53124 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit cached page universal cross-site scripting attempt (browser-webkit.rules)
 * 1:53129 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.Carrotbat variant download attempt (malware-other.rules)
 * 1:53130 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (malware-other.rules)
 * 1:53131 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Syscon variant payload download attempt (malware-other.rules)
 * 1:53132 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Syscon variant payload download attempt (malware-other.rules)
 * 1:53116 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Data Analyzer 3.5 ActiveX use-after-free attempt (browser-plugins.rules)
 * 1:53122 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit cached page memory corruption attempt (browser-webkit.rules)
 * 1:53118 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Data Analyzer 3.5 ActiveX clsid access (browser-plugins.rules)
 * 1:53133 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (malware-other.rules)
 * 1:53146 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 FindSharedFunctionInfo out-of-bounds read attempt (browser-chrome.rules)
 * 1:53147 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant payload download attempt (malware-cnc.rules)
 * 1:53134 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (malware-other.rules)
 * 1:53135 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.Carrotbat variant download attempt (malware-other.rules)
 * 1:53109 <-> DISABLED <-> SERVER-OTHER RabbitMQ X-Reason HTTP header denial-of-service attempt (server-other.rules)
 * 1:53120 <-> DISABLED <-> SERVER-WEBAPP Wordpress DreamworkGallery plugin arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:53136 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (malware-other.rules)
 * 1:53140 <-> ENABLED <-> MALWARE-CNC Doc.Downloader.Carrotball variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53137 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (malware-other.rules)
 * 1:53138 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (malware-other.rules)
 * 1:53139 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Syscon variant payload download attempt (malware-other.rules)
 * 1:53145 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 FindSharedFunctionInfo out-of-bounds read attempt (browser-chrome.rules)
 * 3:53127 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1007 attack attempt (protocol-scada.rules)
 * 3:53126 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1008 attack attempt (protocol-scada.rules)
 * 3:53125 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1005 attack attempt (protocol-scada.rules)
 * 3:53128 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1007 attack attempt (protocol-scada.rules)
 * 3:53114 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1013 attack attempt (file-pdf.rules)
 * 3:53115 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1013 attack attempt (file-pdf.rules)

Modified Rules:


 * 1:46270 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant payload download attempt (malware-cnc.rules)
 * 1:52239 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules)
 * 1:52240 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules)
 * 1:46268 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant payload download attempt (malware-cnc.rules)
 * 1:16419 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Data Analyzer 3.5 ActiveX clsid access (browser-plugins.rules)

2020-02-18 13:08:55 UTC

Snort Subscriber Rules Update

Date: 2020-02-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53145 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 FindSharedFunctionInfo out-of-bounds read attempt (snort3-browser-chrome.rules)
 * 1:53146 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 FindSharedFunctionInfo out-of-bounds read attempt (snort3-browser-chrome.rules)
 * 1:53113 <-> DISABLED <-> MALWARE-TOOLS Win.Dropper.WiryJMPer variant download attempt (snort3-malware-tools.rules)
 * 1:53130 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (snort3-malware-other.rules)
 * 1:53112 <-> DISABLED <-> MALWARE-TOOLS Win.Dropper.WiryJMPer variant download attempt (snort3-malware-tools.rules)
 * 1:53147 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant payload download attempt (snort3-malware-cnc.rules)
 * 1:53144 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Syscon variant outbound cnc connection attempt (snort3-malware-cnc.rules)
 * 1:53116 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Data Analyzer 3.5 ActiveX use-after-free attempt (snort3-browser-plugins.rules)
 * 1:53110 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (snort3-browser-ie.rules)
 * 1:53119 <-> DISABLED <-> SERVER-WEBAPP Wordpress DreamworkGallery plugin file upload attempt (snort3-server-webapp.rules)
 * 1:53109 <-> DISABLED <-> SERVER-OTHER RabbitMQ X-Reason HTTP header denial-of-service attempt (snort3-server-other.rules)
 * 1:53124 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit cached page universal cross-site scripting attempt (snort3-browser-webkit.rules)
 * 1:53143 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Syscon variant outbound cnc connection attempt (snort3-malware-cnc.rules)
 * 1:53120 <-> DISABLED <-> SERVER-WEBAPP Wordpress DreamworkGallery plugin arbitrary PHP file upload attempt (snort3-server-webapp.rules)
 * 1:53131 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Syscon variant payload download attempt (snort3-malware-other.rules)
 * 1:53132 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Syscon variant payload download attempt (snort3-malware-other.rules)
 * 1:53133 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (snort3-malware-other.rules)
 * 1:53134 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (snort3-malware-other.rules)
 * 1:53135 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.Carrotbat variant download attempt (snort3-malware-other.rules)
 * 1:53121 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit cached page memory corruption attempt (snort3-browser-webkit.rules)
 * 1:53129 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.Carrotbat variant download attempt (snort3-malware-other.rules)
 * 1:53136 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (snort3-malware-other.rules)
 * 1:53137 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (snort3-malware-other.rules)
 * 1:53138 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (snort3-malware-other.rules)
 * 1:53139 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Syscon variant payload download attempt (snort3-malware-other.rules)
 * 1:53123 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit cached page universal cross-site scripting attempt (snort3-browser-webkit.rules)
 * 1:53140 <-> ENABLED <-> MALWARE-CNC Doc.Downloader.Carrotball variant outbound cnc connection attempt (snort3-malware-cnc.rules)
 * 1:53118 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Data Analyzer 3.5 ActiveX clsid access (snort3-browser-plugins.rules)
 * 1:53141 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Carrotball variant outbound cnc connection attempt (snort3-malware-cnc.rules)
 * 1:53122 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit cached page memory corruption attempt (snort3-browser-webkit.rules)
 * 1:53117 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Data Analyzer 3.5 ActiveX use-after-free attempt (snort3-browser-plugins.rules)
 * 1:53142 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Syscon variant outbound cnc connection attempt (snort3-malware-cnc.rules)
 * 1:53111 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (snort3-browser-ie.rules)

Modified Rules:


 * 1:52239 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (snort3-browser-ie.rules)
 * 1:16419 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Data Analyzer 3.5 ActiveX clsid access (snort3-browser-plugins.rules)
 * 1:46270 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant payload download attempt (snort3-malware-cnc.rules)
 * 1:52240 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (snort3-browser-ie.rules)
 * 1:46268 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant payload download attempt (snort3-malware-cnc.rules)

2020-02-18 13:08:55 UTC

Snort Subscriber Rules Update

Date: 2020-02-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53139 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Syscon variant payload download attempt (malware-other.rules)
 * 1:53138 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (malware-other.rules)
 * 1:53113 <-> DISABLED <-> MALWARE-TOOLS Win.Dropper.WiryJMPer variant download attempt (malware-tools.rules)
 * 1:53147 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant payload download attempt (malware-cnc.rules)
 * 1:53141 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Carrotball variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53142 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Syscon variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53145 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 FindSharedFunctionInfo out-of-bounds read attempt (browser-chrome.rules)
 * 1:53146 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 FindSharedFunctionInfo out-of-bounds read attempt (browser-chrome.rules)
 * 1:53137 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (malware-other.rules)
 * 1:53144 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Syscon variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53112 <-> DISABLED <-> MALWARE-TOOLS Win.Dropper.WiryJMPer variant download attempt (malware-tools.rules)
 * 1:53111 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules)
 * 1:53110 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules)
 * 1:53117 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Data Analyzer 3.5 ActiveX use-after-free attempt (browser-plugins.rules)
 * 1:53116 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Data Analyzer 3.5 ActiveX use-after-free attempt (browser-plugins.rules)
 * 1:53109 <-> DISABLED <-> SERVER-OTHER RabbitMQ X-Reason HTTP header denial-of-service attempt (server-other.rules)
 * 1:53118 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Data Analyzer 3.5 ActiveX clsid access (browser-plugins.rules)
 * 1:53119 <-> DISABLED <-> SERVER-WEBAPP Wordpress DreamworkGallery plugin file upload attempt (server-webapp.rules)
 * 1:53120 <-> DISABLED <-> SERVER-WEBAPP Wordpress DreamworkGallery plugin arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:53121 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit cached page memory corruption attempt (browser-webkit.rules)
 * 1:53122 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit cached page memory corruption attempt (browser-webkit.rules)
 * 1:53140 <-> ENABLED <-> MALWARE-CNC Doc.Downloader.Carrotball variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53123 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit cached page universal cross-site scripting attempt (browser-webkit.rules)
 * 1:53124 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit cached page universal cross-site scripting attempt (browser-webkit.rules)
 * 1:53129 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.Carrotbat variant download attempt (malware-other.rules)
 * 1:53143 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Syscon variant outbound cnc connection attempt (malware-cnc.rules)
 * 1:53130 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (malware-other.rules)
 * 1:53131 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Syscon variant payload download attempt (malware-other.rules)
 * 1:53132 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Syscon variant payload download attempt (malware-other.rules)
 * 1:53133 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (malware-other.rules)
 * 1:53134 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (malware-other.rules)
 * 1:53135 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.Carrotbat variant download attempt (malware-other.rules)
 * 1:53136 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (malware-other.rules)
 * 3:53128 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1007 attack attempt (protocol-scada.rules)
 * 3:53114 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1013 attack attempt (file-pdf.rules)
 * 3:53127 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1007 attack attempt (protocol-scada.rules)
 * 3:53126 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1008 attack attempt (protocol-scada.rules)
 * 3:53125 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1005 attack attempt (protocol-scada.rules)
 * 3:53115 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1013 attack attempt (file-pdf.rules)

Modified Rules:


 * 1:52239 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules)
 * 1:52240 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules)
 * 1:16419 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Data Analyzer 3.5 ActiveX clsid access (browser-plugins.rules)
 * 1:46268 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant payload download attempt (malware-cnc.rules)
 * 1:46270 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant payload download attempt (malware-cnc.rules)