Talos Rules 2020-06-09
Talos is aware of vulnerabilities affecting products from Microsoft Corporation.

Microsoft Vulnerability CVE-2020-1206: A coding deficiency exists in Microsoft SMBv3 client that may lead to information disclosure.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 54217.

Microsoft Vulnerability CVE-2020-1207: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 52213 through 52214.

Microsoft Vulnerability CVE-2020-1213: A coding deficiency exists in Microsoft Windows VBScript that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 54230 through 54231.

Microsoft Vulnerability CVE-2020-1214: A coding deficiency exists in Microsoft Windows VBScript that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 54193 through 54194.

Microsoft Vulnerability CVE-2020-1215: A coding deficiency exists in Microsoft Windows VBScript that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 54191 through 54192.

Microsoft Vulnerability CVE-2020-1216: A coding deficiency exists in Microsoft Windows VBScript that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 54232 through 54233.

Microsoft Vulnerability CVE-2020-1219: A coding deficiency exists in Microsoft Browser that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 54236 through 54237.

Microsoft Vulnerability CVE-2020-1230: A coding deficiency exists in Microsoft Windows VBScript that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 54238 through 54239.

Microsoft Vulnerability CVE-2020-1241: A coding deficiency exists in Microsoft Windows Kernel that may lead to security feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 54249 through 54250.

Microsoft Vulnerability CVE-2020-1247: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 54241 through 54242.

Microsoft Vulnerability CVE-2020-1251: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 54247 through 54248.

Microsoft Vulnerability CVE-2020-1253: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 54215 through 54216.

Microsoft Vulnerability CVE-2020-1260: A coding deficiency exists in Microsoft Windows VBScript that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 54245 through 54246.

Microsoft Vulnerability CVE-2020-1284: A coding deficiency exists in Microsoft SMBv3 client that may lead to denial of service.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 54270 through 54271.

Microsoft Vulnerability CVE-2020-1301: A coding deficiency exists in Microsoft SMBv3 client that may lead to remote code execution.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 54240.

Talos also has added and modified multiple rules in the browser-ie, browser-other, file-image, file-multimedia, file-other, file-pdf, indicator-compromise, indicator-scan, malware-cnc, malware-other, os-windows, server-oracle and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2020-06-09 23:58:59 UTC

Snort Subscriber Rules Update

Date: 2020-06-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54165 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Razy-7997331-0 download attempt (malware-other.rules)
 * 1:54166 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Razy-7997331-0 download attempt (malware-other.rules)
 * 1:54171 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike signed java applet download attempt (malware-other.rules)
 * 1:54170 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike signed java applet execution attempt (malware-other.rules)
 * 1:54169 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike signed java applet execution attempt (malware-other.rules)
 * 1:54168 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-7998106-0 download attempt (malware-other.rules)
 * 1:54167 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-7998106-0 download attempt (malware-other.rules)
 * 1:54176 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Zusy-8002902-0 download attempt (malware-other.rules)
 * 1:54175 <-> DISABLED <-> INDICATOR-COMPROMISE Cobalt Strike default signed applet attack URI (indicator-compromise.rules)
 * 1:54174 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike signed java applet download attempt (malware-other.rules)
 * 1:54173 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike signed java applet download attempt (malware-other.rules)
 * 1:54172 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike signed java applet download attempt (malware-other.rules)
 * 1:54197 <-> DISABLED <-> SERVER-WEBAPP TP-LINK Cloud Cameras NCXXX Bonjour command injection attempt (server-webapp.rules)
 * 1:54196 <-> DISABLED <-> SERVER-WEBAPP TP-LINK Cloud Cameras NCXXX Bonjour command injection attempt (server-webapp.rules)
 * 1:54195 <-> DISABLED <-> SERVER-WEBAPP TP-LINK Cloud Cameras NCXXX Bonjour command injection attempt (server-webapp.rules)
 * 1:54194 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54193 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54192 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54191 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54190 <-> ENABLED <-> FILE-PDF Adobe Reader custom JavaScript field use-after-free attempt (file-pdf.rules)
 * 1:54189 <-> ENABLED <-> FILE-PDF Adobe Reader custom JavaScript field use-after-free attempt (file-pdf.rules)
 * 1:54188 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.RagnarLocker initial download (malware-other.rules)
 * 1:54187 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.RagnarLocker initial download (malware-other.rules)
 * 1:54186 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Samas-7998113-0 download attempt (malware-other.rules)
 * 1:54185 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Samas-7998113-0 download attempt (malware-other.rules)
 * 1:54184 <-> DISABLED <-> SERVER-OTHER lodash defaultsDeep prototype pollution attempt (server-other.rules)
 * 1:54183 <-> DISABLED <-> INDICATOR-COMPROMISE Cobalt Strike default smart applet attack URI (indicator-compromise.rules)
 * 1:54182 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike system profiling attempt (malware-other.rules)
 * 1:54181 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike system profiling attempt (malware-other.rules)
 * 1:54180 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike system profiling attempt (malware-other.rules)
 * 1:54179 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Zusy-8002903-0 download attempt (malware-other.rules)
 * 1:54178 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Zusy-8002903-0 download attempt (malware-other.rules)
 * 1:54177 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Zusy-8002902-0 download attempt (malware-other.rules)
 * 1:54214 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet Web Server unauthenticated information disclosure attempt (server-oracle.rules)
 * 1:54213 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54212 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54211 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54210 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54209 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54208 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54207 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54206 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54205 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54204 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54203 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54202 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54201 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54200 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54199 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54198 <-> DISABLED <-> SERVER-WEBAPP TP-LINK Cloud Cameras NCXXX Bonjour command injection attempt (server-webapp.rules)
 * 1:54221 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Packed.Amg0fxii-8010198-0 download attempt (malware-other.rules)
 * 1:54220 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Packed.Amg0fxii-8010198-0 download attempt (malware-other.rules)
 * 1:54219 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-8009335-0 download attempt (malware-other.rules)
 * 1:54218 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-8009335-0 download attempt (malware-other.rules)
 * 1:54217 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB srv2.sys information disclosure attempt (os-windows.rules)
 * 1:54216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k type confusion attempt (os-windows.rules)
 * 1:54215 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k type confusion attempt (os-windows.rules)
 * 1:54225 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet admin panel image injection CSRF attempt (server-oracle.rules)
 * 1:54224 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet admin panel image injection attempt (server-oracle.rules)
 * 1:54223 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet admin panel image injection CSRF attempt (server-oracle.rules)
 * 1:54222 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet admin panel image injection attempt (server-oracle.rules)
 * 1:54232 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript memory corruption attempt (browser-ie.rules)
 * 1:54226 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ngrbot-8010339-0 download attempt (malware-other.rules)
 * 1:54231 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules)
 * 1:54230 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules)
 * 1:54229 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8010482-0 download attempt (malware-other.rules)
 * 1:54228 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8010482-0 download attempt (malware-other.rules)
 * 1:54227 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ngrbot-8010339-0 download attempt (malware-other.rules)
 * 1:54237 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54236 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54235 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS cross site scripting attempt (server-webapp.rules)
 * 1:54234 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS cross site scripting attempt (server-webapp.rules)
 * 1:54233 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript memory corruption attempt (browser-ie.rules)
 * 1:54238 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54244 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Media Foundation getKeyForIndex out-of-bounds read attempt (file-multimedia.rules)
 * 1:54243 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Media Foundation getKeyForIndex out-of-bounds read attempt (file-multimedia.rules)
 * 1:54242 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateDIBitmap privilege escalation attempt (os-windows.rules)
 * 1:54241 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateDIBitmap privilege escalation attempt (os-windows.rules)
 * 1:54240 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMBv1 remote code execution attempt (os-windows.rules)
 * 1:54239 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54248 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys remote code execution attempt (os-windows.rules)
 * 1:54247 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys remote code execution attempt (os-windows.rules)
 * 1:54246 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54245 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54250 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel security feature bypass attempt (os-windows.rules)
 * 1:54249 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel security feature bypass attempt (os-windows.rules)
 * 1:54270 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB chained compression out of bounds read attempt (os-windows.rules)
 * 1:54271 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB chained compression out of bounds read attempt (os-windows.rules)
 * 1:54275 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-8010924-0 download attempt (malware-other.rules)
 * 1:54274 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-8010924-0 download attempt (malware-other.rules)
 * 1:54273 <-> DISABLED <-> SERVER-WEBAPP Centreon Monitoring tool command injection attempt (server-webapp.rules)
 * 1:54272 <-> DISABLED <-> SERVER-WEBAPP Centreon Monitoring tool command injection attempt (server-webapp.rules)
 * 1:54278 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-8011051-0 download attempt (malware-other.rules)
 * 1:54277 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-8011051-0 download attempt (malware-other.rules)
 * 1:54276 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif malicious outbound connection attempt - gravity generated detection (malware-other.rules)
 * 1:54280 <-> ENABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules)
 * 1:54279 <-> ENABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules)
 * 1:54281 <-> ENABLED <-> INDICATOR-SCAN CallStranger UPnP discovery attempt (indicator-scan.rules)
 * 3:54254 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1082 attack attempt (server-webapp.rules)
 * 3:54251 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1080 attack attempt (server-webapp.rules)
 * 3:54252 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1080 attack attempt (server-webapp.rules)
 * 3:54253 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1080 attack attempt (server-webapp.rules)
 * 3:54255 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1082 attack attempt (server-webapp.rules)
 * 3:54256 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1082 attack attempt (server-webapp.rules)
 * 3:54257 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1083 attack attempt (server-webapp.rules)
 * 3:54258 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1083 attack attempt (server-webapp.rules)
 * 3:54259 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1078 attack attempt (server-webapp.rules)
 * 3:54260 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1078 attack attempt (server-webapp.rules)
 * 3:54261 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1078 attack attempt (server-webapp.rules)
 * 3:54262 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1079 attack attempt (server-webapp.rules)
 * 3:54263 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1079 attack attempt (server-webapp.rules)
 * 3:54264 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1079 attack attempt (server-webapp.rules)
 * 3:54265 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1088 attack attempt (browser-other.rules)
 * 3:54266 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1088 attack attempt (browser-other.rules)
 * 3:54267 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1081 attack attempt (server-webapp.rules)
 * 3:54268 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1081 attack attempt (server-webapp.rules)
 * 3:54269 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1081 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:48220 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro JPEG Huffman table memory corruption attempt (file-image.rules)
 * 1:48219 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro JPEG Huffman table memory corruption attempt (file-image.rules)
 * 1:48218 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader U3D engine memory corruption attempt (file-other.rules)
 * 1:48217 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader U3D engine memory corruption attempt (file-other.rules)
 * 1:48135 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (file-image.rules)
 * 1:48134 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (file-image.rules)
 * 1:48125 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (file-other.rules)
 * 1:48124 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (file-other.rules)
 * 1:48108 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (file-other.rules)
 * 1:48107 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (file-other.rules)
 * 1:54014 <-> ENABLED <-> MALWARE-CNC Win.Malware.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:53975 <-> DISABLED <-> INDICATOR-COMPROMISE Cobalt Strike multiple large DNS TXT query responses (indicator-compromise.rules)
 * 1:53972 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike beacon.dll DNS download attempt (malware-other.rules)
 * 1:53970 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user and group creation command injection attempt (server-webapp.rules)
 * 1:53969 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user and group creation command injection attempt (server-webapp.rules)
 * 1:53968 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user and group creation command injection attempt (server-webapp.rules)
 * 1:53967 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user and group creation command injection attempt (server-webapp.rules)
 * 1:46709 <-> ENABLED <-> FILE-OTHER Adobe Professional EMF embedded image heap overflow attempt (file-other.rules)
 * 1:46668 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:47932 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D Engine untrusted pointer dereference attempt (file-image.rules)
 * 1:47927 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (file-other.rules)
 * 1:47926 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (file-other.rules)
 * 1:47951 <-> DISABLED <-> FILE-OTHER Adobe Distiller PostScript conversion heap overflow attempt (file-other.rules)
 * 1:47950 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47949 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47944 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Distiller PostScript stack overflow attempt (file-image.rules)
 * 1:47943 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Distiller PostScript stack overflow attempt (file-image.rules)
 * 1:47942 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS heap overflow attempt (file-image.rules)
 * 1:47126 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:47941 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS heap overflow attempt (file-image.rules)
 * 1:46667 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:47952 <-> DISABLED <-> FILE-OTHER Adobe Distiller PostScript conversion heap overflow attempt (file-other.rules)
 * 1:47963 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules)
 * 1:47958 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawDriverString malformed GlyphCount value integer overflow attempt (file-other.rules)
 * 1:47957 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawDriverString malformed GlyphCount value integer overflow attempt (file-other.rules)
 * 1:47956 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:47955 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:47954 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:47953 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:47962 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out of bounds write attempt (file-other.rules)
 * 1:47961 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out of bounds write attempt (file-other.rules)
 * 1:47960 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (file-other.rules)
 * 1:47959 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (file-other.rules)
 * 1:47994 <-> ENABLED <-> FILE-OTHER Acrobat Adobe Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47993 <-> ENABLED <-> FILE-OTHER Acrobat Adobe Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47992 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF engine type confusion attempt (file-image.rules)
 * 1:47991 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF engine type confusion attempt (file-image.rules)
 * 1:47990 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:47989 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:47988 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules)
 * 1:47987 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules)
 * 1:47986 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds write attempt (file-other.rules)
 * 1:47985 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds write attempt (file-other.rules)
 * 1:47984 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out-of-bounds read attempt (file-other.rules)
 * 1:47983 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out-of-bounds read attempt (file-other.rules)
 * 1:47982 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47981 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47980 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47979 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47976 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF memory corruption attempt (file-other.rules)
 * 1:47975 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF memory corruption attempt (file-other.rules)
 * 1:47972 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47971 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47964 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules)
 * 1:48032 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:48031 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:48017 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-image.rules)
 * 1:48016 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-image.rules)
 * 1:48014 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)
 * 1:48013 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)
 * 1:48012 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)
 * 1:48011 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)
 * 1:48010 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro integer overflow attempt (file-image.rules)
 * 1:48009 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro integer overflow attempt (file-image.rules)
 * 1:48003 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D engine untrusted pointer dereference attempt (file-image.rules)
 * 1:48002 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D engine untrusted pointer dereference attempt (file-image.rules)
 * 1:47998 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds read attempt (file-image.rules)
 * 1:47997 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds read attempt (file-image.rules)
 * 1:47996 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds write attempt (file-image.rules)
 * 1:47995 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds write attempt (file-image.rules)
 * 1:48074 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds read attempt (file-other.rules)
 * 1:48040 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules)
 * 1:48039 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules)
 * 1:48034 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file use-after-free attempt (file-other.rules)
 * 1:48033 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file use-after-free attempt (file-other.rules)
 * 1:48075 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds read attempt (file-other.rules)
 * 1:52214 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (os-windows.rules)
 * 1:52213 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (os-windows.rules)
 * 1:48642 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF out of bounds read attempt (file-other.rules)
 * 1:48605 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:48604 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:48292 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawString out of bounds read attempt (file-other.rules)
 * 1:48291 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawString out of bounds read attempt (file-other.rules)
 * 1:48290 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawString out of bounds read attempt (file-other.rules)
 * 1:48289 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawString out of bounds read attempt (file-other.rules)
 * 1:48243 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-other.rules)
 * 1:48242 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-other.rules)
 * 1:46710 <-> ENABLED <-> FILE-OTHER Adobe Professional EMF embedded image heap overflow attempt (file-other.rules)
 * 1:46876 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object out of bounds read attempt (file-image.rules)
 * 1:46875 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object out of bounds read attempt (file-image.rules)
 * 1:46813 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds read attempt (file-other.rules)
 * 1:46812 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds read attempt (file-other.rules)
 * 1:46798 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:46797 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:46734 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds read attempt (file-other.rules)
 * 1:46733 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds read attempt (file-other.rules)
 * 1:46728 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF embedded GIF LZW compression out of bound read attempt (file-other.rules)
 * 1:46727 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF embedded GIF LZW compression out of bound read attempt (file-other.rules)
 * 1:46726 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG out of bounds read attempt (file-image.rules)
 * 1:46725 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG out of bounds read attempt (file-image.rules)
 * 1:46720 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object heap overflow attempt (file-image.rules)
 * 1:46719 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object heap overflow attempt (file-image.rules)
 * 1:46718 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object heap overflow attempt (file-image.rules)
 * 1:46717 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object heap overflow attempt (file-image.rules)
 * 1:46960 <-> DISABLED <-> FILE-OTHER Adobe Flash Player AMF0 Shared Object integer overflow attempt (file-other.rules)
 * 1:47125 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:47124 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:47123 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:47060 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-image.rules)
 * 1:47059 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-image.rules)
 * 1:47130 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL heap overflow attempt (file-image.rules)
 * 1:47139 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out-of-bounds read attempt (file-other.rules)
 * 1:47181 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file uninitialized pointer dereference attempt (file-other.rules)
 * 1:47154 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:47153 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:47144 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)
 * 1:47143 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)
 * 1:47140 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out-of-bounds read attempt (file-other.rules)
 * 1:47180 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF invalid EmfPlusFillRects out-of-bounds read attempt (file-other.rules)
 * 1:47179 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF invalid EmfPlusFillRects out-of-bounds read attempt (file-other.rules)
 * 1:47158 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jp2 out-of-bounds read attempt (file-image.rules)
 * 1:47157 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jp2 out-of-bounds read attempt (file-image.rules)
 * 1:47182 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file uninitialized pointer dereference attempt (file-other.rules)
 * 1:47183 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusFillRects type confusion attempt (file-other.rules)
 * 1:47184 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusFillRects type confusion attempt (file-other.rules)
 * 1:47193 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF use-after-free attempt (file-other.rules)
 * 1:47195 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47194 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF use-after-free attempt (file-other.rules)
 * 1:41946 <-> DISABLED <-> FILE-IMAGE Microsoft GDI+ malformed EMF description out of bounds read attempt (file-image.rules)
 * 1:41947 <-> DISABLED <-> FILE-IMAGE GDI+ malformed EMF description out of bounds read attempt (file-image.rules)
 * 1:43903 <-> DISABLED <-> FILE-IMAGE Adobe Reader EMF EMR_STROKEPATH memory corruption attempt (file-image.rules)
 * 1:47196 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:43973 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF comment memory corruption attempt (file-other.rules)
 * 1:43974 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF comment memory corruption attempt (file-other.rules)
 * 1:44023 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:43608 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)
 * 1:43609 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)
 * 1:43902 <-> DISABLED <-> FILE-IMAGE Adobe Reader EMF EMR_STROKEPATH memory corruption attempt (file-image.rules)
 * 1:44122 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record memory corruption attempt (file-other.rules)
 * 1:44059 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:47197 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:44060 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44121 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record memory corruption attempt (file-other.rules)
 * 1:47198 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:45910 <-> DISABLED <-> MALWARE-CNC Cobalt Strike outbound beacon command result (malware-cnc.rules)
 * 1:44024 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:46643 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF compression out of bounds write attempt (file-other.rules)
 * 1:46644 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF compression out of bounds write attempt (file-other.rules)
 * 1:46648 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF EmfPlusDrawBeziers buffer over-read attempt (file-other.rules)
 * 1:47208 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:46651 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro PDX malformed index out of bounds memory read attempt (file-other.rules)
 * 1:46652 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro PDX malformed index out of bounds memory read attempt (file-other.rules)
 * 1:46647 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF EmfPlusDrawBeziers buffer over-read attempt (file-other.rules)
 * 1:46655 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS2PDF conversion buffer over-read attempt (file-other.rules)
 * 1:46656 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS2PDF conversion buffer over-read attempt (file-other.rules)
 * 1:47209 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:46659 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader jp2 double free attempt (file-other.rules)
 * 1:47210 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EmfPlusDrawImagePoints heap overflow attempt (file-image.rules)
 * 1:46660 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader jp2 double free attempt (file-other.rules)
 * 1:46669 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46672 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46671 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46670 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46673 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46674 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46690 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro path rendertransform out of bound write attempt (file-other.rules)
 * 1:46689 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS out-of-bounds read attempt (file-image.rules)
 * 1:46688 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS out-of-bounds read attempt (file-image.rules)
 * 1:46691 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro path rendertransform out of bound write attempt (file-other.rules)
 * 1:46693 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawCurve out of bounds read attempt (file-image.rules)
 * 1:46692 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawCurve out of bounds read attempt (file-image.rules)
 * 1:46694 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF embedded GIF memory corruption attempt (file-other.rules)
 * 1:46695 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF embedded GIF memory corruption attempt (file-other.rules)
 * 1:46698 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF embedded DIB out of bound read attempt (file-other.rules)
 * 1:46699 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF embedded DIB out of bound read attempt (file-other.rules)
 * 1:46707 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF malformed EmfPlusPointF object buffer overflow attempt (file-other.rules)
 * 1:46704 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_STRETCHDIBITS size out of bounds read attempt (file-other.rules)
 * 1:46703 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_STRETCHDIBITS size out of bounds read attempt (file-other.rules)
 * 1:46702 <-> DISABLED <-> FILE-IMAGE Adobe Acrboat EMF invalid EMR_STRETCHDIBITS record out-of-bounds read attempt (file-image.rules)
 * 1:46701 <-> DISABLED <-> FILE-IMAGE Adobe Acrboat EMF invalid EMR_STRETCHDIBITS record out-of-bounds read attempt (file-image.rules)
 * 1:47332 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds write attempt (file-other.rules)
 * 1:46708 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF malformed EmfPlusPointF object buffer overflow attempt (file-other.rules)
 * 1:47277 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:47276 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:47275 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47274 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47269 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47268 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47267 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47266 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47252 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:47251 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:47250 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47249 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47248 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro crafted GIF file out-of-bounds read attempt (file-image.rules)
 * 1:47247 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro crafted GIF file out-of-bounds read attempt (file-image.rules)
 * 1:47238 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47237 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47233 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47232 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47218 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS heap overflow attempt (file-other.rules)
 * 1:47217 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS heap overflow attempt (file-other.rules)
 * 1:47211 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EmfPlusDrawImagePoints heap overflow attempt (file-image.rules)
 * 1:47331 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47330 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47329 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47328 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47315 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL out of bounds read attempt (file-image.rules)
 * 1:47314 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL out of bounds read attempt (file-image.rules)
 * 1:47313 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47312 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47309 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF RegionNodeCount out-of-bounds write attempt (file-other.rules)
 * 1:47308 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF RegionNodeCount out-of-bounds write attempt (file-other.rules)
 * 1:47307 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Distiller PostScript pdfmark out-of-bounds write attempt (file-other.rules)
 * 1:47306 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Distiller PostScript pdfmark out-of-bounds write attempt (file-other.rules)
 * 1:47284 <-> DISABLED <-> FILE-OTHER Adobe Reader HTML to PDF conversion getMatchedCSSRules use-after-free attempt (file-other.rules)
 * 1:47283 <-> DISABLED <-> FILE-OTHER Adobe Reader HTML to PDF conversion getMatchedCSSRules use-after-free attempt (file-other.rules)
 * 1:47280 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47279 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47333 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds write attempt (file-other.rules)
 * 1:47343 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47344 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47351 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:47350 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:47346 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_CREATEDIBPATTERNBRUSHPT record buffer overflow attempt (file-other.rules)
 * 1:47345 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_CREATEDIBPATTERNBRUSHPT record buffer overflow attempt (file-other.rules)
 * 1:47357 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47356 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47353 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:47352 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:47362 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47361 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47360 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47359 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47370 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds memory access attempt (file-other.rules)
 * 1:47369 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds memory access attempt (file-other.rules)
 * 1:47368 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro PSD malformed image data out-of-bounds write attempt (file-image.rules)
 * 1:47367 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro PSD malformed image data out-of-bounds write attempt (file-image.rules)
 * 1:47397 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JPEG quantization table out-of-bounds write attempt (file-image.rules)
 * 1:47396 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JPEG quantization table out-of-bounds write attempt (file-image.rules)
 * 1:47385 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:47384 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:47383 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro use after free attempt (file-image.rules)
 * 1:47382 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro use after free attempt (file-image.rules)
 * 1:47682 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusRegionNodePath out of bounds read attempt (file-other.rules)
 * 1:47631 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro untrusted pointer dereference attempt (file-other.rules)
 * 1:47630 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro untrusted pointer dereference attempt (file-other.rules)
 * 1:47626 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader EMF path record out-of-bounds read attempt (file-other.rules)
 * 1:47625 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader EMF path record out-of-bounds read attempt (file-other.rules)
 * 1:47683 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusRegionNodePath out of bounds read attempt (file-other.rules)
 * 1:47852 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro HTML invalid pointer offset out-of-bounds read attempt (file-other.rules)
 * 1:47129 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL heap overflow attempt (file-image.rules)
 * 1:47839 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SGI RGB run-length encoding out of bounds read attempt (file-image.rules)
 * 1:47838 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SGI RGB run-length encoding out of bounds read attempt (file-image.rules)
 * 1:47828 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawImagePoints out of bounds read attempt (file-image.rules)
 * 1:47827 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawImagePoints out of bounds read attempt (file-image.rules)
 * 1:47857 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file object out of bounds write attempt (file-image.rules)
 * 1:47856 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file object out of bounds write attempt (file-image.rules)
 * 1:47855 <-> DISABLED <-> FILE-OTHER Adobe Acrobat HTML invalid pointer out-of-bounds read attempt (file-other.rules)
 * 1:47854 <-> DISABLED <-> FILE-OTHER Adobe Acrobat HTML invalid pointer out-of-bounds read attempt (file-other.rules)
 * 1:47853 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro HTML invalid pointer offset out-of-bounds read attempt (file-other.rules)
 * 1:47875 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF ALPHABLEND heap overflow attempt (file-image.rules)
 * 1:47874 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF ALPHABLEND heap overflow attempt (file-image.rules)
 * 1:47883 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF image conversion memory corruption attempt (file-other.rules)
 * 1:47908 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules)
 * 1:47907 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules)
 * 1:47892 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object out of bounds read attempt (file-image.rules)
 * 1:47891 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object out of bounds read attempt (file-image.rules)
 * 1:47884 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF image conversion memory corruption attempt (file-other.rules)
 * 1:47910 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules)
 * 1:47909 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules)
 * 1:47911 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader EMF file JPEG Huffman table heap overflow attempt (file-image.rules)
 * 1:47912 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader EMF file JPEG Huffman table heap overflow attempt (file-image.rules)
 * 1:47940 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF+ GIF parsing out of bounds read attempt (file-image.rules)
 * 1:47939 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF+ GIF parsing out of bounds read attempt (file-image.rules)
 * 1:47933 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D Engine untrusted pointer dereference attempt (file-image.rules)

2020-06-09 23:58:59 UTC

Snort Subscriber Rules Update

Date: 2020-06-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54217 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB srv2.sys information disclosure attempt (os-windows.rules)
 * 1:54218 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-8009335-0 download attempt (malware-other.rules)
 * 1:54219 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-8009335-0 download attempt (malware-other.rules)
 * 1:54220 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Packed.Amg0fxii-8010198-0 download attempt (malware-other.rules)
 * 1:54221 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Packed.Amg0fxii-8010198-0 download attempt (malware-other.rules)
 * 1:54222 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet admin panel image injection attempt (server-oracle.rules)
 * 1:54223 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet admin panel image injection CSRF attempt (server-oracle.rules)
 * 1:54224 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet admin panel image injection attempt (server-oracle.rules)
 * 1:54214 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet Web Server unauthenticated information disclosure attempt (server-oracle.rules)
 * 1:54174 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike signed java applet download attempt (malware-other.rules)
 * 1:54194 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54193 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54192 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54215 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k type confusion attempt (os-windows.rules)
 * 1:54197 <-> DISABLED <-> SERVER-WEBAPP TP-LINK Cloud Cameras NCXXX Bonjour command injection attempt (server-webapp.rules)
 * 1:54167 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-7998106-0 download attempt (malware-other.rules)
 * 1:54212 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54199 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54206 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54190 <-> ENABLED <-> FILE-PDF Adobe Reader custom JavaScript field use-after-free attempt (file-pdf.rules)
 * 1:54168 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-7998106-0 download attempt (malware-other.rules)
 * 1:54184 <-> DISABLED <-> SERVER-OTHER lodash defaultsDeep prototype pollution attempt (server-other.rules)
 * 1:54171 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike signed java applet download attempt (malware-other.rules)
 * 1:54213 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54209 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54207 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54208 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54181 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike system profiling attempt (malware-other.rules)
 * 1:54210 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54186 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Samas-7998113-0 download attempt (malware-other.rules)
 * 1:54179 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Zusy-8002903-0 download attempt (malware-other.rules)
 * 1:54175 <-> DISABLED <-> INDICATOR-COMPROMISE Cobalt Strike default signed applet attack URI (indicator-compromise.rules)
 * 1:54172 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike signed java applet download attempt (malware-other.rules)
 * 1:54177 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Zusy-8002902-0 download attempt (malware-other.rules)
 * 1:54178 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Zusy-8002903-0 download attempt (malware-other.rules)
 * 1:54176 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Zusy-8002902-0 download attempt (malware-other.rules)
 * 1:54183 <-> DISABLED <-> INDICATOR-COMPROMISE Cobalt Strike default smart applet attack URI (indicator-compromise.rules)
 * 1:54191 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54173 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike signed java applet download attempt (malware-other.rules)
 * 1:54180 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike system profiling attempt (malware-other.rules)
 * 1:54170 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike signed java applet execution attempt (malware-other.rules)
 * 1:54189 <-> ENABLED <-> FILE-PDF Adobe Reader custom JavaScript field use-after-free attempt (file-pdf.rules)
 * 1:54169 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike signed java applet execution attempt (malware-other.rules)
 * 1:54182 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike system profiling attempt (malware-other.rules)
 * 1:54185 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Samas-7998113-0 download attempt (malware-other.rules)
 * 1:54188 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.RagnarLocker initial download (malware-other.rules)
 * 1:54187 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.RagnarLocker initial download (malware-other.rules)
 * 1:54165 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Razy-7997331-0 download attempt (malware-other.rules)
 * 1:54225 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet admin panel image injection CSRF attempt (server-oracle.rules)
 * 1:54226 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ngrbot-8010339-0 download attempt (malware-other.rules)
 * 1:54227 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ngrbot-8010339-0 download attempt (malware-other.rules)
 * 1:54228 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8010482-0 download attempt (malware-other.rules)
 * 1:54229 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8010482-0 download attempt (malware-other.rules)
 * 1:54230 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules)
 * 1:54231 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules)
 * 1:54232 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript memory corruption attempt (browser-ie.rules)
 * 1:54233 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript memory corruption attempt (browser-ie.rules)
 * 1:54234 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS cross site scripting attempt (server-webapp.rules)
 * 1:54235 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS cross site scripting attempt (server-webapp.rules)
 * 1:54236 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54237 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54238 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54239 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54166 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Razy-7997331-0 download attempt (malware-other.rules)
 * 1:54203 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54205 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54240 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMBv1 remote code execution attempt (os-windows.rules)
 * 1:54198 <-> DISABLED <-> SERVER-WEBAPP TP-LINK Cloud Cameras NCXXX Bonjour command injection attempt (server-webapp.rules)
 * 1:54196 <-> DISABLED <-> SERVER-WEBAPP TP-LINK Cloud Cameras NCXXX Bonjour command injection attempt (server-webapp.rules)
 * 1:54200 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54195 <-> DISABLED <-> SERVER-WEBAPP TP-LINK Cloud Cameras NCXXX Bonjour command injection attempt (server-webapp.rules)
 * 1:54241 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateDIBitmap privilege escalation attempt (os-windows.rules)
 * 1:54242 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateDIBitmap privilege escalation attempt (os-windows.rules)
 * 1:54243 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Media Foundation getKeyForIndex out-of-bounds read attempt (file-multimedia.rules)
 * 1:54244 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Media Foundation getKeyForIndex out-of-bounds read attempt (file-multimedia.rules)
 * 1:54245 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54246 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54247 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys remote code execution attempt (os-windows.rules)
 * 1:54248 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys remote code execution attempt (os-windows.rules)
 * 1:54249 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel security feature bypass attempt (os-windows.rules)
 * 1:54250 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel security feature bypass attempt (os-windows.rules)
 * 1:54270 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB chained compression out of bounds read attempt (os-windows.rules)
 * 1:54271 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB chained compression out of bounds read attempt (os-windows.rules)
 * 1:54272 <-> DISABLED <-> SERVER-WEBAPP Centreon Monitoring tool command injection attempt (server-webapp.rules)
 * 1:54273 <-> DISABLED <-> SERVER-WEBAPP Centreon Monitoring tool command injection attempt (server-webapp.rules)
 * 1:54274 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-8010924-0 download attempt (malware-other.rules)
 * 1:54275 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-8010924-0 download attempt (malware-other.rules)
 * 1:54276 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif malicious outbound connection attempt - gravity generated detection (malware-other.rules)
 * 1:54277 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-8011051-0 download attempt (malware-other.rules)
 * 1:54278 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-8011051-0 download attempt (malware-other.rules)
 * 1:54279 <-> ENABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules)
 * 1:54280 <-> ENABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules)
 * 1:54281 <-> ENABLED <-> INDICATOR-SCAN CallStranger UPnP discovery attempt (indicator-scan.rules)
 * 1:54211 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54202 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54201 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k type confusion attempt (os-windows.rules)
 * 1:54204 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 3:54251 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1080 attack attempt (server-webapp.rules)
 * 3:54252 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1080 attack attempt (server-webapp.rules)
 * 3:54253 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1080 attack attempt (server-webapp.rules)
 * 3:54259 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1078 attack attempt (server-webapp.rules)
 * 3:54257 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1083 attack attempt (server-webapp.rules)
 * 3:54261 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1078 attack attempt (server-webapp.rules)
 * 3:54264 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1079 attack attempt (server-webapp.rules)
 * 3:54265 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1088 attack attempt (browser-other.rules)
 * 3:54256 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1082 attack attempt (server-webapp.rules)
 * 3:54258 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1083 attack attempt (server-webapp.rules)
 * 3:54262 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1079 attack attempt (server-webapp.rules)
 * 3:54268 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1081 attack attempt (server-webapp.rules)
 * 3:54269 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1081 attack attempt (server-webapp.rules)
 * 3:54267 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1081 attack attempt (server-webapp.rules)
 * 3:54266 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1088 attack attempt (browser-other.rules)
 * 3:54254 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1082 attack attempt (server-webapp.rules)
 * 3:54260 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1078 attack attempt (server-webapp.rules)
 * 3:54263 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1079 attack attempt (server-webapp.rules)
 * 3:54255 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1082 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:47183 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusFillRects type confusion attempt (file-other.rules)
 * 1:47184 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusFillRects type confusion attempt (file-other.rules)
 * 1:47982 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47981 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47980 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47979 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47976 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF memory corruption attempt (file-other.rules)
 * 1:47975 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF memory corruption attempt (file-other.rules)
 * 1:47972 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47971 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47964 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules)
 * 1:47984 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out-of-bounds read attempt (file-other.rules)
 * 1:47983 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out-of-bounds read attempt (file-other.rules)
 * 1:47985 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds write attempt (file-other.rules)
 * 1:47986 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds write attempt (file-other.rules)
 * 1:47987 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules)
 * 1:47988 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules)
 * 1:47989 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:47990 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:47991 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF engine type confusion attempt (file-image.rules)
 * 1:47993 <-> ENABLED <-> FILE-OTHER Acrobat Adobe Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47992 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF engine type confusion attempt (file-image.rules)
 * 1:47994 <-> ENABLED <-> FILE-OTHER Acrobat Adobe Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47998 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds read attempt (file-image.rules)
 * 1:47996 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds write attempt (file-image.rules)
 * 1:47995 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds write attempt (file-image.rules)
 * 1:47997 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds read attempt (file-image.rules)
 * 1:48011 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)
 * 1:48010 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro integer overflow attempt (file-image.rules)
 * 1:48009 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro integer overflow attempt (file-image.rules)
 * 1:48003 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D engine untrusted pointer dereference attempt (file-image.rules)
 * 1:48002 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D engine untrusted pointer dereference attempt (file-image.rules)
 * 1:48012 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)
 * 1:48031 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:48017 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-image.rules)
 * 1:48016 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-image.rules)
 * 1:48014 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)
 * 1:48013 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)
 * 1:48032 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:48033 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file use-after-free attempt (file-other.rules)
 * 1:48039 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules)
 * 1:48034 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file use-after-free attempt (file-other.rules)
 * 1:48074 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds read attempt (file-other.rules)
 * 1:48040 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules)
 * 1:48075 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds read attempt (file-other.rules)
 * 1:48135 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (file-image.rules)
 * 1:48134 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (file-image.rules)
 * 1:48125 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (file-other.rules)
 * 1:48124 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (file-other.rules)
 * 1:48108 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (file-other.rules)
 * 1:48107 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (file-other.rules)
 * 1:48220 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro JPEG Huffman table memory corruption attempt (file-image.rules)
 * 1:48219 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro JPEG Huffman table memory corruption attempt (file-image.rules)
 * 1:48218 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader U3D engine memory corruption attempt (file-other.rules)
 * 1:48217 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader U3D engine memory corruption attempt (file-other.rules)
 * 1:48242 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-other.rules)
 * 1:48243 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-other.rules)
 * 1:48290 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawString out of bounds read attempt (file-other.rules)
 * 1:48289 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawString out of bounds read attempt (file-other.rules)
 * 1:48291 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawString out of bounds read attempt (file-other.rules)
 * 1:54014 <-> ENABLED <-> MALWARE-CNC Win.Malware.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:53975 <-> DISABLED <-> INDICATOR-COMPROMISE Cobalt Strike multiple large DNS TXT query responses (indicator-compromise.rules)
 * 1:53972 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike beacon.dll DNS download attempt (malware-other.rules)
 * 1:53970 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user and group creation command injection attempt (server-webapp.rules)
 * 1:53969 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user and group creation command injection attempt (server-webapp.rules)
 * 1:53968 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user and group creation command injection attempt (server-webapp.rules)
 * 1:53967 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user and group creation command injection attempt (server-webapp.rules)
 * 1:52214 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (os-windows.rules)
 * 1:52213 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (os-windows.rules)
 * 1:48642 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF out of bounds read attempt (file-other.rules)
 * 1:48605 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:48604 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:48292 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawString out of bounds read attempt (file-other.rules)
 * 1:47157 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jp2 out-of-bounds read attempt (file-image.rules)
 * 1:47962 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out of bounds write attempt (file-other.rules)
 * 1:47181 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file uninitialized pointer dereference attempt (file-other.rules)
 * 1:47182 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file uninitialized pointer dereference attempt (file-other.rules)
 * 1:47179 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF invalid EmfPlusFillRects out-of-bounds read attempt (file-other.rules)
 * 1:47180 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF invalid EmfPlusFillRects out-of-bounds read attempt (file-other.rules)
 * 1:47144 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)
 * 1:47153 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:47154 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:47139 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out-of-bounds read attempt (file-other.rules)
 * 1:47140 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out-of-bounds read attempt (file-other.rules)
 * 1:47143 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)
 * 1:47125 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:46718 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object heap overflow attempt (file-image.rules)
 * 1:46725 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG out of bounds read attempt (file-image.rules)
 * 1:47126 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:46876 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object out of bounds read attempt (file-image.rules)
 * 1:46728 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF embedded GIF LZW compression out of bound read attempt (file-other.rules)
 * 1:46734 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds read attempt (file-other.rules)
 * 1:47123 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:46668 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46875 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object out of bounds read attempt (file-image.rules)
 * 1:46726 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG out of bounds read attempt (file-image.rules)
 * 1:46812 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds read attempt (file-other.rules)
 * 1:46733 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds read attempt (file-other.rules)
 * 1:47124 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:46720 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object heap overflow attempt (file-image.rules)
 * 1:47059 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-image.rules)
 * 1:46813 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds read attempt (file-other.rules)
 * 1:46717 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object heap overflow attempt (file-image.rules)
 * 1:46727 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF embedded GIF LZW compression out of bound read attempt (file-other.rules)
 * 1:46797 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:46798 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:47060 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-image.rules)
 * 1:46710 <-> ENABLED <-> FILE-OTHER Adobe Professional EMF embedded image heap overflow attempt (file-other.rules)
 * 1:46719 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object heap overflow attempt (file-image.rules)
 * 1:46960 <-> DISABLED <-> FILE-OTHER Adobe Flash Player AMF0 Shared Object integer overflow attempt (file-other.rules)
 * 1:46672 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46669 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:47940 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF+ GIF parsing out of bounds read attempt (file-image.rules)
 * 1:47941 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS heap overflow attempt (file-image.rules)
 * 1:47933 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D Engine untrusted pointer dereference attempt (file-image.rules)
 * 1:47939 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF+ GIF parsing out of bounds read attempt (file-image.rules)
 * 1:47927 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (file-other.rules)
 * 1:47932 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D Engine untrusted pointer dereference attempt (file-image.rules)
 * 1:47912 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader EMF file JPEG Huffman table heap overflow attempt (file-image.rules)
 * 1:47926 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (file-other.rules)
 * 1:47910 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules)
 * 1:47911 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader EMF file JPEG Huffman table heap overflow attempt (file-image.rules)
 * 1:47908 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules)
 * 1:47909 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules)
 * 1:47907 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules)
 * 1:47892 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object out of bounds read attempt (file-image.rules)
 * 1:47884 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF image conversion memory corruption attempt (file-other.rules)
 * 1:47891 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object out of bounds read attempt (file-image.rules)
 * 1:47875 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF ALPHABLEND heap overflow attempt (file-image.rules)
 * 1:47883 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF image conversion memory corruption attempt (file-other.rules)
 * 1:47855 <-> DISABLED <-> FILE-OTHER Adobe Acrobat HTML invalid pointer out-of-bounds read attempt (file-other.rules)
 * 1:47874 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF ALPHABLEND heap overflow attempt (file-image.rules)
 * 1:47857 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file object out of bounds write attempt (file-image.rules)
 * 1:47856 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file object out of bounds write attempt (file-image.rules)
 * 1:47853 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro HTML invalid pointer offset out-of-bounds read attempt (file-other.rules)
 * 1:47854 <-> DISABLED <-> FILE-OTHER Adobe Acrobat HTML invalid pointer out-of-bounds read attempt (file-other.rules)
 * 1:46667 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:47284 <-> DISABLED <-> FILE-OTHER Adobe Reader HTML to PDF conversion getMatchedCSSRules use-after-free attempt (file-other.rules)
 * 1:47193 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF use-after-free attempt (file-other.rules)
 * 1:47194 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF use-after-free attempt (file-other.rules)
 * 1:47195 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47196 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47158 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jp2 out-of-bounds read attempt (file-image.rules)
 * 1:47356 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:41946 <-> DISABLED <-> FILE-IMAGE Microsoft GDI+ malformed EMF description out of bounds read attempt (file-image.rules)
 * 1:47197 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:41947 <-> DISABLED <-> FILE-IMAGE GDI+ malformed EMF description out of bounds read attempt (file-image.rules)
 * 1:43608 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)
 * 1:43609 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)
 * 1:43902 <-> DISABLED <-> FILE-IMAGE Adobe Reader EMF EMR_STROKEPATH memory corruption attempt (file-image.rules)
 * 1:47198 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:43903 <-> DISABLED <-> FILE-IMAGE Adobe Reader EMF EMR_STROKEPATH memory corruption attempt (file-image.rules)
 * 1:43973 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF comment memory corruption attempt (file-other.rules)
 * 1:43974 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF comment memory corruption attempt (file-other.rules)
 * 1:44023 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:47208 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:44024 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44059 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44060 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44121 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record memory corruption attempt (file-other.rules)
 * 1:47209 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:44122 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record memory corruption attempt (file-other.rules)
 * 1:45910 <-> DISABLED <-> MALWARE-CNC Cobalt Strike outbound beacon command result (malware-cnc.rules)
 * 1:46643 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF compression out of bounds write attempt (file-other.rules)
 * 1:46644 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF compression out of bounds write attempt (file-other.rules)
 * 1:47210 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EmfPlusDrawImagePoints heap overflow attempt (file-image.rules)
 * 1:46647 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF EmfPlusDrawBeziers buffer over-read attempt (file-other.rules)
 * 1:46648 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF EmfPlusDrawBeziers buffer over-read attempt (file-other.rules)
 * 1:46651 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro PDX malformed index out of bounds memory read attempt (file-other.rules)
 * 1:46652 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro PDX malformed index out of bounds memory read attempt (file-other.rules)
 * 1:47211 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EmfPlusDrawImagePoints heap overflow attempt (file-image.rules)
 * 1:46655 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS2PDF conversion buffer over-read attempt (file-other.rules)
 * 1:47961 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out of bounds write attempt (file-other.rules)
 * 1:46656 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS2PDF conversion buffer over-read attempt (file-other.rules)
 * 1:47963 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules)
 * 1:46671 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46673 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46659 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader jp2 double free attempt (file-other.rules)
 * 1:46660 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader jp2 double free attempt (file-other.rules)
 * 1:46674 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46688 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS out-of-bounds read attempt (file-image.rules)
 * 1:46689 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS out-of-bounds read attempt (file-image.rules)
 * 1:46690 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro path rendertransform out of bound write attempt (file-other.rules)
 * 1:46691 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro path rendertransform out of bound write attempt (file-other.rules)
 * 1:46692 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawCurve out of bounds read attempt (file-image.rules)
 * 1:46670 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46693 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawCurve out of bounds read attempt (file-image.rules)
 * 1:46694 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF embedded GIF memory corruption attempt (file-other.rules)
 * 1:46699 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF embedded DIB out of bound read attempt (file-other.rules)
 * 1:46695 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF embedded GIF memory corruption attempt (file-other.rules)
 * 1:46701 <-> DISABLED <-> FILE-IMAGE Adobe Acrboat EMF invalid EMR_STRETCHDIBITS record out-of-bounds read attempt (file-image.rules)
 * 1:46702 <-> DISABLED <-> FILE-IMAGE Adobe Acrboat EMF invalid EMR_STRETCHDIBITS record out-of-bounds read attempt (file-image.rules)
 * 1:47217 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS heap overflow attempt (file-other.rules)
 * 1:47218 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS heap overflow attempt (file-other.rules)
 * 1:47232 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:46703 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_STRETCHDIBITS size out of bounds read attempt (file-other.rules)
 * 1:46698 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF embedded DIB out of bound read attempt (file-other.rules)
 * 1:46707 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF malformed EmfPlusPointF object buffer overflow attempt (file-other.rules)
 * 1:46708 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF malformed EmfPlusPointF object buffer overflow attempt (file-other.rules)
 * 1:46709 <-> ENABLED <-> FILE-OTHER Adobe Professional EMF embedded image heap overflow attempt (file-other.rules)
 * 1:47251 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:47237 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:46704 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_STRETCHDIBITS size out of bounds read attempt (file-other.rules)
 * 1:47247 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro crafted GIF file out-of-bounds read attempt (file-image.rules)
 * 1:47248 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro crafted GIF file out-of-bounds read attempt (file-image.rules)
 * 1:47238 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47233 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47250 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47252 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:47266 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47275 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47267 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47249 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47269 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47274 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47276 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:47277 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:47268 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47280 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47279 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47308 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF RegionNodeCount out-of-bounds write attempt (file-other.rules)
 * 1:47309 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF RegionNodeCount out-of-bounds write attempt (file-other.rules)
 * 1:47306 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Distiller PostScript pdfmark out-of-bounds write attempt (file-other.rules)
 * 1:47307 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Distiller PostScript pdfmark out-of-bounds write attempt (file-other.rules)
 * 1:47312 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47314 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL out of bounds read attempt (file-image.rules)
 * 1:47315 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL out of bounds read attempt (file-image.rules)
 * 1:47328 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47313 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47331 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47329 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47330 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47333 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds write attempt (file-other.rules)
 * 1:47332 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds write attempt (file-other.rules)
 * 1:47344 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47343 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47345 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_CREATEDIBPATTERNBRUSHPT record buffer overflow attempt (file-other.rules)
 * 1:47346 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_CREATEDIBPATTERNBRUSHPT record buffer overflow attempt (file-other.rules)
 * 1:47350 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:47351 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:47352 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:47359 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47360 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47361 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47362 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47367 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro PSD malformed image data out-of-bounds write attempt (file-image.rules)
 * 1:47368 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro PSD malformed image data out-of-bounds write attempt (file-image.rules)
 * 1:47369 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds memory access attempt (file-other.rules)
 * 1:47370 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds memory access attempt (file-other.rules)
 * 1:47382 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro use after free attempt (file-image.rules)
 * 1:47383 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro use after free attempt (file-image.rules)
 * 1:47384 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:47385 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:47396 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JPEG quantization table out-of-bounds write attempt (file-image.rules)
 * 1:47397 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JPEG quantization table out-of-bounds write attempt (file-image.rules)
 * 1:47625 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader EMF path record out-of-bounds read attempt (file-other.rules)
 * 1:47626 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader EMF path record out-of-bounds read attempt (file-other.rules)
 * 1:47630 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro untrusted pointer dereference attempt (file-other.rules)
 * 1:47631 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro untrusted pointer dereference attempt (file-other.rules)
 * 1:47682 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusRegionNodePath out of bounds read attempt (file-other.rules)
 * 1:47683 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusRegionNodePath out of bounds read attempt (file-other.rules)
 * 1:47283 <-> DISABLED <-> FILE-OTHER Adobe Reader HTML to PDF conversion getMatchedCSSRules use-after-free attempt (file-other.rules)
 * 1:47827 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawImagePoints out of bounds read attempt (file-image.rules)
 * 1:47828 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawImagePoints out of bounds read attempt (file-image.rules)
 * 1:47838 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SGI RGB run-length encoding out of bounds read attempt (file-image.rules)
 * 1:47839 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SGI RGB run-length encoding out of bounds read attempt (file-image.rules)
 * 1:47852 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro HTML invalid pointer offset out-of-bounds read attempt (file-other.rules)
 * 1:47130 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL heap overflow attempt (file-image.rules)
 * 1:47357 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47353 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:47129 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL heap overflow attempt (file-image.rules)
 * 1:47942 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS heap overflow attempt (file-image.rules)
 * 1:47943 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Distiller PostScript stack overflow attempt (file-image.rules)
 * 1:47944 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Distiller PostScript stack overflow attempt (file-image.rules)
 * 1:47950 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47951 <-> DISABLED <-> FILE-OTHER Adobe Distiller PostScript conversion heap overflow attempt (file-other.rules)
 * 1:47949 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47952 <-> DISABLED <-> FILE-OTHER Adobe Distiller PostScript conversion heap overflow attempt (file-other.rules)
 * 1:47953 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:47954 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:47955 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:47956 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:47959 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (file-other.rules)
 * 1:47958 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawDriverString malformed GlyphCount value integer overflow attempt (file-other.rules)
 * 1:47957 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawDriverString malformed GlyphCount value integer overflow attempt (file-other.rules)
 * 1:47960 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (file-other.rules)

2020-06-09 23:58:59 UTC

Snort Subscriber Rules Update

Date: 2020-06-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54224 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet admin panel image injection attempt (server-oracle.rules)
 * 1:54212 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54217 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB srv2.sys information disclosure attempt (os-windows.rules)
 * 1:54203 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54166 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Razy-7997331-0 download attempt (malware-other.rules)
 * 1:54208 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54165 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Razy-7997331-0 download attempt (malware-other.rules)
 * 1:54167 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-7998106-0 download attempt (malware-other.rules)
 * 1:54198 <-> DISABLED <-> SERVER-WEBAPP TP-LINK Cloud Cameras NCXXX Bonjour command injection attempt (server-webapp.rules)
 * 1:54193 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54207 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54200 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54204 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54213 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54214 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet Web Server unauthenticated information disclosure attempt (server-oracle.rules)
 * 1:54211 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54206 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54280 <-> ENABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules)
 * 1:54281 <-> ENABLED <-> INDICATOR-SCAN CallStranger UPnP discovery attempt (indicator-scan.rules)
 * 1:54278 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-8011051-0 download attempt (malware-other.rules)
 * 1:54279 <-> ENABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules)
 * 1:54276 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif malicious outbound connection attempt - gravity generated detection (malware-other.rules)
 * 1:54277 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-8011051-0 download attempt (malware-other.rules)
 * 1:54216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k type confusion attempt (os-windows.rules)
 * 1:54195 <-> DISABLED <-> SERVER-WEBAPP TP-LINK Cloud Cameras NCXXX Bonjour command injection attempt (server-webapp.rules)
 * 1:54209 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54199 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54192 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54201 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54188 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.RagnarLocker initial download (malware-other.rules)
 * 1:54187 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.RagnarLocker initial download (malware-other.rules)
 * 1:54180 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike system profiling attempt (malware-other.rules)
 * 1:54168 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-7998106-0 download attempt (malware-other.rules)
 * 1:54171 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike signed java applet download attempt (malware-other.rules)
 * 1:54190 <-> ENABLED <-> FILE-PDF Adobe Reader custom JavaScript field use-after-free attempt (file-pdf.rules)
 * 1:54181 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike system profiling attempt (malware-other.rules)
 * 1:54184 <-> DISABLED <-> SERVER-OTHER lodash defaultsDeep prototype pollution attempt (server-other.rules)
 * 1:54173 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike signed java applet download attempt (malware-other.rules)
 * 1:54169 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike signed java applet execution attempt (malware-other.rules)
 * 1:54185 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Samas-7998113-0 download attempt (malware-other.rules)
 * 1:54170 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike signed java applet execution attempt (malware-other.rules)
 * 1:54179 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Zusy-8002903-0 download attempt (malware-other.rules)
 * 1:54189 <-> ENABLED <-> FILE-PDF Adobe Reader custom JavaScript field use-after-free attempt (file-pdf.rules)
 * 1:54186 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Samas-7998113-0 download attempt (malware-other.rules)
 * 1:54174 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike signed java applet download attempt (malware-other.rules)
 * 1:54191 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54176 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Zusy-8002902-0 download attempt (malware-other.rules)
 * 1:54194 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54196 <-> DISABLED <-> SERVER-WEBAPP TP-LINK Cloud Cameras NCXXX Bonjour command injection attempt (server-webapp.rules)
 * 1:54182 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike system profiling attempt (malware-other.rules)
 * 1:54175 <-> DISABLED <-> INDICATOR-COMPROMISE Cobalt Strike default signed applet attack URI (indicator-compromise.rules)
 * 1:54177 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Zusy-8002902-0 download attempt (malware-other.rules)
 * 1:54183 <-> DISABLED <-> INDICATOR-COMPROMISE Cobalt Strike default smart applet attack URI (indicator-compromise.rules)
 * 1:54172 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike signed java applet download attempt (malware-other.rules)
 * 1:54178 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Zusy-8002903-0 download attempt (malware-other.rules)
 * 1:54197 <-> DISABLED <-> SERVER-WEBAPP TP-LINK Cloud Cameras NCXXX Bonjour command injection attempt (server-webapp.rules)
 * 1:54210 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54215 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k type confusion attempt (os-windows.rules)
 * 1:54202 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54205 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54270 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB chained compression out of bounds read attempt (os-windows.rules)
 * 1:54222 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet admin panel image injection attempt (server-oracle.rules)
 * 1:54223 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet admin panel image injection CSRF attempt (server-oracle.rules)
 * 1:54220 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Packed.Amg0fxii-8010198-0 download attempt (malware-other.rules)
 * 1:54221 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Packed.Amg0fxii-8010198-0 download attempt (malware-other.rules)
 * 1:54218 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-8009335-0 download attempt (malware-other.rules)
 * 1:54219 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-8009335-0 download attempt (malware-other.rules)
 * 1:54250 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel security feature bypass attempt (os-windows.rules)
 * 1:54248 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys remote code execution attempt (os-windows.rules)
 * 1:54249 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel security feature bypass attempt (os-windows.rules)
 * 1:54246 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54247 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys remote code execution attempt (os-windows.rules)
 * 1:54244 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Media Foundation getKeyForIndex out-of-bounds read attempt (file-multimedia.rules)
 * 1:54245 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54242 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateDIBitmap privilege escalation attempt (os-windows.rules)
 * 1:54243 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Media Foundation getKeyForIndex out-of-bounds read attempt (file-multimedia.rules)
 * 1:54240 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMBv1 remote code execution attempt (os-windows.rules)
 * 1:54241 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateDIBitmap privilege escalation attempt (os-windows.rules)
 * 1:54238 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54239 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54236 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54237 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54234 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS cross site scripting attempt (server-webapp.rules)
 * 1:54235 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS cross site scripting attempt (server-webapp.rules)
 * 1:54232 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript memory corruption attempt (browser-ie.rules)
 * 1:54233 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript memory corruption attempt (browser-ie.rules)
 * 1:54230 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules)
 * 1:54231 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules)
 * 1:54228 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8010482-0 download attempt (malware-other.rules)
 * 1:54229 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8010482-0 download attempt (malware-other.rules)
 * 1:54226 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ngrbot-8010339-0 download attempt (malware-other.rules)
 * 1:54227 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ngrbot-8010339-0 download attempt (malware-other.rules)
 * 1:54225 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet admin panel image injection CSRF attempt (server-oracle.rules)
 * 1:54273 <-> DISABLED <-> SERVER-WEBAPP Centreon Monitoring tool command injection attempt (server-webapp.rules)
 * 1:54271 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB chained compression out of bounds read attempt (os-windows.rules)
 * 1:54272 <-> DISABLED <-> SERVER-WEBAPP Centreon Monitoring tool command injection attempt (server-webapp.rules)
 * 1:54275 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-8010924-0 download attempt (malware-other.rules)
 * 1:54274 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-8010924-0 download attempt (malware-other.rules)
 * 3:54255 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1082 attack attempt (server-webapp.rules)
 * 3:54252 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1080 attack attempt (server-webapp.rules)
 * 3:54258 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1083 attack attempt (server-webapp.rules)
 * 3:54256 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1082 attack attempt (server-webapp.rules)
 * 3:54257 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1083 attack attempt (server-webapp.rules)
 * 3:54251 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1080 attack attempt (server-webapp.rules)
 * 3:54260 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1078 attack attempt (server-webapp.rules)
 * 3:54262 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1079 attack attempt (server-webapp.rules)
 * 3:54253 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1080 attack attempt (server-webapp.rules)
 * 3:54263 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1079 attack attempt (server-webapp.rules)
 * 3:54254 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1082 attack attempt (server-webapp.rules)
 * 3:54265 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1088 attack attempt (browser-other.rules)
 * 3:54266 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1088 attack attempt (browser-other.rules)
 * 3:54267 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1081 attack attempt (server-webapp.rules)
 * 3:54268 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1081 attack attempt (server-webapp.rules)
 * 3:54269 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1081 attack attempt (server-webapp.rules)
 * 3:54264 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1079 attack attempt (server-webapp.rules)
 * 3:54259 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1078 attack attempt (server-webapp.rules)
 * 3:54261 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1078 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:47183 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusFillRects type confusion attempt (file-other.rules)
 * 1:46701 <-> DISABLED <-> FILE-IMAGE Adobe Acrboat EMF invalid EMR_STRETCHDIBITS record out-of-bounds read attempt (file-image.rules)
 * 1:47184 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusFillRects type confusion attempt (file-other.rules)
 * 1:47313 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47328 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47179 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF invalid EmfPlusFillRects out-of-bounds read attempt (file-other.rules)
 * 1:46797 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:46727 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF embedded GIF LZW compression out of bound read attempt (file-other.rules)
 * 1:47060 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-image.rules)
 * 1:47975 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF memory corruption attempt (file-other.rules)
 * 1:47125 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:47059 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-image.rules)
 * 1:47180 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF invalid EmfPlusFillRects out-of-bounds read attempt (file-other.rules)
 * 1:46719 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object heap overflow attempt (file-image.rules)
 * 1:46960 <-> DISABLED <-> FILE-OTHER Adobe Flash Player AMF0 Shared Object integer overflow attempt (file-other.rules)
 * 1:46652 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro PDX malformed index out of bounds memory read attempt (file-other.rules)
 * 1:45910 <-> DISABLED <-> MALWARE-CNC Cobalt Strike outbound beacon command result (malware-cnc.rules)
 * 1:47126 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:46655 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS2PDF conversion buffer over-read attempt (file-other.rules)
 * 1:46651 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro PDX malformed index out of bounds memory read attempt (file-other.rules)
 * 1:47193 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF use-after-free attempt (file-other.rules)
 * 1:43608 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)
 * 1:43609 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)
 * 1:47194 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF use-after-free attempt (file-other.rules)
 * 1:44023 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:47195 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:46648 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF EmfPlusDrawBeziers buffer over-read attempt (file-other.rules)
 * 1:46643 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF compression out of bounds write attempt (file-other.rules)
 * 1:47181 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file uninitialized pointer dereference attempt (file-other.rules)
 * 1:44060 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:47196 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:44121 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record memory corruption attempt (file-other.rules)
 * 1:46647 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF EmfPlusDrawBeziers buffer over-read attempt (file-other.rules)
 * 1:46659 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader jp2 double free attempt (file-other.rules)
 * 1:47197 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:41946 <-> DISABLED <-> FILE-IMAGE Microsoft GDI+ malformed EMF description out of bounds read attempt (file-image.rules)
 * 1:47182 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file uninitialized pointer dereference attempt (file-other.rules)
 * 1:44122 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record memory corruption attempt (file-other.rules)
 * 1:47198 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:44059 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:43973 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF comment memory corruption attempt (file-other.rules)
 * 1:41947 <-> DISABLED <-> FILE-IMAGE GDI+ malformed EMF description out of bounds read attempt (file-image.rules)
 * 1:47157 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jp2 out-of-bounds read attempt (file-image.rules)
 * 1:47208 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47369 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds memory access attempt (file-other.rules)
 * 1:47158 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jp2 out-of-bounds read attempt (file-image.rules)
 * 1:46698 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF embedded DIB out of bound read attempt (file-other.rules)
 * 1:46644 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF compression out of bounds write attempt (file-other.rules)
 * 1:46671 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46667 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:47963 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules)
 * 1:47209 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47308 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF RegionNodeCount out-of-bounds write attempt (file-other.rules)
 * 1:47284 <-> DISABLED <-> FILE-OTHER Adobe Reader HTML to PDF conversion getMatchedCSSRules use-after-free attempt (file-other.rules)
 * 1:47306 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Distiller PostScript pdfmark out-of-bounds write attempt (file-other.rules)
 * 1:47280 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47283 <-> DISABLED <-> FILE-OTHER Adobe Reader HTML to PDF conversion getMatchedCSSRules use-after-free attempt (file-other.rules)
 * 1:47276 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:47277 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:47274 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47275 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47267 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47268 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47252 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:47266 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47249 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47250 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47247 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro crafted GIF file out-of-bounds read attempt (file-image.rules)
 * 1:47248 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro crafted GIF file out-of-bounds read attempt (file-image.rules)
 * 1:47233 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47237 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47218 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS heap overflow attempt (file-other.rules)
 * 1:47232 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:46709 <-> ENABLED <-> FILE-OTHER Adobe Professional EMF embedded image heap overflow attempt (file-other.rules)
 * 1:47210 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EmfPlusDrawImagePoints heap overflow attempt (file-image.rules)
 * 1:47211 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EmfPlusDrawImagePoints heap overflow attempt (file-image.rules)
 * 1:47962 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out of bounds write attempt (file-other.rules)
 * 1:47309 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF RegionNodeCount out-of-bounds write attempt (file-other.rules)
 * 1:47971 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47853 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro HTML invalid pointer offset out-of-bounds read attempt (file-other.rules)
 * 1:46702 <-> DISABLED <-> FILE-IMAGE Adobe Acrboat EMF invalid EMR_STRETCHDIBITS record out-of-bounds read attempt (file-image.rules)
 * 1:46703 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_STRETCHDIBITS size out of bounds read attempt (file-other.rules)
 * 1:43903 <-> DISABLED <-> FILE-IMAGE Adobe Reader EMF EMR_STROKEPATH memory corruption attempt (file-image.rules)
 * 1:47312 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:43902 <-> DISABLED <-> FILE-IMAGE Adobe Reader EMF EMR_STROKEPATH memory corruption attempt (file-image.rules)
 * 1:43974 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF comment memory corruption attempt (file-other.rules)
 * 1:46710 <-> ENABLED <-> FILE-OTHER Adobe Professional EMF embedded image heap overflow attempt (file-other.rules)
 * 1:46798 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:46733 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds read attempt (file-other.rules)
 * 1:46813 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds read attempt (file-other.rules)
 * 1:46720 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object heap overflow attempt (file-image.rules)
 * 1:47124 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:46725 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG out of bounds read attempt (file-image.rules)
 * 1:46718 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object heap overflow attempt (file-image.rules)
 * 1:46875 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object out of bounds read attempt (file-image.rules)
 * 1:46812 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds read attempt (file-other.rules)
 * 1:46726 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG out of bounds read attempt (file-image.rules)
 * 1:47140 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out-of-bounds read attempt (file-other.rules)
 * 1:47154 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:47153 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:46668 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46717 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object heap overflow attempt (file-image.rules)
 * 1:47144 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)
 * 1:47143 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)
 * 1:47139 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out-of-bounds read attempt (file-other.rules)
 * 1:46707 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF malformed EmfPlusPointF object buffer overflow attempt (file-other.rules)
 * 1:47993 <-> ENABLED <-> FILE-OTHER Acrobat Adobe Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47123 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:46728 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF embedded GIF LZW compression out of bound read attempt (file-other.rules)
 * 1:46734 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds read attempt (file-other.rules)
 * 1:46876 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object out of bounds read attempt (file-image.rules)
 * 1:47217 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS heap overflow attempt (file-other.rules)
 * 1:47238 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47251 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:47269 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:46704 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_STRETCHDIBITS size out of bounds read attempt (file-other.rules)
 * 1:48002 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D engine untrusted pointer dereference attempt (file-image.rules)
 * 1:47279 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:48003 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D engine untrusted pointer dereference attempt (file-image.rules)
 * 1:48009 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro integer overflow attempt (file-image.rules)
 * 1:48010 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro integer overflow attempt (file-image.rules)
 * 1:48011 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)
 * 1:47976 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF memory corruption attempt (file-other.rules)
 * 1:47972 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47964 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules)
 * 1:47979 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:44024 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:47980 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47981 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:46656 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS2PDF conversion buffer over-read attempt (file-other.rules)
 * 1:47982 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47983 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out-of-bounds read attempt (file-other.rules)
 * 1:47984 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out-of-bounds read attempt (file-other.rules)
 * 1:47985 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds write attempt (file-other.rules)
 * 1:47345 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_CREATEDIBPATTERNBRUSHPT record buffer overflow attempt (file-other.rules)
 * 1:47986 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds write attempt (file-other.rules)
 * 1:47987 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules)
 * 1:47988 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules)
 * 1:47989 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:47990 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:47314 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL out of bounds read attempt (file-image.rules)
 * 1:47991 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF engine type confusion attempt (file-image.rules)
 * 1:47995 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds write attempt (file-image.rules)
 * 1:47996 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds write attempt (file-image.rules)
 * 1:46660 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader jp2 double free attempt (file-other.rules)
 * 1:48031 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:48032 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:48033 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file use-after-free attempt (file-other.rules)
 * 1:47315 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL out of bounds read attempt (file-image.rules)
 * 1:48034 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file use-after-free attempt (file-other.rules)
 * 1:48040 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules)
 * 1:48074 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds read attempt (file-other.rules)
 * 1:48075 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds read attempt (file-other.rules)
 * 1:48107 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (file-other.rules)
 * 1:47330 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:48108 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (file-other.rules)
 * 1:48124 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (file-other.rules)
 * 1:48125 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (file-other.rules)
 * 1:48134 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (file-image.rules)
 * 1:47331 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:48135 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (file-image.rules)
 * 1:48012 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)
 * 1:48217 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader U3D engine memory corruption attempt (file-other.rules)
 * 1:48218 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader U3D engine memory corruption attempt (file-other.rules)
 * 1:48219 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro JPEG Huffman table memory corruption attempt (file-image.rules)
 * 1:47332 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds write attempt (file-other.rules)
 * 1:48220 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro JPEG Huffman table memory corruption attempt (file-image.rules)
 * 1:48242 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-other.rules)
 * 1:47333 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds write attempt (file-other.rules)
 * 1:48292 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawString out of bounds read attempt (file-other.rules)
 * 1:48039 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules)
 * 1:48243 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-other.rules)
 * 1:47343 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:48289 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawString out of bounds read attempt (file-other.rules)
 * 1:48290 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawString out of bounds read attempt (file-other.rules)
 * 1:48291 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawString out of bounds read attempt (file-other.rules)
 * 1:48604 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:48605 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:48642 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF out of bounds read attempt (file-other.rules)
 * 1:47344 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47346 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_CREATEDIBPATTERNBRUSHPT record buffer overflow attempt (file-other.rules)
 * 1:53968 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user and group creation command injection attempt (server-webapp.rules)
 * 1:47350 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:53969 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user and group creation command injection attempt (server-webapp.rules)
 * 1:53970 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user and group creation command injection attempt (server-webapp.rules)
 * 1:53972 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike beacon.dll DNS download attempt (malware-other.rules)
 * 1:52214 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (os-windows.rules)
 * 1:53967 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user and group creation command injection attempt (server-webapp.rules)
 * 1:47352 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:54014 <-> ENABLED <-> MALWARE-CNC Win.Malware.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:47362 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47351 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:47353 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:52213 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (os-windows.rules)
 * 1:53975 <-> DISABLED <-> INDICATOR-COMPROMISE Cobalt Strike multiple large DNS TXT query responses (indicator-compromise.rules)
 * 1:47356 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47361 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47383 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro use after free attempt (file-image.rules)
 * 1:47367 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro PSD malformed image data out-of-bounds write attempt (file-image.rules)
 * 1:47368 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro PSD malformed image data out-of-bounds write attempt (file-image.rules)
 * 1:47307 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Distiller PostScript pdfmark out-of-bounds write attempt (file-other.rules)
 * 1:47357 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47359 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47360 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47397 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JPEG quantization table out-of-bounds write attempt (file-image.rules)
 * 1:47382 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro use after free attempt (file-image.rules)
 * 1:47396 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JPEG quantization table out-of-bounds write attempt (file-image.rules)
 * 1:47384 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:47385 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:47683 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusRegionNodePath out of bounds read attempt (file-other.rules)
 * 1:47625 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader EMF path record out-of-bounds read attempt (file-other.rules)
 * 1:47370 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds memory access attempt (file-other.rules)
 * 1:47626 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader EMF path record out-of-bounds read attempt (file-other.rules)
 * 1:47630 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro untrusted pointer dereference attempt (file-other.rules)
 * 1:47682 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusRegionNodePath out of bounds read attempt (file-other.rules)
 * 1:47852 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro HTML invalid pointer offset out-of-bounds read attempt (file-other.rules)
 * 1:47827 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawImagePoints out of bounds read attempt (file-image.rules)
 * 1:47828 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawImagePoints out of bounds read attempt (file-image.rules)
 * 1:47631 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro untrusted pointer dereference attempt (file-other.rules)
 * 1:47838 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SGI RGB run-length encoding out of bounds read attempt (file-image.rules)
 * 1:47839 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SGI RGB run-length encoding out of bounds read attempt (file-image.rules)
 * 1:47992 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF engine type confusion attempt (file-image.rules)
 * 1:47130 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL heap overflow attempt (file-image.rules)
 * 1:47994 <-> ENABLED <-> FILE-OTHER Acrobat Adobe Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47856 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file object out of bounds write attempt (file-image.rules)
 * 1:46699 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF embedded DIB out of bound read attempt (file-other.rules)
 * 1:47997 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds read attempt (file-image.rules)
 * 1:47854 <-> DISABLED <-> FILE-OTHER Adobe Acrobat HTML invalid pointer out-of-bounds read attempt (file-other.rules)
 * 1:47857 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file object out of bounds write attempt (file-image.rules)
 * 1:47855 <-> DISABLED <-> FILE-OTHER Adobe Acrobat HTML invalid pointer out-of-bounds read attempt (file-other.rules)
 * 1:47884 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF image conversion memory corruption attempt (file-other.rules)
 * 1:47891 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object out of bounds read attempt (file-image.rules)
 * 1:47875 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF ALPHABLEND heap overflow attempt (file-image.rules)
 * 1:47883 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF image conversion memory corruption attempt (file-other.rules)
 * 1:47874 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF ALPHABLEND heap overflow attempt (file-image.rules)
 * 1:47907 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules)
 * 1:47908 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules)
 * 1:47909 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules)
 * 1:47910 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules)
 * 1:47892 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object out of bounds read attempt (file-image.rules)
 * 1:47912 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader EMF file JPEG Huffman table heap overflow attempt (file-image.rules)
 * 1:47911 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader EMF file JPEG Huffman table heap overflow attempt (file-image.rules)
 * 1:47926 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (file-other.rules)
 * 1:47927 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (file-other.rules)
 * 1:47932 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D Engine untrusted pointer dereference attempt (file-image.rules)
 * 1:47933 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D Engine untrusted pointer dereference attempt (file-image.rules)
 * 1:47943 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Distiller PostScript stack overflow attempt (file-image.rules)
 * 1:46708 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF malformed EmfPlusPointF object buffer overflow attempt (file-other.rules)
 * 1:47942 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS heap overflow attempt (file-image.rules)
 * 1:47940 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF+ GIF parsing out of bounds read attempt (file-image.rules)
 * 1:47941 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS heap overflow attempt (file-image.rules)
 * 1:47944 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Distiller PostScript stack overflow attempt (file-image.rules)
 * 1:46694 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF embedded GIF memory corruption attempt (file-other.rules)
 * 1:46695 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF embedded GIF memory corruption attempt (file-other.rules)
 * 1:46690 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro path rendertransform out of bound write attempt (file-other.rules)
 * 1:46693 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawCurve out of bounds read attempt (file-image.rules)
 * 1:46692 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawCurve out of bounds read attempt (file-image.rules)
 * 1:46691 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro path rendertransform out of bound write attempt (file-other.rules)
 * 1:46688 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS out-of-bounds read attempt (file-image.rules)
 * 1:46689 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS out-of-bounds read attempt (file-image.rules)
 * 1:46673 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:47129 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL heap overflow attempt (file-image.rules)
 * 1:47939 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF+ GIF parsing out of bounds read attempt (file-image.rules)
 * 1:46674 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46670 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46669 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46672 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:47949 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47950 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47951 <-> DISABLED <-> FILE-OTHER Adobe Distiller PostScript conversion heap overflow attempt (file-other.rules)
 * 1:47954 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:47952 <-> DISABLED <-> FILE-OTHER Adobe Distiller PostScript conversion heap overflow attempt (file-other.rules)
 * 1:47953 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:47955 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:47956 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:47957 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawDriverString malformed GlyphCount value integer overflow attempt (file-other.rules)
 * 1:47958 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawDriverString malformed GlyphCount value integer overflow attempt (file-other.rules)
 * 1:47959 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (file-other.rules)
 * 1:47961 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out of bounds write attempt (file-other.rules)
 * 1:47960 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (file-other.rules)
 * 1:47329 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47998 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds read attempt (file-image.rules)
 * 1:48017 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-image.rules)
 * 1:48016 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-image.rules)
 * 1:48014 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)
 * 1:48013 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)

2020-06-09 23:58:59 UTC

Snort Subscriber Rules Update

Date: 2020-06-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54202 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54183 <-> DISABLED <-> INDICATOR-COMPROMISE Cobalt Strike default smart applet attack URI (indicator-compromise.rules)
 * 1:54176 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Zusy-8002902-0 download attempt (malware-other.rules)
 * 1:54175 <-> DISABLED <-> INDICATOR-COMPROMISE Cobalt Strike default signed applet attack URI (indicator-compromise.rules)
 * 1:54177 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Zusy-8002902-0 download attempt (malware-other.rules)
 * 1:54182 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike system profiling attempt (malware-other.rules)
 * 1:54178 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Zusy-8002903-0 download attempt (malware-other.rules)
 * 1:54191 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54186 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Samas-7998113-0 download attempt (malware-other.rules)
 * 1:54214 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet Web Server unauthenticated information disclosure attempt (server-oracle.rules)
 * 1:54167 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-7998106-0 download attempt (malware-other.rules)
 * 1:54216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k type confusion attempt (os-windows.rules)
 * 1:54224 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet admin panel image injection attempt (server-oracle.rules)
 * 1:54174 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike signed java applet download attempt (malware-other.rules)
 * 1:54192 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54212 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54199 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54209 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54204 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54206 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54195 <-> DISABLED <-> SERVER-WEBAPP TP-LINK Cloud Cameras NCXXX Bonjour command injection attempt (server-webapp.rules)
 * 1:54217 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB srv2.sys information disclosure attempt (os-windows.rules)
 * 1:54203 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54197 <-> DISABLED <-> SERVER-WEBAPP TP-LINK Cloud Cameras NCXXX Bonjour command injection attempt (server-webapp.rules)
 * 1:54172 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike signed java applet download attempt (malware-other.rules)
 * 1:54179 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Zusy-8002903-0 download attempt (malware-other.rules)
 * 1:54188 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.RagnarLocker initial download (malware-other.rules)
 * 1:54170 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike signed java applet execution attempt (malware-other.rules)
 * 1:54187 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.RagnarLocker initial download (malware-other.rules)
 * 1:54184 <-> DISABLED <-> SERVER-OTHER lodash defaultsDeep prototype pollution attempt (server-other.rules)
 * 1:54180 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike system profiling attempt (malware-other.rules)
 * 1:54181 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike system profiling attempt (malware-other.rules)
 * 1:54189 <-> ENABLED <-> FILE-PDF Adobe Reader custom JavaScript field use-after-free attempt (file-pdf.rules)
 * 1:54185 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Samas-7998113-0 download attempt (malware-other.rules)
 * 1:54169 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike signed java applet execution attempt (malware-other.rules)
 * 1:54171 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike signed java applet download attempt (malware-other.rules)
 * 1:54190 <-> ENABLED <-> FILE-PDF Adobe Reader custom JavaScript field use-after-free attempt (file-pdf.rules)
 * 1:54165 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Razy-7997331-0 download attempt (malware-other.rules)
 * 1:54194 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54196 <-> DISABLED <-> SERVER-WEBAPP TP-LINK Cloud Cameras NCXXX Bonjour command injection attempt (server-webapp.rules)
 * 1:54166 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Razy-7997331-0 download attempt (malware-other.rules)
 * 1:54208 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54173 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike signed java applet download attempt (malware-other.rules)
 * 1:54198 <-> DISABLED <-> SERVER-WEBAPP TP-LINK Cloud Cameras NCXXX Bonjour command injection attempt (server-webapp.rules)
 * 1:54207 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54200 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54193 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54201 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54211 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54213 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54210 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54168 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-7998106-0 download attempt (malware-other.rules)
 * 1:54215 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k type confusion attempt (os-windows.rules)
 * 1:54205 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54234 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS cross site scripting attempt (server-webapp.rules)
 * 1:54223 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet admin panel image injection CSRF attempt (server-oracle.rules)
 * 1:54219 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-8009335-0 download attempt (malware-other.rules)
 * 1:54221 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Packed.Amg0fxii-8010198-0 download attempt (malware-other.rules)
 * 1:54222 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet admin panel image injection attempt (server-oracle.rules)
 * 1:54220 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Packed.Amg0fxii-8010198-0 download attempt (malware-other.rules)
 * 1:54218 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-8009335-0 download attempt (malware-other.rules)
 * 1:54229 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8010482-0 download attempt (malware-other.rules)
 * 1:54231 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules)
 * 1:54232 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript memory corruption attempt (browser-ie.rules)
 * 1:54225 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet admin panel image injection CSRF attempt (server-oracle.rules)
 * 1:54230 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules)
 * 1:54227 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ngrbot-8010339-0 download attempt (malware-other.rules)
 * 1:54228 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8010482-0 download attempt (malware-other.rules)
 * 1:54226 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ngrbot-8010339-0 download attempt (malware-other.rules)
 * 1:54236 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54238 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54235 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS cross site scripting attempt (server-webapp.rules)
 * 1:54240 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMBv1 remote code execution attempt (os-windows.rules)
 * 1:54233 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript memory corruption attempt (browser-ie.rules)
 * 1:54239 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54278 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-8011051-0 download attempt (malware-other.rules)
 * 1:54279 <-> ENABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules)
 * 1:54272 <-> DISABLED <-> SERVER-WEBAPP Centreon Monitoring tool command injection attempt (server-webapp.rules)
 * 1:54277 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-8011051-0 download attempt (malware-other.rules)
 * 1:54274 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-8010924-0 download attempt (malware-other.rules)
 * 1:54275 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-8010924-0 download attempt (malware-other.rules)
 * 1:54249 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel security feature bypass attempt (os-windows.rules)
 * 1:54273 <-> DISABLED <-> SERVER-WEBAPP Centreon Monitoring tool command injection attempt (server-webapp.rules)
 * 1:54270 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB chained compression out of bounds read attempt (os-windows.rules)
 * 1:54271 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB chained compression out of bounds read attempt (os-windows.rules)
 * 1:54245 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54250 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel security feature bypass attempt (os-windows.rules)
 * 1:54247 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys remote code execution attempt (os-windows.rules)
 * 1:54248 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys remote code execution attempt (os-windows.rules)
 * 1:54241 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateDIBitmap privilege escalation attempt (os-windows.rules)
 * 1:54246 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54243 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Media Foundation getKeyForIndex out-of-bounds read attempt (file-multimedia.rules)
 * 1:54244 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Media Foundation getKeyForIndex out-of-bounds read attempt (file-multimedia.rules)
 * 1:54237 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54242 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateDIBitmap privilege escalation attempt (os-windows.rules)
 * 1:54281 <-> ENABLED <-> INDICATOR-SCAN CallStranger UPnP discovery attempt (indicator-scan.rules)
 * 1:54276 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif malicious outbound connection attempt - gravity generated detection (malware-other.rules)
 * 1:54280 <-> ENABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules)
 * 3:54251 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1080 attack attempt (server-webapp.rules)
 * 3:54268 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1081 attack attempt (server-webapp.rules)
 * 3:54258 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1083 attack attempt (server-webapp.rules)
 * 3:54267 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1081 attack attempt (server-webapp.rules)
 * 3:54269 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1081 attack attempt (server-webapp.rules)
 * 3:54262 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1079 attack attempt (server-webapp.rules)
 * 3:54257 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1083 attack attempt (server-webapp.rules)
 * 3:54253 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1080 attack attempt (server-webapp.rules)
 * 3:54263 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1079 attack attempt (server-webapp.rules)
 * 3:54255 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1082 attack attempt (server-webapp.rules)
 * 3:54254 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1082 attack attempt (server-webapp.rules)
 * 3:54252 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1080 attack attempt (server-webapp.rules)
 * 3:54260 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1078 attack attempt (server-webapp.rules)
 * 3:54266 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1088 attack attempt (browser-other.rules)
 * 3:54259 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1078 attack attempt (server-webapp.rules)
 * 3:54261 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1078 attack attempt (server-webapp.rules)
 * 3:54265 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1088 attack attempt (browser-other.rules)
 * 3:54256 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1082 attack attempt (server-webapp.rules)
 * 3:54264 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1079 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:48003 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D engine untrusted pointer dereference attempt (file-image.rules)
 * 1:48009 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro integer overflow attempt (file-image.rules)
 * 1:48010 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro integer overflow attempt (file-image.rules)
 * 1:48011 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)
 * 1:47180 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF invalid EmfPlusFillRects out-of-bounds read attempt (file-other.rules)
 * 1:47183 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusFillRects type confusion attempt (file-other.rules)
 * 1:47988 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules)
 * 1:47992 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF engine type confusion attempt (file-image.rules)
 * 1:46727 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF embedded GIF LZW compression out of bound read attempt (file-other.rules)
 * 1:48040 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules)
 * 1:47184 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusFillRects type confusion attempt (file-other.rules)
 * 1:46656 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS2PDF conversion buffer over-read attempt (file-other.rules)
 * 1:46797 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:47060 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-image.rules)
 * 1:48016 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-image.rules)
 * 1:46668 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:48032 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:43609 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)
 * 1:44122 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record memory corruption attempt (file-other.rules)
 * 1:47158 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jp2 out-of-bounds read attempt (file-image.rules)
 * 1:43973 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF comment memory corruption attempt (file-other.rules)
 * 1:47181 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file uninitialized pointer dereference attempt (file-other.rules)
 * 1:48124 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (file-other.rules)
 * 1:48108 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (file-other.rules)
 * 1:47998 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds read attempt (file-image.rules)
 * 1:48002 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D engine untrusted pointer dereference attempt (file-image.rules)
 * 1:48033 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file use-after-free attempt (file-other.rules)
 * 1:48125 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (file-other.rules)
 * 1:48074 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds read attempt (file-other.rules)
 * 1:48034 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file use-after-free attempt (file-other.rules)
 * 1:48134 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (file-image.rules)
 * 1:48039 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules)
 * 1:46709 <-> ENABLED <-> FILE-OTHER Adobe Professional EMF embedded image heap overflow attempt (file-other.rules)
 * 1:48031 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:48217 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader U3D engine memory corruption attempt (file-other.rules)
 * 1:48135 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (file-image.rules)
 * 1:48013 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)
 * 1:48107 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (file-other.rules)
 * 1:48075 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds read attempt (file-other.rules)
 * 1:47125 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:46648 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF EmfPlusDrawBeziers buffer over-read attempt (file-other.rules)
 * 1:47993 <-> ENABLED <-> FILE-OTHER Acrobat Adobe Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:46960 <-> DISABLED <-> FILE-OTHER Adobe Flash Player AMF0 Shared Object integer overflow attempt (file-other.rules)
 * 1:47971 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47964 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules)
 * 1:47250 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47958 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawDriverString malformed GlyphCount value integer overflow attempt (file-other.rules)
 * 1:46703 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_STRETCHDIBITS size out of bounds read attempt (file-other.rules)
 * 1:47233 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47370 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds memory access attempt (file-other.rules)
 * 1:43903 <-> DISABLED <-> FILE-IMAGE Adobe Reader EMF EMR_STROKEPATH memory corruption attempt (file-image.rules)
 * 1:44024 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44023 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44060 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:43974 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF comment memory corruption attempt (file-other.rules)
 * 1:46647 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF EmfPlusDrawBeziers buffer over-read attempt (file-other.rules)
 * 1:46652 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro PDX malformed index out of bounds memory read attempt (file-other.rules)
 * 1:47975 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF memory corruption attempt (file-other.rules)
 * 1:47839 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SGI RGB run-length encoding out of bounds read attempt (file-image.rules)
 * 1:47852 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro HTML invalid pointer offset out-of-bounds read attempt (file-other.rules)
 * 1:47828 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawImagePoints out of bounds read attempt (file-image.rules)
 * 1:47630 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro untrusted pointer dereference attempt (file-other.rules)
 * 1:47827 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawImagePoints out of bounds read attempt (file-image.rules)
 * 1:47130 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL heap overflow attempt (file-image.rules)
 * 1:47631 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro untrusted pointer dereference attempt (file-other.rules)
 * 1:47683 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusRegionNodePath out of bounds read attempt (file-other.rules)
 * 1:47397 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JPEG quantization table out-of-bounds write attempt (file-image.rules)
 * 1:47385 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:47625 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader EMF path record out-of-bounds read attempt (file-other.rules)
 * 1:47626 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader EMF path record out-of-bounds read attempt (file-other.rules)
 * 1:47396 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JPEG quantization table out-of-bounds write attempt (file-image.rules)
 * 1:47367 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro PSD malformed image data out-of-bounds write attempt (file-image.rules)
 * 1:47682 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusRegionNodePath out of bounds read attempt (file-other.rules)
 * 1:47368 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro PSD malformed image data out-of-bounds write attempt (file-image.rules)
 * 1:47369 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds memory access attempt (file-other.rules)
 * 1:47956 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:47955 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:47957 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawDriverString malformed GlyphCount value integer overflow attempt (file-other.rules)
 * 1:47953 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:47954 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:47951 <-> DISABLED <-> FILE-OTHER Adobe Distiller PostScript conversion heap overflow attempt (file-other.rules)
 * 1:47952 <-> DISABLED <-> FILE-OTHER Adobe Distiller PostScript conversion heap overflow attempt (file-other.rules)
 * 1:47950 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47944 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Distiller PostScript stack overflow attempt (file-image.rules)
 * 1:47943 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Distiller PostScript stack overflow attempt (file-image.rules)
 * 1:47949 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47942 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS heap overflow attempt (file-image.rules)
 * 1:46689 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS out-of-bounds read attempt (file-image.rules)
 * 1:48012 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)
 * 1:47143 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)
 * 1:47989 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:47981 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47985 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds write attempt (file-other.rules)
 * 1:47123 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:46710 <-> ENABLED <-> FILE-OTHER Adobe Professional EMF embedded image heap overflow attempt (file-other.rules)
 * 1:47153 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:46728 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF embedded GIF LZW compression out of bound read attempt (file-other.rules)
 * 1:46717 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object heap overflow attempt (file-image.rules)
 * 1:53969 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user and group creation command injection attempt (server-webapp.rules)
 * 1:54014 <-> ENABLED <-> MALWARE-CNC Win.Malware.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:48292 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawString out of bounds read attempt (file-other.rules)
 * 1:52213 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (os-windows.rules)
 * 1:47976 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF memory corruption attempt (file-other.rules)
 * 1:48219 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro JPEG Huffman table memory corruption attempt (file-image.rules)
 * 1:47995 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds write attempt (file-image.rules)
 * 1:46876 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object out of bounds read attempt (file-image.rules)
 * 1:47144 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)
 * 1:47154 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:47139 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out-of-bounds read attempt (file-other.rules)
 * 1:47140 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out-of-bounds read attempt (file-other.rules)
 * 1:46733 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds read attempt (file-other.rules)
 * 1:46726 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG out of bounds read attempt (file-image.rules)
 * 1:46812 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds read attempt (file-other.rules)
 * 1:46725 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG out of bounds read attempt (file-image.rules)
 * 1:46718 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object heap overflow attempt (file-image.rules)
 * 1:46813 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds read attempt (file-other.rules)
 * 1:46720 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object heap overflow attempt (file-image.rules)
 * 1:47124 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:47980 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47972 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47875 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF ALPHABLEND heap overflow attempt (file-image.rules)
 * 1:47984 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out-of-bounds read attempt (file-other.rules)
 * 1:47979 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47983 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out-of-bounds read attempt (file-other.rules)
 * 1:47987 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules)
 * 1:47991 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF engine type confusion attempt (file-image.rules)
 * 1:46798 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:47855 <-> DISABLED <-> FILE-OTHER Adobe Acrobat HTML invalid pointer out-of-bounds read attempt (file-other.rules)
 * 1:47193 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF use-after-free attempt (file-other.rules)
 * 1:47059 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-image.rules)
 * 1:46719 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object heap overflow attempt (file-image.rules)
 * 1:47157 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jp2 out-of-bounds read attempt (file-image.rules)
 * 1:47182 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file uninitialized pointer dereference attempt (file-other.rules)
 * 1:47194 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF use-after-free attempt (file-other.rules)
 * 1:46655 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS2PDF conversion buffer over-read attempt (file-other.rules)
 * 1:47195 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:43608 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)
 * 1:47126 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:47963 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules)
 * 1:46643 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF compression out of bounds write attempt (file-other.rules)
 * 1:47196 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47856 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file object out of bounds write attempt (file-image.rules)
 * 1:46659 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader jp2 double free attempt (file-other.rules)
 * 1:47197 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:45910 <-> DISABLED <-> MALWARE-CNC Cobalt Strike outbound beacon command result (malware-cnc.rules)
 * 1:44121 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record memory corruption attempt (file-other.rules)
 * 1:41947 <-> DISABLED <-> FILE-IMAGE GDI+ malformed EMF description out of bounds read attempt (file-image.rules)
 * 1:47198 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:46651 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro PDX malformed index out of bounds memory read attempt (file-other.rules)
 * 1:46875 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object out of bounds read attempt (file-image.rules)
 * 1:48017 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-image.rules)
 * 1:47208 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:41946 <-> DISABLED <-> FILE-IMAGE Microsoft GDI+ malformed EMF description out of bounds read attempt (file-image.rules)
 * 1:46644 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF compression out of bounds write attempt (file-other.rules)
 * 1:47209 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47210 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EmfPlusDrawImagePoints heap overflow attempt (file-image.rules)
 * 1:43902 <-> DISABLED <-> FILE-IMAGE Adobe Reader EMF EMR_STROKEPATH memory corruption attempt (file-image.rules)
 * 1:46660 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader jp2 double free attempt (file-other.rules)
 * 1:47211 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EmfPlusDrawImagePoints heap overflow attempt (file-image.rules)
 * 1:46670 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46674 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46688 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS out-of-bounds read attempt (file-image.rules)
 * 1:46690 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro path rendertransform out of bound write attempt (file-other.rules)
 * 1:46691 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro path rendertransform out of bound write attempt (file-other.rules)
 * 1:46692 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawCurve out of bounds read attempt (file-image.rules)
 * 1:46693 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawCurve out of bounds read attempt (file-image.rules)
 * 1:46695 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF embedded GIF memory corruption attempt (file-other.rules)
 * 1:46698 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF embedded DIB out of bound read attempt (file-other.rules)
 * 1:46699 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF embedded DIB out of bound read attempt (file-other.rules)
 * 1:46701 <-> DISABLED <-> FILE-IMAGE Adobe Acrboat EMF invalid EMR_STRETCHDIBITS record out-of-bounds read attempt (file-image.rules)
 * 1:47997 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds read attempt (file-image.rules)
 * 1:46702 <-> DISABLED <-> FILE-IMAGE Adobe Acrboat EMF invalid EMR_STRETCHDIBITS record out-of-bounds read attempt (file-image.rules)
 * 1:47857 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file object out of bounds write attempt (file-image.rules)
 * 1:46707 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF malformed EmfPlusPointF object buffer overflow attempt (file-other.rules)
 * 1:44059 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:47883 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF image conversion memory corruption attempt (file-other.rules)
 * 1:47959 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (file-other.rules)
 * 1:47275 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47276 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:47277 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:47280 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:46672 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:47283 <-> DISABLED <-> FILE-OTHER Adobe Reader HTML to PDF conversion getMatchedCSSRules use-after-free attempt (file-other.rules)
 * 1:46669 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:47308 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF RegionNodeCount out-of-bounds write attempt (file-other.rules)
 * 1:47312 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47313 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47314 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL out of bounds read attempt (file-image.rules)
 * 1:47306 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Distiller PostScript pdfmark out-of-bounds write attempt (file-other.rules)
 * 1:47315 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL out of bounds read attempt (file-image.rules)
 * 1:47328 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47329 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47359 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47346 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_CREATEDIBPATTERNBRUSHPT record buffer overflow attempt (file-other.rules)
 * 1:47350 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:47332 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds write attempt (file-other.rules)
 * 1:47343 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47344 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47345 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_CREATEDIBPATTERNBRUSHPT record buffer overflow attempt (file-other.rules)
 * 1:47360 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47352 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:47853 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro HTML invalid pointer offset out-of-bounds read attempt (file-other.rules)
 * 1:47854 <-> DISABLED <-> FILE-OTHER Adobe Acrobat HTML invalid pointer out-of-bounds read attempt (file-other.rules)
 * 1:47996 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds write attempt (file-image.rules)
 * 1:47838 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SGI RGB run-length encoding out of bounds read attempt (file-image.rules)
 * 1:47892 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object out of bounds read attempt (file-image.rules)
 * 1:47874 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF ALPHABLEND heap overflow attempt (file-image.rules)
 * 1:46708 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF malformed EmfPlusPointF object buffer overflow attempt (file-other.rules)
 * 1:47884 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF image conversion memory corruption attempt (file-other.rules)
 * 1:47891 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object out of bounds read attempt (file-image.rules)
 * 1:47907 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules)
 * 1:47911 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader EMF file JPEG Huffman table heap overflow attempt (file-image.rules)
 * 1:47909 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules)
 * 1:47910 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules)
 * 1:47933 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D Engine untrusted pointer dereference attempt (file-image.rules)
 * 1:47912 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader EMF file JPEG Huffman table heap overflow attempt (file-image.rules)
 * 1:47908 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules)
 * 1:47927 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (file-other.rules)
 * 1:47926 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (file-other.rules)
 * 1:47940 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF+ GIF parsing out of bounds read attempt (file-image.rules)
 * 1:47932 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D Engine untrusted pointer dereference attempt (file-image.rules)
 * 1:47939 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF+ GIF parsing out of bounds read attempt (file-image.rules)
 * 1:47941 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS heap overflow attempt (file-image.rules)
 * 1:47179 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF invalid EmfPlusFillRects out-of-bounds read attempt (file-other.rules)
 * 1:46673 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:47994 <-> ENABLED <-> FILE-OTHER Acrobat Adobe Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:48242 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-other.rules)
 * 1:48243 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-other.rules)
 * 1:48220 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro JPEG Huffman table memory corruption attempt (file-image.rules)
 * 1:47986 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds write attempt (file-other.rules)
 * 1:47990 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:47982 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:48290 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawString out of bounds read attempt (file-other.rules)
 * 1:48291 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawString out of bounds read attempt (file-other.rules)
 * 1:48289 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawString out of bounds read attempt (file-other.rules)
 * 1:48605 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:48642 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF out of bounds read attempt (file-other.rules)
 * 1:48604 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:53967 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user and group creation command injection attempt (server-webapp.rules)
 * 1:52214 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (os-windows.rules)
 * 1:48218 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader U3D engine memory corruption attempt (file-other.rules)
 * 1:53972 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike beacon.dll DNS download attempt (malware-other.rules)
 * 1:53975 <-> DISABLED <-> INDICATOR-COMPROMISE Cobalt Strike multiple large DNS TXT query responses (indicator-compromise.rules)
 * 1:53970 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user and group creation command injection attempt (server-webapp.rules)
 * 1:53968 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user and group creation command injection attempt (server-webapp.rules)
 * 1:47129 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL heap overflow attempt (file-image.rules)
 * 1:46734 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds read attempt (file-other.rules)
 * 1:46704 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_STRETCHDIBITS size out of bounds read attempt (file-other.rules)
 * 1:47274 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47267 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47269 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47252 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:47266 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47249 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47251 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:47248 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro crafted GIF file out-of-bounds read attempt (file-image.rules)
 * 1:47247 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro crafted GIF file out-of-bounds read attempt (file-image.rules)
 * 1:47307 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Distiller PostScript pdfmark out-of-bounds write attempt (file-other.rules)
 * 1:47238 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47232 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47237 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47217 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS heap overflow attempt (file-other.rules)
 * 1:47218 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS heap overflow attempt (file-other.rules)
 * 1:47960 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (file-other.rules)
 * 1:47961 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out of bounds write attempt (file-other.rules)
 * 1:48014 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)
 * 1:46671 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:47962 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out of bounds write attempt (file-other.rules)
 * 1:46667 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:47362 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47353 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:47383 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro use after free attempt (file-image.rules)
 * 1:47384 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:47361 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47382 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro use after free attempt (file-image.rules)
 * 1:47351 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:47357 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47333 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds write attempt (file-other.rules)
 * 1:47356 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:46694 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF embedded GIF memory corruption attempt (file-other.rules)
 * 1:47331 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47309 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF RegionNodeCount out-of-bounds write attempt (file-other.rules)
 * 1:47330 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47279 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47284 <-> DISABLED <-> FILE-OTHER Adobe Reader HTML to PDF conversion getMatchedCSSRules use-after-free attempt (file-other.rules)
 * 1:47268 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)

2020-06-09 23:58:59 UTC

Snort Subscriber Rules Update

Date: 2020-06-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54217 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB srv2.sys information disclosure attempt (os-windows.rules)
 * 1:54224 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet admin panel image injection attempt (server-oracle.rules)
 * 1:54165 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Razy-7997331-0 download attempt (malware-other.rules)
 * 1:54187 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.RagnarLocker initial download (malware-other.rules)
 * 1:54188 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.RagnarLocker initial download (malware-other.rules)
 * 1:54184 <-> DISABLED <-> SERVER-OTHER lodash defaultsDeep prototype pollution attempt (server-other.rules)
 * 1:54168 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-7998106-0 download attempt (malware-other.rules)
 * 1:54181 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike system profiling attempt (malware-other.rules)
 * 1:54169 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike signed java applet execution attempt (malware-other.rules)
 * 1:54185 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Samas-7998113-0 download attempt (malware-other.rules)
 * 1:54170 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike signed java applet execution attempt (malware-other.rules)
 * 1:54190 <-> ENABLED <-> FILE-PDF Adobe Reader custom JavaScript field use-after-free attempt (file-pdf.rules)
 * 1:54171 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike signed java applet download attempt (malware-other.rules)
 * 1:54191 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54182 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike system profiling attempt (malware-other.rules)
 * 1:54172 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike signed java applet download attempt (malware-other.rules)
 * 1:54175 <-> DISABLED <-> INDICATOR-COMPROMISE Cobalt Strike default signed applet attack URI (indicator-compromise.rules)
 * 1:54177 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Zusy-8002902-0 download attempt (malware-other.rules)
 * 1:54176 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Zusy-8002902-0 download attempt (malware-other.rules)
 * 1:54178 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Zusy-8002903-0 download attempt (malware-other.rules)
 * 1:54186 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Samas-7998113-0 download attempt (malware-other.rules)
 * 1:54167 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-7998106-0 download attempt (malware-other.rules)
 * 1:54214 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet Web Server unauthenticated information disclosure attempt (server-oracle.rules)
 * 1:54211 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54202 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54196 <-> DISABLED <-> SERVER-WEBAPP TP-LINK Cloud Cameras NCXXX Bonjour command injection attempt (server-webapp.rules)
 * 1:54206 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54209 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54212 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54192 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54204 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54199 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54174 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike signed java applet download attempt (malware-other.rules)
 * 1:54200 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54195 <-> DISABLED <-> SERVER-WEBAPP TP-LINK Cloud Cameras NCXXX Bonjour command injection attempt (server-webapp.rules)
 * 1:54213 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54173 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike signed java applet download attempt (malware-other.rules)
 * 1:54198 <-> DISABLED <-> SERVER-WEBAPP TP-LINK Cloud Cameras NCXXX Bonjour command injection attempt (server-webapp.rules)
 * 1:54208 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54207 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54193 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54194 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54203 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54166 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Razy-7997331-0 download attempt (malware-other.rules)
 * 1:54216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k type confusion attempt (os-windows.rules)
 * 1:54210 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54205 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54271 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB chained compression out of bounds read attempt (os-windows.rules)
 * 1:54223 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet admin panel image injection CSRF attempt (server-oracle.rules)
 * 1:54221 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Packed.Amg0fxii-8010198-0 download attempt (malware-other.rules)
 * 1:54219 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-8009335-0 download attempt (malware-other.rules)
 * 1:54222 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet admin panel image injection attempt (server-oracle.rules)
 * 1:54220 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Packed.Amg0fxii-8010198-0 download attempt (malware-other.rules)
 * 1:54218 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-8009335-0 download attempt (malware-other.rules)
 * 1:54247 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys remote code execution attempt (os-windows.rules)
 * 1:54245 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54250 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel security feature bypass attempt (os-windows.rules)
 * 1:54243 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Media Foundation getKeyForIndex out-of-bounds read attempt (file-multimedia.rules)
 * 1:54248 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys remote code execution attempt (os-windows.rules)
 * 1:54241 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateDIBitmap privilege escalation attempt (os-windows.rules)
 * 1:54246 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54239 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54244 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Media Foundation getKeyForIndex out-of-bounds read attempt (file-multimedia.rules)
 * 1:54237 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54242 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateDIBitmap privilege escalation attempt (os-windows.rules)
 * 1:54235 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS cross site scripting attempt (server-webapp.rules)
 * 1:54240 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMBv1 remote code execution attempt (os-windows.rules)
 * 1:54233 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript memory corruption attempt (browser-ie.rules)
 * 1:54238 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54231 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules)
 * 1:54236 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54229 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8010482-0 download attempt (malware-other.rules)
 * 1:54234 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS cross site scripting attempt (server-webapp.rules)
 * 1:54227 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ngrbot-8010339-0 download attempt (malware-other.rules)
 * 1:54232 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript memory corruption attempt (browser-ie.rules)
 * 1:54225 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet admin panel image injection CSRF attempt (server-oracle.rules)
 * 1:54230 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules)
 * 1:54228 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8010482-0 download attempt (malware-other.rules)
 * 1:54226 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ngrbot-8010339-0 download attempt (malware-other.rules)
 * 1:54280 <-> ENABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules)
 * 1:54276 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif malicious outbound connection attempt - gravity generated detection (malware-other.rules)
 * 1:54278 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-8011051-0 download attempt (malware-other.rules)
 * 1:54281 <-> ENABLED <-> INDICATOR-SCAN CallStranger UPnP discovery attempt (indicator-scan.rules)
 * 1:54274 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-8010924-0 download attempt (malware-other.rules)
 * 1:54279 <-> ENABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules)
 * 1:54272 <-> DISABLED <-> SERVER-WEBAPP Centreon Monitoring tool command injection attempt (server-webapp.rules)
 * 1:54277 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-8011051-0 download attempt (malware-other.rules)
 * 1:54270 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB chained compression out of bounds read attempt (os-windows.rules)
 * 1:54275 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-8010924-0 download attempt (malware-other.rules)
 * 1:54273 <-> DISABLED <-> SERVER-WEBAPP Centreon Monitoring tool command injection attempt (server-webapp.rules)
 * 1:54249 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel security feature bypass attempt (os-windows.rules)
 * 1:54197 <-> DISABLED <-> SERVER-WEBAPP TP-LINK Cloud Cameras NCXXX Bonjour command injection attempt (server-webapp.rules)
 * 1:54201 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54179 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Zusy-8002903-0 download attempt (malware-other.rules)
 * 1:54183 <-> DISABLED <-> INDICATOR-COMPROMISE Cobalt Strike default smart applet attack URI (indicator-compromise.rules)
 * 1:54189 <-> ENABLED <-> FILE-PDF Adobe Reader custom JavaScript field use-after-free attempt (file-pdf.rules)
 * 1:54180 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike system profiling attempt (malware-other.rules)
 * 1:54215 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k type confusion attempt (os-windows.rules)
 * 3:54258 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1083 attack attempt (server-webapp.rules)
 * 3:54256 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1082 attack attempt (server-webapp.rules)
 * 3:54254 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1082 attack attempt (server-webapp.rules)
 * 3:54261 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1078 attack attempt (server-webapp.rules)
 * 3:54257 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1083 attack attempt (server-webapp.rules)
 * 3:54267 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1081 attack attempt (server-webapp.rules)
 * 3:54253 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1080 attack attempt (server-webapp.rules)
 * 3:54262 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1079 attack attempt (server-webapp.rules)
 * 3:54264 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1079 attack attempt (server-webapp.rules)
 * 3:54252 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1080 attack attempt (server-webapp.rules)
 * 3:54268 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1081 attack attempt (server-webapp.rules)
 * 3:54269 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1081 attack attempt (server-webapp.rules)
 * 3:54266 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1088 attack attempt (browser-other.rules)
 * 3:54251 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1080 attack attempt (server-webapp.rules)
 * 3:54259 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1078 attack attempt (server-webapp.rules)
 * 3:54263 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1079 attack attempt (server-webapp.rules)
 * 3:54265 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1088 attack attempt (browser-other.rules)
 * 3:54260 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1078 attack attempt (server-webapp.rules)
 * 3:54255 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1082 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:47183 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusFillRects type confusion attempt (file-other.rules)
 * 1:48010 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro integer overflow attempt (file-image.rules)
 * 1:47184 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusFillRects type confusion attempt (file-other.rules)
 * 1:47907 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules)
 * 1:46718 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object heap overflow attempt (file-image.rules)
 * 1:46725 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG out of bounds read attempt (file-image.rules)
 * 1:46720 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object heap overflow attempt (file-image.rules)
 * 1:46798 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:46813 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds read attempt (file-other.rules)
 * 1:47059 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-image.rules)
 * 1:46726 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG out of bounds read attempt (file-image.rules)
 * 1:46710 <-> ENABLED <-> FILE-OTHER Adobe Professional EMF embedded image heap overflow attempt (file-other.rules)
 * 1:46875 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object out of bounds read attempt (file-image.rules)
 * 1:46812 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds read attempt (file-other.rules)
 * 1:47140 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out-of-bounds read attempt (file-other.rules)
 * 1:47154 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:47139 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out-of-bounds read attempt (file-other.rules)
 * 1:46668 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:47144 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)
 * 1:46734 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds read attempt (file-other.rules)
 * 1:46876 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object out of bounds read attempt (file-image.rules)
 * 1:47891 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object out of bounds read attempt (file-image.rules)
 * 1:47932 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D Engine untrusted pointer dereference attempt (file-image.rules)
 * 1:47996 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds write attempt (file-image.rules)
 * 1:47971 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47238 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:46669 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:47940 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF+ GIF parsing out of bounds read attempt (file-image.rules)
 * 1:47875 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF ALPHABLEND heap overflow attempt (file-image.rules)
 * 1:48002 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D engine untrusted pointer dereference attempt (file-image.rules)
 * 1:48011 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)
 * 1:47060 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-image.rules)
 * 1:46719 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object heap overflow attempt (file-image.rules)
 * 1:46960 <-> DISABLED <-> FILE-OTHER Adobe Flash Player AMF0 Shared Object integer overflow attempt (file-other.rules)
 * 1:46727 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF embedded GIF LZW compression out of bound read attempt (file-other.rules)
 * 1:47908 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules)
 * 1:47892 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object out of bounds read attempt (file-image.rules)
 * 1:47939 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF+ GIF parsing out of bounds read attempt (file-image.rules)
 * 1:46672 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:48003 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D engine untrusted pointer dereference attempt (file-image.rules)
 * 1:47998 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds read attempt (file-image.rules)
 * 1:48009 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro integer overflow attempt (file-image.rules)
 * 1:46699 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF embedded DIB out of bound read attempt (file-other.rules)
 * 1:47384 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:47158 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jp2 out-of-bounds read attempt (file-image.rules)
 * 1:47883 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF image conversion memory corruption attempt (file-other.rules)
 * 1:46689 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS out-of-bounds read attempt (file-image.rules)
 * 1:46701 <-> DISABLED <-> FILE-IMAGE Adobe Acrboat EMF invalid EMR_STRETCHDIBITS record out-of-bounds read attempt (file-image.rules)
 * 1:47972 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:46797 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:47997 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds read attempt (file-image.rules)
 * 1:47249 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47217 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS heap overflow attempt (file-other.rules)
 * 1:47981 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:48217 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader U3D engine memory corruption attempt (file-other.rules)
 * 1:48074 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds read attempt (file-other.rules)
 * 1:48124 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (file-other.rules)
 * 1:48033 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file use-after-free attempt (file-other.rules)
 * 1:48012 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)
 * 1:47248 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro crafted GIF file out-of-bounds read attempt (file-image.rules)
 * 1:47193 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF use-after-free attempt (file-other.rules)
 * 1:47266 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47194 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF use-after-free attempt (file-other.rules)
 * 1:47933 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D Engine untrusted pointer dereference attempt (file-image.rules)
 * 1:47912 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader EMF file JPEG Huffman table heap overflow attempt (file-image.rules)
 * 1:47926 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (file-other.rules)
 * 1:47927 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (file-other.rules)
 * 1:47909 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules)
 * 1:47910 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules)
 * 1:47884 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF image conversion memory corruption attempt (file-other.rules)
 * 1:47911 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader EMF file JPEG Huffman table heap overflow attempt (file-image.rules)
 * 1:47195 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47182 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file uninitialized pointer dereference attempt (file-other.rules)
 * 1:46673 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46690 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro path rendertransform out of bound write attempt (file-other.rules)
 * 1:47196 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47181 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file uninitialized pointer dereference attempt (file-other.rules)
 * 1:46694 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF embedded GIF memory corruption attempt (file-other.rules)
 * 1:47197 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:47198 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:47208 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47209 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47157 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jp2 out-of-bounds read attempt (file-image.rules)
 * 1:47126 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:47210 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EmfPlusDrawImagePoints heap overflow attempt (file-image.rules)
 * 1:47963 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules)
 * 1:47211 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EmfPlusDrawImagePoints heap overflow attempt (file-image.rules)
 * 1:47994 <-> ENABLED <-> FILE-OTHER Acrobat Adobe Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47237 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47995 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds write attempt (file-image.rules)
 * 1:46688 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS out-of-bounds read attempt (file-image.rules)
 * 1:47964 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules)
 * 1:46693 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawCurve out of bounds read attempt (file-image.rules)
 * 1:46695 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF embedded GIF memory corruption attempt (file-other.rules)
 * 1:47125 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:47993 <-> ENABLED <-> FILE-OTHER Acrobat Adobe Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47180 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF invalid EmfPlusFillRects out-of-bounds read attempt (file-other.rules)
 * 1:47857 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file object out of bounds write attempt (file-image.rules)
 * 1:47856 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file object out of bounds write attempt (file-image.rules)
 * 1:47991 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF engine type confusion attempt (file-image.rules)
 * 1:47980 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:46703 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_STRETCHDIBITS size out of bounds read attempt (file-other.rules)
 * 1:47979 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47992 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF engine type confusion attempt (file-image.rules)
 * 1:47983 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out-of-bounds read attempt (file-other.rules)
 * 1:47988 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules)
 * 1:46708 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF malformed EmfPlusPointF object buffer overflow attempt (file-other.rules)
 * 1:47987 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules)
 * 1:48218 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader U3D engine memory corruption attempt (file-other.rules)
 * 1:48219 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro JPEG Huffman table memory corruption attempt (file-image.rules)
 * 1:48220 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro JPEG Huffman table memory corruption attempt (file-image.rules)
 * 1:47942 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS heap overflow attempt (file-image.rules)
 * 1:47232 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:48242 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-other.rules)
 * 1:48243 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-other.rules)
 * 1:46691 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro path rendertransform out of bound write attempt (file-other.rules)
 * 1:47247 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro crafted GIF file out-of-bounds read attempt (file-image.rules)
 * 1:47976 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF memory corruption attempt (file-other.rules)
 * 1:47984 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out-of-bounds read attempt (file-other.rules)
 * 1:47982 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47986 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds write attempt (file-other.rules)
 * 1:47990 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:48289 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawString out of bounds read attempt (file-other.rules)
 * 1:47250 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47251 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:48290 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawString out of bounds read attempt (file-other.rules)
 * 1:46667 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:47874 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF ALPHABLEND heap overflow attempt (file-image.rules)
 * 1:48291 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawString out of bounds read attempt (file-other.rules)
 * 1:47307 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Distiller PostScript pdfmark out-of-bounds write attempt (file-other.rules)
 * 1:46692 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawCurve out of bounds read attempt (file-image.rules)
 * 1:47382 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro use after free attempt (file-image.rules)
 * 1:47218 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS heap overflow attempt (file-other.rules)
 * 1:47383 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro use after free attempt (file-image.rules)
 * 1:47941 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS heap overflow attempt (file-image.rules)
 * 1:46674 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46704 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_STRETCHDIBITS size out of bounds read attempt (file-other.rules)
 * 1:47309 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF RegionNodeCount out-of-bounds write attempt (file-other.rules)
 * 1:47397 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JPEG quantization table out-of-bounds write attempt (file-image.rules)
 * 1:47314 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL out of bounds read attempt (file-image.rules)
 * 1:47626 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader EMF path record out-of-bounds read attempt (file-other.rules)
 * 1:47630 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro untrusted pointer dereference attempt (file-other.rules)
 * 1:47396 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JPEG quantization table out-of-bounds write attempt (file-image.rules)
 * 1:47631 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro untrusted pointer dereference attempt (file-other.rules)
 * 1:47839 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SGI RGB run-length encoding out of bounds read attempt (file-image.rules)
 * 1:47683 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusRegionNodePath out of bounds read attempt (file-other.rules)
 * 1:47827 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawImagePoints out of bounds read attempt (file-image.rules)
 * 1:47682 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusRegionNodePath out of bounds read attempt (file-other.rules)
 * 1:47838 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SGI RGB run-length encoding out of bounds read attempt (file-image.rules)
 * 1:47854 <-> DISABLED <-> FILE-OTHER Adobe Acrobat HTML invalid pointer out-of-bounds read attempt (file-other.rules)
 * 1:47130 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL heap overflow attempt (file-image.rules)
 * 1:47852 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro HTML invalid pointer offset out-of-bounds read attempt (file-other.rules)
 * 1:47855 <-> DISABLED <-> FILE-OTHER Adobe Acrobat HTML invalid pointer out-of-bounds read attempt (file-other.rules)
 * 1:47828 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawImagePoints out of bounds read attempt (file-image.rules)
 * 1:47853 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro HTML invalid pointer offset out-of-bounds read attempt (file-other.rules)
 * 1:47252 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:47179 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF invalid EmfPlusFillRects out-of-bounds read attempt (file-other.rules)
 * 1:48014 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)
 * 1:48016 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-image.rules)
 * 1:48017 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-image.rules)
 * 1:48031 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:48034 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file use-after-free attempt (file-other.rules)
 * 1:48032 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:48075 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds read attempt (file-other.rules)
 * 1:48040 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules)
 * 1:48125 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (file-other.rules)
 * 1:48039 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules)
 * 1:48108 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (file-other.rules)
 * 1:48013 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)
 * 1:48107 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (file-other.rules)
 * 1:48135 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (file-image.rules)
 * 1:48134 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (file-image.rules)
 * 1:47985 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds write attempt (file-other.rules)
 * 1:47989 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:46702 <-> DISABLED <-> FILE-IMAGE Adobe Acrboat EMF invalid EMR_STRETCHDIBITS record out-of-bounds read attempt (file-image.rules)
 * 1:47233 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:46670 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46707 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF malformed EmfPlusPointF object buffer overflow attempt (file-other.rules)
 * 1:48292 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawString out of bounds read attempt (file-other.rules)
 * 1:48604 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:48605 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:41946 <-> DISABLED <-> FILE-IMAGE Microsoft GDI+ malformed EMF description out of bounds read attempt (file-image.rules)
 * 1:41947 <-> DISABLED <-> FILE-IMAGE GDI+ malformed EMF description out of bounds read attempt (file-image.rules)
 * 1:43608 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)
 * 1:43609 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)
 * 1:43902 <-> DISABLED <-> FILE-IMAGE Adobe Reader EMF EMR_STROKEPATH memory corruption attempt (file-image.rules)
 * 1:43903 <-> DISABLED <-> FILE-IMAGE Adobe Reader EMF EMR_STROKEPATH memory corruption attempt (file-image.rules)
 * 1:43973 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF comment memory corruption attempt (file-other.rules)
 * 1:43974 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF comment memory corruption attempt (file-other.rules)
 * 1:46671 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:44023 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44024 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44059 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44060 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44121 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record memory corruption attempt (file-other.rules)
 * 1:44122 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record memory corruption attempt (file-other.rules)
 * 1:45910 <-> DISABLED <-> MALWARE-CNC Cobalt Strike outbound beacon command result (malware-cnc.rules)
 * 1:46643 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF compression out of bounds write attempt (file-other.rules)
 * 1:46644 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF compression out of bounds write attempt (file-other.rules)
 * 1:46647 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF EmfPlusDrawBeziers buffer over-read attempt (file-other.rules)
 * 1:46648 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF EmfPlusDrawBeziers buffer over-read attempt (file-other.rules)
 * 1:46651 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro PDX malformed index out of bounds memory read attempt (file-other.rules)
 * 1:47962 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out of bounds write attempt (file-other.rules)
 * 1:46652 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro PDX malformed index out of bounds memory read attempt (file-other.rules)
 * 1:47268 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47331 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47625 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader EMF path record out-of-bounds read attempt (file-other.rules)
 * 1:47267 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47312 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47284 <-> DISABLED <-> FILE-OTHER Adobe Reader HTML to PDF conversion getMatchedCSSRules use-after-free attempt (file-other.rules)
 * 1:47308 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF RegionNodeCount out-of-bounds write attempt (file-other.rules)
 * 1:47306 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Distiller PostScript pdfmark out-of-bounds write attempt (file-other.rules)
 * 1:47279 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47280 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47283 <-> DISABLED <-> FILE-OTHER Adobe Reader HTML to PDF conversion getMatchedCSSRules use-after-free attempt (file-other.rules)
 * 1:47957 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawDriverString malformed GlyphCount value integer overflow attempt (file-other.rules)
 * 1:47276 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:47277 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:47332 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds write attempt (file-other.rules)
 * 1:47275 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47269 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47274 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47343 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47329 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47330 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47328 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47944 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Distiller PostScript stack overflow attempt (file-image.rules)
 * 1:47368 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro PSD malformed image data out-of-bounds write attempt (file-image.rules)
 * 1:47360 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47953 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:47359 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47361 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47362 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47367 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro PSD malformed image data out-of-bounds write attempt (file-image.rules)
 * 1:47353 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:47955 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:47960 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (file-other.rules)
 * 1:47958 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawDriverString malformed GlyphCount value integer overflow attempt (file-other.rules)
 * 1:47345 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_CREATEDIBPATTERNBRUSHPT record buffer overflow attempt (file-other.rules)
 * 1:47356 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47350 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:47352 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:47351 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:47346 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_CREATEDIBPATTERNBRUSHPT record buffer overflow attempt (file-other.rules)
 * 1:47344 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47959 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (file-other.rules)
 * 1:47961 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out of bounds write attempt (file-other.rules)
 * 1:47333 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds write attempt (file-other.rules)
 * 1:47952 <-> DISABLED <-> FILE-OTHER Adobe Distiller PostScript conversion heap overflow attempt (file-other.rules)
 * 1:47950 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47949 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47357 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47951 <-> DISABLED <-> FILE-OTHER Adobe Distiller PostScript conversion heap overflow attempt (file-other.rules)
 * 1:47943 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Distiller PostScript stack overflow attempt (file-image.rules)
 * 1:47370 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds memory access attempt (file-other.rules)
 * 1:47369 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds memory access attempt (file-other.rules)
 * 1:47956 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:47954 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:47385 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:48642 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF out of bounds read attempt (file-other.rules)
 * 1:46733 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds read attempt (file-other.rules)
 * 1:46728 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF embedded GIF LZW compression out of bound read attempt (file-other.rules)
 * 1:47124 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:46655 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS2PDF conversion buffer over-read attempt (file-other.rules)
 * 1:52213 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (os-windows.rules)
 * 1:52214 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (os-windows.rules)
 * 1:53967 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user and group creation command injection attempt (server-webapp.rules)
 * 1:53968 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user and group creation command injection attempt (server-webapp.rules)
 * 1:53969 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user and group creation command injection attempt (server-webapp.rules)
 * 1:53970 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user and group creation command injection attempt (server-webapp.rules)
 * 1:47315 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL out of bounds read attempt (file-image.rules)
 * 1:47129 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL heap overflow attempt (file-image.rules)
 * 1:46709 <-> ENABLED <-> FILE-OTHER Adobe Professional EMF embedded image heap overflow attempt (file-other.rules)
 * 1:46698 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF embedded DIB out of bound read attempt (file-other.rules)
 * 1:47313 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47975 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF memory corruption attempt (file-other.rules)
 * 1:53972 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike beacon.dll DNS download attempt (malware-other.rules)
 * 1:53975 <-> DISABLED <-> INDICATOR-COMPROMISE Cobalt Strike multiple large DNS TXT query responses (indicator-compromise.rules)
 * 1:54014 <-> ENABLED <-> MALWARE-CNC Win.Malware.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:47123 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:46656 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS2PDF conversion buffer over-read attempt (file-other.rules)
 * 1:46659 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader jp2 double free attempt (file-other.rules)
 * 1:46717 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object heap overflow attempt (file-image.rules)
 * 1:47143 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)
 * 1:46660 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader jp2 double free attempt (file-other.rules)
 * 1:47153 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)

2020-06-09 23:58:59 UTC

Snort Subscriber Rules Update

Date: 2020-06-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54204 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54221 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Packed.Amg0fxii-8010198-0 download attempt (malware-other.rules)
 * 1:54223 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet admin panel image injection CSRF attempt (server-oracle.rules)
 * 1:54224 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet admin panel image injection attempt (server-oracle.rules)
 * 1:54207 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54172 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike signed java applet download attempt (malware-other.rules)
 * 1:54213 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54193 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54243 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Media Foundation getKeyForIndex out-of-bounds read attempt (file-multimedia.rules)
 * 1:54217 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB srv2.sys information disclosure attempt (os-windows.rules)
 * 1:54216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k type confusion attempt (os-windows.rules)
 * 1:54250 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel security feature bypass attempt (os-windows.rules)
 * 1:54248 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys remote code execution attempt (os-windows.rules)
 * 1:54245 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54246 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54239 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54244 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Media Foundation getKeyForIndex out-of-bounds read attempt (file-multimedia.rules)
 * 1:54241 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateDIBitmap privilege escalation attempt (os-windows.rules)
 * 1:54242 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateDIBitmap privilege escalation attempt (os-windows.rules)
 * 1:54235 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS cross site scripting attempt (server-webapp.rules)
 * 1:54240 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMBv1 remote code execution attempt (os-windows.rules)
 * 1:54237 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54238 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54231 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules)
 * 1:54236 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54233 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript memory corruption attempt (browser-ie.rules)
 * 1:54234 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS cross site scripting attempt (server-webapp.rules)
 * 1:54227 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ngrbot-8010339-0 download attempt (malware-other.rules)
 * 1:54232 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript memory corruption attempt (browser-ie.rules)
 * 1:54229 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8010482-0 download attempt (malware-other.rules)
 * 1:54230 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules)
 * 1:54228 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8010482-0 download attempt (malware-other.rules)
 * 1:54225 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet admin panel image injection CSRF attempt (server-oracle.rules)
 * 1:54226 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ngrbot-8010339-0 download attempt (malware-other.rules)
 * 1:54249 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel security feature bypass attempt (os-windows.rules)
 * 1:54271 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB chained compression out of bounds read attempt (os-windows.rules)
 * 1:54278 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-8011051-0 download attempt (malware-other.rules)
 * 1:54280 <-> ENABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules)
 * 1:54281 <-> ENABLED <-> INDICATOR-SCAN CallStranger UPnP discovery attempt (indicator-scan.rules)
 * 1:54274 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-8010924-0 download attempt (malware-other.rules)
 * 1:54276 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif malicious outbound connection attempt - gravity generated detection (malware-other.rules)
 * 1:54279 <-> ENABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules)
 * 1:54270 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB chained compression out of bounds read attempt (os-windows.rules)
 * 1:54277 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-8011051-0 download attempt (malware-other.rules)
 * 1:54275 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-8010924-0 download attempt (malware-other.rules)
 * 1:54272 <-> DISABLED <-> SERVER-WEBAPP Centreon Monitoring tool command injection attempt (server-webapp.rules)
 * 1:54273 <-> DISABLED <-> SERVER-WEBAPP Centreon Monitoring tool command injection attempt (server-webapp.rules)
 * 1:54247 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys remote code execution attempt (os-windows.rules)
 * 1:54209 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54212 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54198 <-> DISABLED <-> SERVER-WEBAPP TP-LINK Cloud Cameras NCXXX Bonjour command injection attempt (server-webapp.rules)
 * 1:54202 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54167 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-7998106-0 download attempt (malware-other.rules)
 * 1:54211 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54214 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet Web Server unauthenticated information disclosure attempt (server-oracle.rules)
 * 1:54171 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike signed java applet download attempt (malware-other.rules)
 * 1:54170 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike signed java applet execution attempt (malware-other.rules)
 * 1:54179 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Zusy-8002903-0 download attempt (malware-other.rules)
 * 1:54184 <-> DISABLED <-> SERVER-OTHER lodash defaultsDeep prototype pollution attempt (server-other.rules)
 * 1:54180 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike system profiling attempt (malware-other.rules)
 * 1:54168 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-7998106-0 download attempt (malware-other.rules)
 * 1:54194 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54166 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Razy-7997331-0 download attempt (malware-other.rules)
 * 1:54190 <-> ENABLED <-> FILE-PDF Adobe Reader custom JavaScript field use-after-free attempt (file-pdf.rules)
 * 1:54187 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.RagnarLocker initial download (malware-other.rules)
 * 1:54175 <-> DISABLED <-> INDICATOR-COMPROMISE Cobalt Strike default signed applet attack URI (indicator-compromise.rules)
 * 1:54182 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike system profiling attempt (malware-other.rules)
 * 1:54186 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Samas-7998113-0 download attempt (malware-other.rules)
 * 1:54185 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Samas-7998113-0 download attempt (malware-other.rules)
 * 1:54208 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54203 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54219 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-8009335-0 download attempt (malware-other.rules)
 * 1:54222 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet admin panel image injection attempt (server-oracle.rules)
 * 1:54220 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Packed.Amg0fxii-8010198-0 download attempt (malware-other.rules)
 * 1:54218 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-8009335-0 download attempt (malware-other.rules)
 * 1:54196 <-> DISABLED <-> SERVER-WEBAPP TP-LINK Cloud Cameras NCXXX Bonjour command injection attempt (server-webapp.rules)
 * 1:54192 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54199 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54206 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54177 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Zusy-8002902-0 download attempt (malware-other.rules)
 * 1:54178 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Zusy-8002903-0 download attempt (malware-other.rules)
 * 1:54176 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Zusy-8002902-0 download attempt (malware-other.rules)
 * 1:54188 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.RagnarLocker initial download (malware-other.rules)
 * 1:54181 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike system profiling attempt (malware-other.rules)
 * 1:54174 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike signed java applet download attempt (malware-other.rules)
 * 1:54173 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike signed java applet download attempt (malware-other.rules)
 * 1:54210 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54197 <-> DISABLED <-> SERVER-WEBAPP TP-LINK Cloud Cameras NCXXX Bonjour command injection attempt (server-webapp.rules)
 * 1:54191 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54165 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Razy-7997331-0 download attempt (malware-other.rules)
 * 1:54183 <-> DISABLED <-> INDICATOR-COMPROMISE Cobalt Strike default smart applet attack URI (indicator-compromise.rules)
 * 1:54201 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54189 <-> ENABLED <-> FILE-PDF Adobe Reader custom JavaScript field use-after-free attempt (file-pdf.rules)
 * 1:54200 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54195 <-> DISABLED <-> SERVER-WEBAPP TP-LINK Cloud Cameras NCXXX Bonjour command injection attempt (server-webapp.rules)
 * 1:54169 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike signed java applet execution attempt (malware-other.rules)
 * 1:54215 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k type confusion attempt (os-windows.rules)
 * 1:54205 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 3:54256 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1082 attack attempt (server-webapp.rules)
 * 3:54251 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1080 attack attempt (server-webapp.rules)
 * 3:54254 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1082 attack attempt (server-webapp.rules)
 * 3:54268 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1081 attack attempt (server-webapp.rules)
 * 3:54260 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1078 attack attempt (server-webapp.rules)
 * 3:54253 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1080 attack attempt (server-webapp.rules)
 * 3:54264 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1079 attack attempt (server-webapp.rules)
 * 3:54262 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1079 attack attempt (server-webapp.rules)
 * 3:54266 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1088 attack attempt (browser-other.rules)
 * 3:54263 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1079 attack attempt (server-webapp.rules)
 * 3:54255 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1082 attack attempt (server-webapp.rules)
 * 3:54252 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1080 attack attempt (server-webapp.rules)
 * 3:54269 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1081 attack attempt (server-webapp.rules)
 * 3:54257 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1083 attack attempt (server-webapp.rules)
 * 3:54265 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1088 attack attempt (browser-other.rules)
 * 3:54258 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1083 attack attempt (server-webapp.rules)
 * 3:54259 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1078 attack attempt (server-webapp.rules)
 * 3:54267 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1081 attack attempt (server-webapp.rules)
 * 3:54261 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1078 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:47183 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusFillRects type confusion attempt (file-other.rules)
 * 1:47359 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47972 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:48002 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D engine untrusted pointer dereference attempt (file-image.rules)
 * 1:48011 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)
 * 1:46797 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:47943 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Distiller PostScript stack overflow attempt (file-image.rules)
 * 1:47184 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusFillRects type confusion attempt (file-other.rules)
 * 1:47957 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawDriverString malformed GlyphCount value integer overflow attempt (file-other.rules)
 * 1:47157 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jp2 out-of-bounds read attempt (file-image.rules)
 * 1:47959 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (file-other.rules)
 * 1:47238 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47961 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out of bounds write attempt (file-other.rules)
 * 1:47958 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawDriverString malformed GlyphCount value integer overflow attempt (file-other.rules)
 * 1:47182 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file uninitialized pointer dereference attempt (file-other.rules)
 * 1:46671 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:47181 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file uninitialized pointer dereference attempt (file-other.rules)
 * 1:47976 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF memory corruption attempt (file-other.rules)
 * 1:47353 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:46733 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds read attempt (file-other.rules)
 * 1:47996 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds write attempt (file-image.rules)
 * 1:48009 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro integer overflow attempt (file-image.rules)
 * 1:47333 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds write attempt (file-other.rules)
 * 1:41947 <-> DISABLED <-> FILE-IMAGE GDI+ malformed EMF description out of bounds read attempt (file-image.rules)
 * 1:43609 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)
 * 1:47179 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF invalid EmfPlusFillRects out-of-bounds read attempt (file-other.rules)
 * 1:43902 <-> DISABLED <-> FILE-IMAGE Adobe Reader EMF EMR_STROKEPATH memory corruption attempt (file-image.rules)
 * 1:46643 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF compression out of bounds write attempt (file-other.rules)
 * 1:46718 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object heap overflow attempt (file-image.rules)
 * 1:47309 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF RegionNodeCount out-of-bounds write attempt (file-other.rules)
 * 1:46725 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG out of bounds read attempt (file-image.rules)
 * 1:47954 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:47979 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:46798 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:48032 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47356 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:46812 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds read attempt (file-other.rules)
 * 1:47980 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47955 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:47993 <-> ENABLED <-> FILE-OTHER Acrobat Adobe Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47953 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:47362 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47369 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds memory access attempt (file-other.rules)
 * 1:46726 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG out of bounds read attempt (file-image.rules)
 * 1:46688 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS out-of-bounds read attempt (file-image.rules)
 * 1:46727 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF embedded GIF LZW compression out of bound read attempt (file-other.rules)
 * 1:47956 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:47154 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:46651 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro PDX malformed index out of bounds memory read attempt (file-other.rules)
 * 1:47140 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out-of-bounds read attempt (file-other.rules)
 * 1:46655 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS2PDF conversion buffer over-read attempt (file-other.rules)
 * 1:46668 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46876 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object out of bounds read attempt (file-image.rules)
 * 1:47143 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)
 * 1:48134 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (file-image.rules)
 * 1:48107 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (file-other.rules)
 * 1:47312 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:41946 <-> DISABLED <-> FILE-IMAGE Microsoft GDI+ malformed EMF description out of bounds read attempt (file-image.rules)
 * 1:48039 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules)
 * 1:47994 <-> ENABLED <-> FILE-OTHER Acrobat Adobe Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47981 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:46652 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro PDX malformed index out of bounds memory read attempt (file-other.rules)
 * 1:47975 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF memory corruption attempt (file-other.rules)
 * 1:47982 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47995 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds write attempt (file-image.rules)
 * 1:47998 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds read attempt (file-image.rules)
 * 1:47983 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out-of-bounds read attempt (file-other.rules)
 * 1:47984 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out-of-bounds read attempt (file-other.rules)
 * 1:47139 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out-of-bounds read attempt (file-other.rules)
 * 1:44122 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record memory corruption attempt (file-other.rules)
 * 1:46734 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds read attempt (file-other.rules)
 * 1:44121 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record memory corruption attempt (file-other.rules)
 * 1:45910 <-> DISABLED <-> MALWARE-CNC Cobalt Strike outbound beacon command result (malware-cnc.rules)
 * 1:47992 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF engine type confusion attempt (file-image.rules)
 * 1:48108 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (file-other.rules)
 * 1:44060 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:48135 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (file-image.rules)
 * 1:47985 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds write attempt (file-other.rules)
 * 1:47986 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds write attempt (file-other.rules)
 * 1:47987 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules)
 * 1:47382 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro use after free attempt (file-image.rules)
 * 1:48010 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro integer overflow attempt (file-image.rules)
 * 1:47344 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47367 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro PSD malformed image data out-of-bounds write attempt (file-image.rules)
 * 1:43974 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF comment memory corruption attempt (file-other.rules)
 * 1:47360 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47059 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-image.rules)
 * 1:47383 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro use after free attempt (file-image.rules)
 * 1:43903 <-> DISABLED <-> FILE-IMAGE Adobe Reader EMF EMR_STROKEPATH memory corruption attempt (file-image.rules)
 * 1:47357 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47193 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF use-after-free attempt (file-other.rules)
 * 1:47370 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds memory access attempt (file-other.rules)
 * 1:46719 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object heap overflow attempt (file-image.rules)
 * 1:48003 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D engine untrusted pointer dereference attempt (file-image.rules)
 * 1:47988 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules)
 * 1:47942 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS heap overflow attempt (file-image.rules)
 * 1:47361 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47194 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF use-after-free attempt (file-other.rules)
 * 1:47989 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:47060 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-image.rules)
 * 1:47195 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:48218 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader U3D engine memory corruption attempt (file-other.rules)
 * 1:46720 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object heap overflow attempt (file-image.rules)
 * 1:46813 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds read attempt (file-other.rules)
 * 1:48219 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro JPEG Huffman table memory corruption attempt (file-image.rules)
 * 1:47144 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)
 * 1:47196 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:46659 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader jp2 double free attempt (file-other.rules)
 * 1:46644 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF compression out of bounds write attempt (file-other.rules)
 * 1:47950 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47990 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:48220 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro JPEG Huffman table memory corruption attempt (file-image.rules)
 * 1:47158 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jp2 out-of-bounds read attempt (file-image.rules)
 * 1:47308 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF RegionNodeCount out-of-bounds write attempt (file-other.rules)
 * 1:47277 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:47197 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:47307 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Distiller PostScript pdfmark out-of-bounds write attempt (file-other.rules)
 * 1:47274 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47198 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:47306 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Distiller PostScript pdfmark out-of-bounds write attempt (file-other.rules)
 * 1:47283 <-> DISABLED <-> FILE-OTHER Adobe Reader HTML to PDF conversion getMatchedCSSRules use-after-free attempt (file-other.rules)
 * 1:47280 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:46670 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:48242 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-other.rules)
 * 1:47279 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47269 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47208 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47275 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47209 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47368 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro PSD malformed image data out-of-bounds write attempt (file-image.rules)
 * 1:47330 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:48243 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-other.rules)
 * 1:47210 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EmfPlusDrawImagePoints heap overflow attempt (file-image.rules)
 * 1:46673 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:47276 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:47211 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EmfPlusDrawImagePoints heap overflow attempt (file-image.rules)
 * 1:48017 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-image.rules)
 * 1:46672 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:47854 <-> DISABLED <-> FILE-OTHER Adobe Acrobat HTML invalid pointer out-of-bounds read attempt (file-other.rules)
 * 1:47346 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_CREATEDIBPATTERNBRUSHPT record buffer overflow attempt (file-other.rules)
 * 1:47855 <-> DISABLED <-> FILE-OTHER Adobe Acrobat HTML invalid pointer out-of-bounds read attempt (file-other.rules)
 * 1:47853 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro HTML invalid pointer offset out-of-bounds read attempt (file-other.rules)
 * 1:46669 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:47875 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF ALPHABLEND heap overflow attempt (file-image.rules)
 * 1:47857 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file object out of bounds write attempt (file-image.rules)
 * 1:47874 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF ALPHABLEND heap overflow attempt (file-image.rules)
 * 1:47856 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file object out of bounds write attempt (file-image.rules)
 * 1:47932 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D Engine untrusted pointer dereference attempt (file-image.rules)
 * 1:47939 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF+ GIF parsing out of bounds read attempt (file-image.rules)
 * 1:47941 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS heap overflow attempt (file-image.rules)
 * 1:47940 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF+ GIF parsing out of bounds read attempt (file-image.rules)
 * 1:47911 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader EMF file JPEG Huffman table heap overflow attempt (file-image.rules)
 * 1:47933 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D Engine untrusted pointer dereference attempt (file-image.rules)
 * 1:47907 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules)
 * 1:47891 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object out of bounds read attempt (file-image.rules)
 * 1:47908 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules)
 * 1:47909 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules)
 * 1:47910 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules)
 * 1:47884 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF image conversion memory corruption attempt (file-other.rules)
 * 1:47180 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF invalid EmfPlusFillRects out-of-bounds read attempt (file-other.rules)
 * 1:47247 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro crafted GIF file out-of-bounds read attempt (file-image.rules)
 * 1:47250 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47237 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47248 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro crafted GIF file out-of-bounds read attempt (file-image.rules)
 * 1:48014 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)
 * 1:47284 <-> DISABLED <-> FILE-OTHER Adobe Reader HTML to PDF conversion getMatchedCSSRules use-after-free attempt (file-other.rules)
 * 1:47266 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47267 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47268 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47125 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:48034 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file use-after-free attempt (file-other.rules)
 * 1:48075 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds read attempt (file-other.rules)
 * 1:48125 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (file-other.rules)
 * 1:48013 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)
 * 1:48031 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47352 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:46674 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:43608 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)
 * 1:46694 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF embedded GIF memory corruption attempt (file-other.rules)
 * 1:48016 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-image.rules)
 * 1:48040 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules)
 * 1:47332 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds write attempt (file-other.rules)
 * 1:47343 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47351 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:47329 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47350 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:47345 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_CREATEDIBPATTERNBRUSHPT record buffer overflow attempt (file-other.rules)
 * 1:47991 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF engine type confusion attempt (file-image.rules)
 * 1:47964 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules)
 * 1:47331 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47962 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out of bounds write attempt (file-other.rules)
 * 1:46667 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:47130 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL heap overflow attempt (file-image.rules)
 * 1:46702 <-> DISABLED <-> FILE-IMAGE Adobe Acrboat EMF invalid EMR_STRETCHDIBITS record out-of-bounds read attempt (file-image.rules)
 * 1:47396 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JPEG quantization table out-of-bounds write attempt (file-image.rules)
 * 1:47626 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader EMF path record out-of-bounds read attempt (file-other.rules)
 * 1:47631 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro untrusted pointer dereference attempt (file-other.rules)
 * 1:47944 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Distiller PostScript stack overflow attempt (file-image.rules)
 * 1:47682 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusRegionNodePath out of bounds read attempt (file-other.rules)
 * 1:47952 <-> DISABLED <-> FILE-OTHER Adobe Distiller PostScript conversion heap overflow attempt (file-other.rules)
 * 1:47828 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawImagePoints out of bounds read attempt (file-image.rules)
 * 1:46699 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF embedded DIB out of bound read attempt (file-other.rules)
 * 1:47683 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusRegionNodePath out of bounds read attempt (file-other.rules)
 * 1:46689 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS out-of-bounds read attempt (file-image.rules)
 * 1:47839 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SGI RGB run-length encoding out of bounds read attempt (file-image.rules)
 * 1:47630 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro untrusted pointer dereference attempt (file-other.rules)
 * 1:47827 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawImagePoints out of bounds read attempt (file-image.rules)
 * 1:47385 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:47852 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro HTML invalid pointer offset out-of-bounds read attempt (file-other.rules)
 * 1:47625 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader EMF path record out-of-bounds read attempt (file-other.rules)
 * 1:47251 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:47314 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL out of bounds read attempt (file-image.rules)
 * 1:46698 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF embedded DIB out of bound read attempt (file-other.rules)
 * 1:46692 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawCurve out of bounds read attempt (file-image.rules)
 * 1:47313 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47328 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47951 <-> DISABLED <-> FILE-OTHER Adobe Distiller PostScript conversion heap overflow attempt (file-other.rules)
 * 1:46695 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF embedded GIF memory corruption attempt (file-other.rules)
 * 1:46690 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro path rendertransform out of bound write attempt (file-other.rules)
 * 1:47315 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL out of bounds read attempt (file-image.rules)
 * 1:47971 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47949 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47233 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47218 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS heap overflow attempt (file-other.rules)
 * 1:47232 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:46709 <-> ENABLED <-> FILE-OTHER Adobe Professional EMF embedded image heap overflow attempt (file-other.rules)
 * 1:46704 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_STRETCHDIBITS size out of bounds read attempt (file-other.rules)
 * 1:47249 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47397 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JPEG quantization table out-of-bounds write attempt (file-image.rules)
 * 1:47217 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS heap overflow attempt (file-other.rules)
 * 1:46707 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF malformed EmfPlusPointF object buffer overflow attempt (file-other.rules)
 * 1:46708 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF malformed EmfPlusPointF object buffer overflow attempt (file-other.rules)
 * 1:46703 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_STRETCHDIBITS size out of bounds read attempt (file-other.rules)
 * 1:46691 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro path rendertransform out of bound write attempt (file-other.rules)
 * 1:46701 <-> DISABLED <-> FILE-IMAGE Adobe Acrboat EMF invalid EMR_STRETCHDIBITS record out-of-bounds read attempt (file-image.rules)
 * 1:46693 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawCurve out of bounds read attempt (file-image.rules)
 * 1:48289 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawString out of bounds read attempt (file-other.rules)
 * 1:44024 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:46710 <-> ENABLED <-> FILE-OTHER Adobe Professional EMF embedded image heap overflow attempt (file-other.rules)
 * 1:46875 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object out of bounds read attempt (file-image.rules)
 * 1:47124 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:48290 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawString out of bounds read attempt (file-other.rules)
 * 1:46648 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF EmfPlusDrawBeziers buffer over-read attempt (file-other.rules)
 * 1:46960 <-> DISABLED <-> FILE-OTHER Adobe Flash Player AMF0 Shared Object integer overflow attempt (file-other.rules)
 * 1:48291 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawString out of bounds read attempt (file-other.rules)
 * 1:48292 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawString out of bounds read attempt (file-other.rules)
 * 1:48604 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:48605 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:48642 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF out of bounds read attempt (file-other.rules)
 * 1:47838 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SGI RGB run-length encoding out of bounds read attempt (file-image.rules)
 * 1:52213 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (os-windows.rules)
 * 1:52214 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (os-windows.rules)
 * 1:53967 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user and group creation command injection attempt (server-webapp.rules)
 * 1:53968 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user and group creation command injection attempt (server-webapp.rules)
 * 1:53969 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user and group creation command injection attempt (server-webapp.rules)
 * 1:53970 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user and group creation command injection attempt (server-webapp.rules)
 * 1:53972 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike beacon.dll DNS download attempt (malware-other.rules)
 * 1:53975 <-> DISABLED <-> INDICATOR-COMPROMISE Cobalt Strike multiple large DNS TXT query responses (indicator-compromise.rules)
 * 1:43973 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF comment memory corruption attempt (file-other.rules)
 * 1:46717 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object heap overflow attempt (file-image.rules)
 * 1:44023 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44059 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:47123 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:46647 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF EmfPlusDrawBeziers buffer over-read attempt (file-other.rules)
 * 1:46660 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader jp2 double free attempt (file-other.rules)
 * 1:47153 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:54014 <-> ENABLED <-> MALWARE-CNC Win.Malware.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:47963 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules)
 * 1:47997 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds read attempt (file-image.rules)
 * 1:48012 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)
 * 1:47960 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (file-other.rules)
 * 1:47126 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:47129 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL heap overflow attempt (file-image.rules)
 * 1:48217 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader U3D engine memory corruption attempt (file-other.rules)
 * 1:48124 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (file-other.rules)
 * 1:48033 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file use-after-free attempt (file-other.rules)
 * 1:48074 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds read attempt (file-other.rules)
 * 1:46728 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF embedded GIF LZW compression out of bound read attempt (file-other.rules)
 * 1:47252 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:47384 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:46656 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS2PDF conversion buffer over-read attempt (file-other.rules)
 * 1:47883 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF image conversion memory corruption attempt (file-other.rules)
 * 1:47892 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object out of bounds read attempt (file-image.rules)
 * 1:47912 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader EMF file JPEG Huffman table heap overflow attempt (file-image.rules)
 * 1:47927 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (file-other.rules)
 * 1:47926 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (file-other.rules)

2020-06-09 23:58:59 UTC

Snort Subscriber Rules Update

Date: 2020-06-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54246 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (snort3-browser-ie.rules)
 * 1:54234 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS cross site scripting attempt (snort3-server-webapp.rules)
 * 1:54224 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet admin panel image injection attempt (snort3-server-oracle.rules)
 * 1:54280 <-> ENABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (snort3-indicator-compromise.rules)
 * 1:54241 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateDIBitmap privilege escalation attempt (snort3-os-windows.rules)
 * 1:54216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k type confusion attempt (snort3-os-windows.rules)
 * 1:54203 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:54212 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:54191 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (snort3-browser-ie.rules)
 * 1:54188 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.RagnarLocker initial download (snort3-malware-other.rules)
 * 1:54198 <-> DISABLED <-> SERVER-WEBAPP TP-LINK Cloud Cameras NCXXX Bonjour command injection attempt (snort3-server-webapp.rules)
 * 1:54247 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys remote code execution attempt (snort3-os-windows.rules)
 * 1:54190 <-> ENABLED <-> FILE-PDF Adobe Reader custom JavaScript field use-after-free attempt (snort3-file-pdf.rules)
 * 1:54168 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-7998106-0 download attempt (snort3-malware-other.rules)
 * 1:54181 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike system profiling attempt (snort3-malware-other.rules)
 * 1:54184 <-> DISABLED <-> SERVER-OTHER lodash defaultsDeep prototype pollution attempt (snort3-server-other.rules)
 * 1:54186 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Samas-7998113-0 download attempt (snort3-malware-other.rules)
 * 1:54173 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike signed java applet download attempt (snort3-malware-other.rules)
 * 1:54172 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike signed java applet download attempt (snort3-malware-other.rules)
 * 1:54174 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike signed java applet download attempt (snort3-malware-other.rules)
 * 1:54185 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Samas-7998113-0 download attempt (snort3-malware-other.rules)
 * 1:54215 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k type confusion attempt (snort3-os-windows.rules)
 * 1:54179 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Zusy-8002903-0 download attempt (snort3-malware-other.rules)
 * 1:54206 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:54196 <-> DISABLED <-> SERVER-WEBAPP TP-LINK Cloud Cameras NCXXX Bonjour command injection attempt (snort3-server-webapp.rules)
 * 1:54197 <-> DISABLED <-> SERVER-WEBAPP TP-LINK Cloud Cameras NCXXX Bonjour command injection attempt (snort3-server-webapp.rules)
 * 1:54232 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript memory corruption attempt (snort3-browser-ie.rules)
 * 1:54207 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:54202 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:54169 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike signed java applet execution attempt (snort3-malware-other.rules)
 * 1:54222 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet admin panel image injection attempt (snort3-server-oracle.rules)
 * 1:54229 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8010482-0 download attempt (snort3-malware-other.rules)
 * 1:54199 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:54205 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:54176 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Zusy-8002902-0 download attempt (snort3-malware-other.rules)
 * 1:54219 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-8009335-0 download attempt (snort3-malware-other.rules)
 * 1:54217 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB srv2.sys information disclosure attempt (snort3-os-windows.rules)
 * 1:54270 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB chained compression out of bounds read attempt (snort3-os-windows.rules)
 * 1:54231 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine memory corruption attempt (snort3-browser-ie.rules)
 * 1:54230 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine memory corruption attempt (snort3-browser-ie.rules)
 * 1:54195 <-> DISABLED <-> SERVER-WEBAPP TP-LINK Cloud Cameras NCXXX Bonjour command injection attempt (snort3-server-webapp.rules)
 * 1:54218 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-8009335-0 download attempt (snort3-malware-other.rules)
 * 1:54271 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB chained compression out of bounds read attempt (snort3-os-windows.rules)
 * 1:54239 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (snort3-browser-ie.rules)
 * 1:54223 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet admin panel image injection CSRF attempt (snort3-server-oracle.rules)
 * 1:54243 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Media Foundation getKeyForIndex out-of-bounds read attempt (snort3-file-multimedia.rules)
 * 1:54250 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel security feature bypass attempt (snort3-os-windows.rules)
 * 1:54182 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike system profiling attempt (snort3-malware-other.rules)
 * 1:54227 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ngrbot-8010339-0 download attempt (snort3-malware-other.rules)
 * 1:54167 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-7998106-0 download attempt (snort3-malware-other.rules)
 * 1:54276 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif malicious outbound connection attempt - gravity generated detection (snort3-malware-other.rules)
 * 1:54272 <-> DISABLED <-> SERVER-WEBAPP Centreon Monitoring tool command injection attempt (snort3-server-webapp.rules)
 * 1:54210 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:54213 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:54278 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-8011051-0 download attempt (snort3-malware-other.rules)
 * 1:54277 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-8011051-0 download attempt (snort3-malware-other.rules)
 * 1:54273 <-> DISABLED <-> SERVER-WEBAPP Centreon Monitoring tool command injection attempt (snort3-server-webapp.rules)
 * 1:54208 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:54177 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Zusy-8002902-0 download attempt (snort3-malware-other.rules)
 * 1:54220 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Packed.Amg0fxii-8010198-0 download attempt (snort3-malware-other.rules)
 * 1:54274 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-8010924-0 download attempt (snort3-malware-other.rules)
 * 1:54170 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike signed java applet execution attempt (snort3-malware-other.rules)
 * 1:54211 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:54240 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMBv1 remote code execution attempt (snort3-os-windows.rules)
 * 1:54235 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS cross site scripting attempt (snort3-server-webapp.rules)
 * 1:54236 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (snort3-browser-ie.rules)
 * 1:54244 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Media Foundation getKeyForIndex out-of-bounds read attempt (snort3-file-multimedia.rules)
 * 1:54238 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (snort3-browser-ie.rules)
 * 1:54242 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateDIBitmap privilege escalation attempt (snort3-os-windows.rules)
 * 1:54249 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel security feature bypass attempt (snort3-os-windows.rules)
 * 1:54233 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript memory corruption attempt (snort3-browser-ie.rules)
 * 1:54189 <-> ENABLED <-> FILE-PDF Adobe Reader custom JavaScript field use-after-free attempt (snort3-file-pdf.rules)
 * 1:54192 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (snort3-browser-ie.rules)
 * 1:54194 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (snort3-browser-ie.rules)
 * 1:54187 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.RagnarLocker initial download (snort3-malware-other.rules)
 * 1:54175 <-> DISABLED <-> INDICATOR-COMPROMISE Cobalt Strike default signed applet attack URI (snort3-indicator-compromise.rules)
 * 1:54178 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Zusy-8002903-0 download attempt (snort3-malware-other.rules)
 * 1:54180 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike system profiling attempt (snort3-malware-other.rules)
 * 1:54281 <-> ENABLED <-> INDICATOR-SCAN CallStranger UPnP discovery attempt (snort3-indicator-scan.rules)
 * 1:54248 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys remote code execution attempt (snort3-os-windows.rules)
 * 1:54225 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet admin panel image injection CSRF attempt (snort3-server-oracle.rules)
 * 1:54165 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Razy-7997331-0 download attempt (snort3-malware-other.rules)
 * 1:54166 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Razy-7997331-0 download attempt (snort3-malware-other.rules)
 * 1:54193 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (snort3-browser-ie.rules)
 * 1:54201 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:54204 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:54275 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-8010924-0 download attempt (snort3-malware-other.rules)
 * 1:54221 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Packed.Amg0fxii-8010198-0 download attempt (snort3-malware-other.rules)
 * 1:54209 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:54171 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike signed java applet download attempt (snort3-malware-other.rules)
 * 1:54183 <-> DISABLED <-> INDICATOR-COMPROMISE Cobalt Strike default smart applet attack URI (snort3-indicator-compromise.rules)
 * 1:54226 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ngrbot-8010339-0 download attempt (snort3-malware-other.rules)
 * 1:54237 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (snort3-browser-ie.rules)
 * 1:54228 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8010482-0 download attempt (snort3-malware-other.rules)
 * 1:54279 <-> ENABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (snort3-indicator-compromise.rules)
 * 1:54245 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (snort3-browser-ie.rules)
 * 1:54200 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:54214 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet Web Server unauthenticated information disclosure attempt (snort3-server-oracle.rules)

Modified Rules:


 * 1:47979 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (snort3-file-image.rules)
 * 1:47959 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (snort3-file-other.rules)
 * 1:47980 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (snort3-file-image.rules)
 * 1:47971 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (snort3-file-image.rules)
 * 1:47976 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF memory corruption attempt (snort3-file-other.rules)
 * 1:47955 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (snort3-file-image.rules)
 * 1:47972 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (snort3-file-image.rules)
 * 1:47961 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out of bounds write attempt (snort3-file-other.rules)
 * 1:46733 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds read attempt (snort3-file-other.rules)
 * 1:46812 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds read attempt (snort3-file-other.rules)
 * 1:48011 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (snort3-file-image.rules)
 * 1:46726 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG out of bounds read attempt (snort3-file-image.rules)
 * 1:47124 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (snort3-file-other.rules)
 * 1:48075 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47998 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds read attempt (snort3-file-image.rules)
 * 1:48074 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47994 <-> ENABLED <-> FILE-OTHER Acrobat Adobe Pro XPS out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47991 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF engine type confusion attempt (snort3-file-image.rules)
 * 1:47986 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds write attempt (snort3-file-other.rules)
 * 1:47987 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47989 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (snort3-file-other.rules)
 * 1:48002 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D engine untrusted pointer dereference attempt (snort3-file-image.rules)
 * 1:47988 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47992 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF engine type confusion attempt (snort3-file-image.rules)
 * 1:48003 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D engine untrusted pointer dereference attempt (snort3-file-image.rules)
 * 1:47993 <-> ENABLED <-> FILE-OTHER Acrobat Adobe Pro XPS out-of-bounds read attempt (snort3-file-other.rules)
 * 1:48009 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro integer overflow attempt (snort3-file-image.rules)
 * 1:47997 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds read attempt (snort3-file-image.rules)
 * 1:47983 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out-of-bounds read attempt (snort3-file-other.rules)
 * 1:48039 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (snort3-file-image.rules)
 * 1:47990 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (snort3-file-other.rules)
 * 1:53970 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user and group creation command injection attempt (snort3-server-webapp.rules)
 * 1:46719 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object heap overflow attempt (snort3-file-image.rules)
 * 1:47157 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jp2 out-of-bounds read attempt (snort3-file-image.rules)
 * 1:46798 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (snort3-file-other.rules)
 * 1:47995 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds write attempt (snort3-file-image.rules)
 * 1:47996 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds write attempt (snort3-file-image.rules)
 * 1:47123 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (snort3-file-other.rules)
 * 1:53968 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user and group creation command injection attempt (snort3-server-webapp.rules)
 * 1:46725 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG out of bounds read attempt (snort3-file-image.rules)
 * 1:46717 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object heap overflow attempt (snort3-file-image.rules)
 * 1:47144 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (snort3-file-other.rules)
 * 1:48013 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (snort3-file-image.rules)
 * 1:47059 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed EMF out of bounds read attempt (snort3-file-image.rules)
 * 1:53975 <-> DISABLED <-> INDICATOR-COMPROMISE Cobalt Strike multiple large DNS TXT query responses (snort3-indicator-compromise.rules)
 * 1:48124 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (snort3-file-other.rules)
 * 1:48125 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (snort3-file-other.rules)
 * 1:48134 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (snort3-file-image.rules)
 * 1:48642 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF out of bounds read attempt (snort3-file-other.rules)
 * 1:48135 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (snort3-file-image.rules)
 * 1:48217 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader U3D engine memory corruption attempt (snort3-file-other.rules)
 * 1:47139 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out-of-bounds read attempt (snort3-file-other.rules)
 * 1:48605 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (snort3-file-other.rules)
 * 1:48218 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader U3D engine memory corruption attempt (snort3-file-other.rules)
 * 1:47210 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EmfPlusDrawImagePoints heap overflow attempt (snort3-file-image.rules)
 * 1:48012 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (snort3-file-image.rules)
 * 1:46875 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object out of bounds read attempt (snort3-file-image.rules)
 * 1:47195 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47198 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (snort3-file-other.rules)
 * 1:48219 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro JPEG Huffman table memory corruption attempt (snort3-file-image.rules)
 * 1:48032 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (snort3-file-image.rules)
 * 1:53969 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user and group creation command injection attempt (snort3-server-webapp.rules)
 * 1:46876 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object out of bounds read attempt (snort3-file-image.rules)
 * 1:47209 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47985 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds write attempt (snort3-file-other.rules)
 * 1:47630 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro untrusted pointer dereference attempt (snort3-file-other.rules)
 * 1:48220 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro JPEG Huffman table memory corruption attempt (snort3-file-image.rules)
 * 1:47838 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SGI RGB run-length encoding out of bounds read attempt (snort3-file-image.rules)
 * 1:47852 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro HTML invalid pointer offset out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47827 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawImagePoints out of bounds read attempt (snort3-file-image.rules)
 * 1:52214 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (snort3-os-windows.rules)
 * 1:47140 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47143 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (snort3-file-other.rules)
 * 1:47193 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF use-after-free attempt (snort3-file-other.rules)
 * 1:48242 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF out of bounds read attempt (snort3-file-other.rules)
 * 1:47958 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawDriverString malformed GlyphCount value integer overflow attempt (snort3-file-other.rules)
 * 1:47953 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (snort3-file-image.rules)
 * 1:47956 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (snort3-file-image.rules)
 * 1:47954 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (snort3-file-image.rules)
 * 1:47949 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (snort3-file-image.rules)
 * 1:47952 <-> DISABLED <-> FILE-OTHER Adobe Distiller PostScript conversion heap overflow attempt (snort3-file-other.rules)
 * 1:47950 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (snort3-file-image.rules)
 * 1:47944 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Distiller PostScript stack overflow attempt (snort3-file-image.rules)
 * 1:48243 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF out of bounds read attempt (snort3-file-other.rules)
 * 1:48289 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawString out of bounds read attempt (snort3-file-other.rules)
 * 1:47942 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS heap overflow attempt (snort3-file-image.rules)
 * 1:48290 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawString out of bounds read attempt (snort3-file-other.rules)
 * 1:47964 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (snort3-file-other.rules)
 * 1:47951 <-> DISABLED <-> FILE-OTHER Adobe Distiller PostScript conversion heap overflow attempt (snort3-file-other.rules)
 * 1:47962 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out of bounds write attempt (snort3-file-other.rules)
 * 1:47957 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawDriverString malformed GlyphCount value integer overflow attempt (snort3-file-other.rules)
 * 1:47960 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (snort3-file-other.rules)
 * 1:47943 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Distiller PostScript stack overflow attempt (snort3-file-image.rules)
 * 1:47981 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (snort3-file-image.rules)
 * 1:47180 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF invalid EmfPlusFillRects out-of-bounds read attempt (snort3-file-other.rules)
 * 1:53972 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike beacon.dll DNS download attempt (snort3-malware-other.rules)
 * 1:47975 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF memory corruption attempt (snort3-file-other.rules)
 * 1:47963 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (snort3-file-other.rules)
 * 1:52213 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (snort3-os-windows.rules)
 * 1:48291 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawString out of bounds read attempt (snort3-file-other.rules)
 * 1:47179 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF invalid EmfPlusFillRects out-of-bounds read attempt (snort3-file-other.rules)
 * 1:46710 <-> ENABLED <-> FILE-OTHER Adobe Professional EMF embedded image heap overflow attempt (snort3-file-other.rules)
 * 1:47208 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (snort3-file-other.rules)
 * 1:54014 <-> ENABLED <-> MALWARE-CNC Win.Malware.Trickbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:47984 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out-of-bounds read attempt (snort3-file-other.rules)
 * 1:48292 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawString out of bounds read attempt (snort3-file-other.rules)
 * 1:46718 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object heap overflow attempt (snort3-file-image.rules)
 * 1:48040 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (snort3-file-image.rules)
 * 1:47129 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL heap overflow attempt (snort3-file-image.rules)
 * 1:47183 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusFillRects type confusion attempt (snort3-file-other.rules)
 * 1:47126 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (snort3-file-other.rules)
 * 1:46669 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (snort3-file-image.rules)
 * 1:46672 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (snort3-file-image.rules)
 * 1:46671 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (snort3-file-image.rules)
 * 1:48031 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (snort3-file-image.rules)
 * 1:46673 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (snort3-file-image.rules)
 * 1:46670 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (snort3-file-image.rules)
 * 1:47184 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusFillRects type confusion attempt (snort3-file-other.rules)
 * 1:46734 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds read attempt (snort3-file-other.rules)
 * 1:46668 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (snort3-file-image.rules)
 * 1:46708 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF malformed EmfPlusPointF object buffer overflow attempt (snort3-file-other.rules)
 * 1:47218 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS heap overflow attempt (snort3-file-other.rules)
 * 1:46693 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawCurve out of bounds read attempt (snort3-file-image.rules)
 * 1:46709 <-> ENABLED <-> FILE-OTHER Adobe Professional EMF embedded image heap overflow attempt (snort3-file-other.rules)
 * 1:46702 <-> DISABLED <-> FILE-IMAGE Adobe Acrboat EMF invalid EMR_STRETCHDIBITS record out-of-bounds read attempt (snort3-file-image.rules)
 * 1:46707 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF malformed EmfPlusPointF object buffer overflow attempt (snort3-file-other.rules)
 * 1:46689 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS out-of-bounds read attempt (snort3-file-image.rules)
 * 1:46703 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_STRETCHDIBITS size out of bounds read attempt (snort3-file-other.rules)
 * 1:46695 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF embedded GIF memory corruption attempt (snort3-file-other.rules)
 * 1:46701 <-> DISABLED <-> FILE-IMAGE Adobe Acrboat EMF invalid EMR_STRETCHDIBITS record out-of-bounds read attempt (snort3-file-image.rules)
 * 1:46698 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF embedded DIB out of bound read attempt (snort3-file-other.rules)
 * 1:46691 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro path rendertransform out of bound write attempt (snort3-file-other.rules)
 * 1:46694 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF embedded GIF memory corruption attempt (snort3-file-other.rules)
 * 1:46692 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawCurve out of bounds read attempt (snort3-file-image.rules)
 * 1:46674 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (snort3-file-image.rules)
 * 1:46690 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro path rendertransform out of bound write attempt (snort3-file-other.rules)
 * 1:46688 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS out-of-bounds read attempt (snort3-file-image.rules)
 * 1:47268 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47275 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47237 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47269 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47251 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (snort3-file-other.rules)
 * 1:47267 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47217 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS heap overflow attempt (snort3-file-other.rules)
 * 1:47252 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (snort3-file-other.rules)
 * 1:47247 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro crafted GIF file out-of-bounds read attempt (snort3-file-image.rules)
 * 1:47250 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (snort3-file-other.rules)
 * 1:46704 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_STRETCHDIBITS size out of bounds read attempt (snort3-file-other.rules)
 * 1:47248 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro crafted GIF file out-of-bounds read attempt (snort3-file-image.rules)
 * 1:47232 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47238 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (snort3-file-other.rules)
 * 1:46699 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF embedded DIB out of bound read attempt (snort3-file-other.rules)
 * 1:47233 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47277 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47249 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47276 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47280 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47308 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF RegionNodeCount out-of-bounds write attempt (snort3-file-other.rules)
 * 1:47283 <-> DISABLED <-> FILE-OTHER Adobe Reader HTML to PDF conversion getMatchedCSSRules use-after-free attempt (snort3-file-other.rules)
 * 1:47307 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Distiller PostScript pdfmark out-of-bounds write attempt (snort3-file-other.rules)
 * 1:47266 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47284 <-> DISABLED <-> FILE-OTHER Adobe Reader HTML to PDF conversion getMatchedCSSRules use-after-free attempt (snort3-file-other.rules)
 * 1:47313 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (snort3-file-image.rules)
 * 1:47274 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47309 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF RegionNodeCount out-of-bounds write attempt (snort3-file-other.rules)
 * 1:47330 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (snort3-file-image.rules)
 * 1:47314 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL out of bounds read attempt (snort3-file-image.rules)
 * 1:47329 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (snort3-file-image.rules)
 * 1:47279 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47315 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL out of bounds read attempt (snort3-file-image.rules)
 * 1:53967 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user and group creation command injection attempt (snort3-server-webapp.rules)
 * 1:47333 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds write attempt (snort3-file-other.rules)
 * 1:47306 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Distiller PostScript pdfmark out-of-bounds write attempt (snort3-file-other.rules)
 * 1:47331 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (snort3-file-image.rules)
 * 1:47360 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (snort3-file-image.rules)
 * 1:47328 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (snort3-file-image.rules)
 * 1:48016 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (snort3-file-image.rules)
 * 1:47351 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (snort3-file-image.rules)
 * 1:47343 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (snort3-file-image.rules)
 * 1:47346 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_CREATEDIBPATTERNBRUSHPT record buffer overflow attempt (snort3-file-other.rules)
 * 1:47312 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (snort3-file-image.rules)
 * 1:47344 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (snort3-file-image.rules)
 * 1:47332 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds write attempt (snort3-file-other.rules)
 * 1:47357 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (snort3-file-image.rules)
 * 1:47350 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (snort3-file-image.rules)
 * 1:47353 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (snort3-file-image.rules)
 * 1:47356 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (snort3-file-image.rules)
 * 1:47397 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JPEG quantization table out-of-bounds write attempt (snort3-file-image.rules)
 * 1:47352 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (snort3-file-image.rules)
 * 1:47370 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds memory access attempt (snort3-file-other.rules)
 * 1:47194 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF use-after-free attempt (snort3-file-other.rules)
 * 1:47361 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (snort3-file-image.rules)
 * 1:47368 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro PSD malformed image data out-of-bounds write attempt (snort3-file-image.rules)
 * 1:47345 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_CREATEDIBPATTERNBRUSHPT record buffer overflow attempt (snort3-file-other.rules)
 * 1:47362 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (snort3-file-image.rules)
 * 1:48034 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file use-after-free attempt (snort3-file-other.rules)
 * 1:47359 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (snort3-file-image.rules)
 * 1:47385 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (snort3-file-other.rules)
 * 1:47369 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds memory access attempt (snort3-file-other.rules)
 * 1:47383 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro use after free attempt (snort3-file-image.rules)
 * 1:47384 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (snort3-file-other.rules)
 * 1:47626 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader EMF path record out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47367 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro PSD malformed image data out-of-bounds write attempt (snort3-file-image.rules)
 * 1:47828 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawImagePoints out of bounds read attempt (snort3-file-image.rules)
 * 1:47382 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro use after free attempt (snort3-file-image.rules)
 * 1:47683 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusRegionNodePath out of bounds read attempt (snort3-file-other.rules)
 * 1:47625 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader EMF path record out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47631 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro untrusted pointer dereference attempt (snort3-file-other.rules)
 * 1:47682 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusRegionNodePath out of bounds read attempt (snort3-file-other.rules)
 * 1:47839 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SGI RGB run-length encoding out of bounds read attempt (snort3-file-image.rules)
 * 1:47130 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL heap overflow attempt (snort3-file-image.rules)
 * 1:47396 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JPEG quantization table out-of-bounds write attempt (snort3-file-image.rules)
 * 1:41946 <-> DISABLED <-> FILE-IMAGE Microsoft GDI+ malformed EMF description out of bounds read attempt (snort3-file-image.rules)
 * 1:47154 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (snort3-file-other.rules)
 * 1:47153 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (snort3-file-other.rules)
 * 1:41947 <-> DISABLED <-> FILE-IMAGE GDI+ malformed EMF description out of bounds read attempt (snort3-file-image.rules)
 * 1:43608 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (snort3-file-other.rules)
 * 1:43609 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (snort3-file-other.rules)
 * 1:43902 <-> DISABLED <-> FILE-IMAGE Adobe Reader EMF EMR_STROKEPATH memory corruption attempt (snort3-file-image.rules)
 * 1:43903 <-> DISABLED <-> FILE-IMAGE Adobe Reader EMF EMR_STROKEPATH memory corruption attempt (snort3-file-image.rules)
 * 1:43973 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF comment memory corruption attempt (snort3-file-other.rules)
 * 1:48108 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (snort3-file-other.rules)
 * 1:43974 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF comment memory corruption attempt (snort3-file-other.rules)
 * 1:44023 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (snort3-file-image.rules)
 * 1:44024 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (snort3-file-image.rules)
 * 1:44059 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (snort3-file-image.rules)
 * 1:46960 <-> DISABLED <-> FILE-OTHER Adobe Flash Player AMF0 Shared Object integer overflow attempt (snort3-file-other.rules)
 * 1:47060 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed EMF out of bounds read attempt (snort3-file-image.rules)
 * 1:44060 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (snort3-file-image.rules)
 * 1:46727 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF embedded GIF LZW compression out of bound read attempt (snort3-file-other.rules)
 * 1:44121 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record memory corruption attempt (snort3-file-other.rules)
 * 1:47853 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro HTML invalid pointer offset out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47854 <-> DISABLED <-> FILE-OTHER Adobe Acrobat HTML invalid pointer out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47855 <-> DISABLED <-> FILE-OTHER Adobe Acrobat HTML invalid pointer out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47856 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file object out of bounds write attempt (snort3-file-image.rules)
 * 1:47857 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file object out of bounds write attempt (snort3-file-image.rules)
 * 1:47874 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF ALPHABLEND heap overflow attempt (snort3-file-image.rules)
 * 1:47875 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF ALPHABLEND heap overflow attempt (snort3-file-image.rules)
 * 1:47883 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF image conversion memory corruption attempt (snort3-file-other.rules)
 * 1:47884 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF image conversion memory corruption attempt (snort3-file-other.rules)
 * 1:47891 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object out of bounds read attempt (snort3-file-image.rules)
 * 1:47197 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (snort3-file-other.rules)
 * 1:47196 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (snort3-file-other.rules)
 * 1:48033 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file use-after-free attempt (snort3-file-other.rules)
 * 1:47892 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object out of bounds read attempt (snort3-file-image.rules)
 * 1:47907 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (snort3-file-image.rules)
 * 1:47908 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (snort3-file-image.rules)
 * 1:47909 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (snort3-file-image.rules)
 * 1:47910 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (snort3-file-image.rules)
 * 1:47911 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader EMF file JPEG Huffman table heap overflow attempt (snort3-file-image.rules)
 * 1:47912 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader EMF file JPEG Huffman table heap overflow attempt (snort3-file-image.rules)
 * 1:47926 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (snort3-file-other.rules)
 * 1:47927 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (snort3-file-other.rules)
 * 1:47932 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D Engine untrusted pointer dereference attempt (snort3-file-image.rules)
 * 1:47933 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D Engine untrusted pointer dereference attempt (snort3-file-image.rules)
 * 1:47939 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF+ GIF parsing out of bounds read attempt (snort3-file-image.rules)
 * 1:47940 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF+ GIF parsing out of bounds read attempt (snort3-file-image.rules)
 * 1:47941 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS heap overflow attempt (snort3-file-image.rules)
 * 1:44122 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record memory corruption attempt (snort3-file-other.rules)
 * 1:45910 <-> DISABLED <-> MALWARE-CNC Cobalt Strike outbound beacon command result (snort3-malware-cnc.rules)
 * 1:46643 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF compression out of bounds write attempt (snort3-file-other.rules)
 * 1:47181 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file uninitialized pointer dereference attempt (snort3-file-other.rules)
 * 1:47158 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jp2 out-of-bounds read attempt (snort3-file-image.rules)
 * 1:46667 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (snort3-file-image.rules)
 * 1:46644 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF compression out of bounds write attempt (snort3-file-other.rules)
 * 1:46647 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF EmfPlusDrawBeziers buffer over-read attempt (snort3-file-other.rules)
 * 1:47125 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (snort3-file-other.rules)
 * 1:46813 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds read attempt (snort3-file-other.rules)
 * 1:46720 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object heap overflow attempt (snort3-file-image.rules)
 * 1:46648 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF EmfPlusDrawBeziers buffer over-read attempt (snort3-file-other.rules)
 * 1:46651 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro PDX malformed index out of bounds memory read attempt (snort3-file-other.rules)
 * 1:46652 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro PDX malformed index out of bounds memory read attempt (snort3-file-other.rules)
 * 1:46728 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF embedded GIF LZW compression out of bound read attempt (snort3-file-other.rules)
 * 1:47182 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file uninitialized pointer dereference attempt (snort3-file-other.rules)
 * 1:46797 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (snort3-file-other.rules)
 * 1:46655 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS2PDF conversion buffer over-read attempt (snort3-file-other.rules)
 * 1:46656 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS2PDF conversion buffer over-read attempt (snort3-file-other.rules)
 * 1:46659 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader jp2 double free attempt (snort3-file-other.rules)
 * 1:48017 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (snort3-file-image.rules)
 * 1:47211 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EmfPlusDrawImagePoints heap overflow attempt (snort3-file-image.rules)
 * 1:46660 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader jp2 double free attempt (snort3-file-other.rules)
 * 1:47982 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (snort3-file-image.rules)
 * 1:48604 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (snort3-file-other.rules)
 * 1:48010 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro integer overflow attempt (snort3-file-image.rules)
 * 1:48014 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (snort3-file-image.rules)
 * 1:48107 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (snort3-file-other.rules)

2020-06-09 23:58:59 UTC

Snort Subscriber Rules Update

Date: 2020-06-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54171 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike signed java applet download attempt (malware-other.rules)
 * 1:54221 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Packed.Amg0fxii-8010198-0 download attempt (malware-other.rules)
 * 1:54181 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike system profiling attempt (malware-other.rules)
 * 1:54193 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54192 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54220 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Packed.Amg0fxii-8010198-0 download attempt (malware-other.rules)
 * 1:54186 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Samas-7998113-0 download attempt (malware-other.rules)
 * 1:54195 <-> DISABLED <-> SERVER-WEBAPP TP-LINK Cloud Cameras NCXXX Bonjour command injection attempt (server-webapp.rules)
 * 1:54203 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54191 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54200 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54222 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet admin panel image injection attempt (server-oracle.rules)
 * 1:54182 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike system profiling attempt (malware-other.rules)
 * 1:54169 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike signed java applet execution attempt (malware-other.rules)
 * 1:54196 <-> DISABLED <-> SERVER-WEBAPP TP-LINK Cloud Cameras NCXXX Bonjour command injection attempt (server-webapp.rules)
 * 1:54184 <-> DISABLED <-> SERVER-OTHER lodash defaultsDeep prototype pollution attempt (server-other.rules)
 * 1:54170 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike signed java applet execution attempt (malware-other.rules)
 * 1:54197 <-> DISABLED <-> SERVER-WEBAPP TP-LINK Cloud Cameras NCXXX Bonjour command injection attempt (server-webapp.rules)
 * 1:54174 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike signed java applet download attempt (malware-other.rules)
 * 1:54165 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Razy-7997331-0 download attempt (malware-other.rules)
 * 1:54219 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-8009335-0 download attempt (malware-other.rules)
 * 1:54198 <-> DISABLED <-> SERVER-WEBAPP TP-LINK Cloud Cameras NCXXX Bonjour command injection attempt (server-webapp.rules)
 * 1:54188 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.RagnarLocker initial download (malware-other.rules)
 * 1:54178 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Zusy-8002903-0 download attempt (malware-other.rules)
 * 1:54223 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet admin panel image injection CSRF attempt (server-oracle.rules)
 * 1:54180 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike system profiling attempt (malware-other.rules)
 * 1:54172 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike signed java applet download attempt (malware-other.rules)
 * 1:54204 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54173 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike signed java applet download attempt (malware-other.rules)
 * 1:54208 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54205 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54179 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Zusy-8002903-0 download attempt (malware-other.rules)
 * 1:54218 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-8009335-0 download attempt (malware-other.rules)
 * 1:54202 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54199 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54214 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet Web Server unauthenticated information disclosure attempt (server-oracle.rules)
 * 1:54224 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet admin panel image injection attempt (server-oracle.rules)
 * 1:54194 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54175 <-> DISABLED <-> INDICATOR-COMPROMISE Cobalt Strike default signed applet attack URI (indicator-compromise.rules)
 * 1:54190 <-> ENABLED <-> FILE-PDF Adobe Reader custom JavaScript field use-after-free attempt (file-pdf.rules)
 * 1:54217 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB srv2.sys information disclosure attempt (os-windows.rules)
 * 1:54185 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Samas-7998113-0 download attempt (malware-other.rules)
 * 1:54176 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Zusy-8002902-0 download attempt (malware-other.rules)
 * 1:54189 <-> ENABLED <-> FILE-PDF Adobe Reader custom JavaScript field use-after-free attempt (file-pdf.rules)
 * 1:54225 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet admin panel image injection CSRF attempt (server-oracle.rules)
 * 1:54226 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ngrbot-8010339-0 download attempt (malware-other.rules)
 * 1:54227 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ngrbot-8010339-0 download attempt (malware-other.rules)
 * 1:54228 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8010482-0 download attempt (malware-other.rules)
 * 1:54229 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8010482-0 download attempt (malware-other.rules)
 * 1:54230 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules)
 * 1:54231 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules)
 * 1:54232 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript memory corruption attempt (browser-ie.rules)
 * 1:54233 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript memory corruption attempt (browser-ie.rules)
 * 1:54234 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS cross site scripting attempt (server-webapp.rules)
 * 1:54235 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS cross site scripting attempt (server-webapp.rules)
 * 1:54236 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54237 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54238 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54239 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54201 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54240 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMBv1 remote code execution attempt (os-windows.rules)
 * 1:54187 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.RagnarLocker initial download (malware-other.rules)
 * 1:54241 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateDIBitmap privilege escalation attempt (os-windows.rules)
 * 1:54216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k type confusion attempt (os-windows.rules)
 * 1:54242 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateDIBitmap privilege escalation attempt (os-windows.rules)
 * 1:54243 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Media Foundation getKeyForIndex out-of-bounds read attempt (file-multimedia.rules)
 * 1:54244 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Media Foundation getKeyForIndex out-of-bounds read attempt (file-multimedia.rules)
 * 1:54245 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54246 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:54247 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys remote code execution attempt (os-windows.rules)
 * 1:54248 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys remote code execution attempt (os-windows.rules)
 * 1:54207 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54249 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel security feature bypass attempt (os-windows.rules)
 * 1:54250 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel security feature bypass attempt (os-windows.rules)
 * 1:54167 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-7998106-0 download attempt (malware-other.rules)
 * 1:54270 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB chained compression out of bounds read attempt (os-windows.rules)
 * 1:54271 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB chained compression out of bounds read attempt (os-windows.rules)
 * 1:54272 <-> DISABLED <-> SERVER-WEBAPP Centreon Monitoring tool command injection attempt (server-webapp.rules)
 * 1:54273 <-> DISABLED <-> SERVER-WEBAPP Centreon Monitoring tool command injection attempt (server-webapp.rules)
 * 1:54274 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-8010924-0 download attempt (malware-other.rules)
 * 1:54275 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-8010924-0 download attempt (malware-other.rules)
 * 1:54276 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif malicious outbound connection attempt - gravity generated detection (malware-other.rules)
 * 1:54277 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-8011051-0 download attempt (malware-other.rules)
 * 1:54278 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-8011051-0 download attempt (malware-other.rules)
 * 1:54279 <-> ENABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules)
 * 1:54280 <-> ENABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules)
 * 1:54212 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54281 <-> ENABLED <-> INDICATOR-SCAN CallStranger UPnP discovery attempt (indicator-scan.rules)
 * 1:54177 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Zusy-8002902-0 download attempt (malware-other.rules)
 * 1:54168 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-7998106-0 download attempt (malware-other.rules)
 * 1:54166 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Razy-7997331-0 download attempt (malware-other.rules)
 * 1:54183 <-> DISABLED <-> INDICATOR-COMPROMISE Cobalt Strike default smart applet attack URI (indicator-compromise.rules)
 * 1:54209 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54213 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54211 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54215 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k type confusion attempt (os-windows.rules)
 * 1:54210 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:54206 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules)
 * 3:54255 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1082 attack attempt (server-webapp.rules)
 * 3:54254 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1082 attack attempt (server-webapp.rules)
 * 3:54251 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1080 attack attempt (server-webapp.rules)
 * 3:54263 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1079 attack attempt (server-webapp.rules)
 * 3:54260 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1078 attack attempt (server-webapp.rules)
 * 3:54253 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1080 attack attempt (server-webapp.rules)
 * 3:54268 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1081 attack attempt (server-webapp.rules)
 * 3:54252 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1080 attack attempt (server-webapp.rules)
 * 3:54259 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1078 attack attempt (server-webapp.rules)
 * 3:54261 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1078 attack attempt (server-webapp.rules)
 * 3:54269 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1081 attack attempt (server-webapp.rules)
 * 3:54267 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1081 attack attempt (server-webapp.rules)
 * 3:54262 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1079 attack attempt (server-webapp.rules)
 * 3:54256 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1082 attack attempt (server-webapp.rules)
 * 3:54265 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1088 attack attempt (browser-other.rules)
 * 3:54264 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1079 attack attempt (server-webapp.rules)
 * 3:54266 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1088 attack attempt (browser-other.rules)
 * 3:54258 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1083 attack attempt (server-webapp.rules)
 * 3:54257 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1083 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:48604 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:47989 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:47932 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D Engine untrusted pointer dereference attempt (file-image.rules)
 * 1:48011 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)
 * 1:46656 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS2PDF conversion buffer over-read attempt (file-other.rules)
 * 1:44121 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record memory corruption attempt (file-other.rules)
 * 1:48012 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)
 * 1:48013 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)
 * 1:47927 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (file-other.rules)
 * 1:47956 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:43608 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)
 * 1:47129 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL heap overflow attempt (file-image.rules)
 * 1:46648 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF EmfPlusDrawBeziers buffer over-read attempt (file-other.rules)
 * 1:48014 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)
 * 1:48016 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-image.rules)
 * 1:47990 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:46644 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF compression out of bounds write attempt (file-other.rules)
 * 1:46717 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object heap overflow attempt (file-image.rules)
 * 1:46727 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF embedded GIF LZW compression out of bound read attempt (file-other.rules)
 * 1:47979 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47144 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)
 * 1:46710 <-> ENABLED <-> FILE-OTHER Adobe Professional EMF embedded image heap overflow attempt (file-other.rules)
 * 1:47984 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out-of-bounds read attempt (file-other.rules)
 * 1:47210 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EmfPlusDrawImagePoints heap overflow attempt (file-image.rules)
 * 1:47211 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EmfPlusDrawImagePoints heap overflow attempt (file-image.rules)
 * 1:53972 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike beacon.dll DNS download attempt (malware-other.rules)
 * 1:48003 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D engine untrusted pointer dereference attempt (file-image.rules)
 * 1:47123 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:47960 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (file-other.rules)
 * 1:47957 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawDriverString malformed GlyphCount value integer overflow attempt (file-other.rules)
 * 1:47962 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out of bounds write attempt (file-other.rules)
 * 1:48107 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (file-other.rules)
 * 1:47942 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS heap overflow attempt (file-image.rules)
 * 1:47981 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47153 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:47139 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out-of-bounds read attempt (file-other.rules)
 * 1:48074 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds read attempt (file-other.rules)
 * 1:48292 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawString out of bounds read attempt (file-other.rules)
 * 1:47143 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)
 * 1:47126 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:47975 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF memory corruption attempt (file-other.rules)
 * 1:46797 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:47997 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds read attempt (file-image.rules)
 * 1:48219 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro JPEG Huffman table memory corruption attempt (file-image.rules)
 * 1:47995 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds write attempt (file-image.rules)
 * 1:47124 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:48218 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader U3D engine memory corruption attempt (file-other.rules)
 * 1:46728 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF embedded GIF LZW compression out of bound read attempt (file-other.rules)
 * 1:48135 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (file-image.rules)
 * 1:48642 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF out of bounds read attempt (file-other.rules)
 * 1:47856 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file object out of bounds write attempt (file-image.rules)
 * 1:46647 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF EmfPlusDrawBeziers buffer over-read attempt (file-other.rules)
 * 1:46672 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:43903 <-> DISABLED <-> FILE-IMAGE Adobe Reader EMF EMR_STROKEPATH memory corruption attempt (file-image.rules)
 * 1:48134 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (file-image.rules)
 * 1:47985 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds write attempt (file-other.rules)
 * 1:47992 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF engine type confusion attempt (file-image.rules)
 * 1:47994 <-> ENABLED <-> FILE-OTHER Acrobat Adobe Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:46960 <-> DISABLED <-> FILE-OTHER Adobe Flash Player AMF0 Shared Object integer overflow attempt (file-other.rules)
 * 1:46875 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object out of bounds read attempt (file-image.rules)
 * 1:46734 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds read attempt (file-other.rules)
 * 1:47964 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules)
 * 1:47197 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:47059 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-image.rules)
 * 1:47125 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:53967 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user and group creation command injection attempt (server-webapp.rules)
 * 1:48605 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:53968 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user and group creation command injection attempt (server-webapp.rules)
 * 1:46798 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:44023 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44059 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:43973 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF comment memory corruption attempt (file-other.rules)
 * 1:47195 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47972 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47193 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF use-after-free attempt (file-other.rules)
 * 1:41946 <-> DISABLED <-> FILE-IMAGE Microsoft GDI+ malformed EMF description out of bounds read attempt (file-image.rules)
 * 1:47976 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF memory corruption attempt (file-other.rules)
 * 1:46660 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader jp2 double free attempt (file-other.rules)
 * 1:46725 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG out of bounds read attempt (file-image.rules)
 * 1:53969 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user and group creation command injection attempt (server-webapp.rules)
 * 1:54014 <-> ENABLED <-> MALWARE-CNC Win.Malware.Trickbot variant outbound connection (malware-cnc.rules)
 * 1:46733 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds read attempt (file-other.rules)
 * 1:46876 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object out of bounds read attempt (file-image.rules)
 * 1:44024 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:47194 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF use-after-free attempt (file-other.rules)
 * 1:48242 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-other.rules)
 * 1:46726 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG out of bounds read attempt (file-image.rules)
 * 1:47157 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jp2 out-of-bounds read attempt (file-image.rules)
 * 1:47998 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds read attempt (file-image.rules)
 * 1:47982 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47180 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF invalid EmfPlusFillRects out-of-bounds read attempt (file-other.rules)
 * 1:48124 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (file-other.rules)
 * 1:48220 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro JPEG Huffman table memory corruption attempt (file-image.rules)
 * 1:48291 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawString out of bounds read attempt (file-other.rules)
 * 1:47983 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out-of-bounds read attempt (file-other.rules)
 * 1:52213 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (os-windows.rules)
 * 1:47140 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out-of-bounds read attempt (file-other.rules)
 * 1:43902 <-> DISABLED <-> FILE-IMAGE Adobe Reader EMF EMR_STROKEPATH memory corruption attempt (file-image.rules)
 * 1:47209 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47184 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusFillRects type confusion attempt (file-other.rules)
 * 1:47181 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file uninitialized pointer dereference attempt (file-other.rules)
 * 1:47182 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file uninitialized pointer dereference attempt (file-other.rules)
 * 1:44122 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record memory corruption attempt (file-other.rules)
 * 1:47910 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules)
 * 1:47891 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object out of bounds read attempt (file-image.rules)
 * 1:47183 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusFillRects type confusion attempt (file-other.rules)
 * 1:47909 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules)
 * 1:47884 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF image conversion memory corruption attempt (file-other.rules)
 * 1:53975 <-> DISABLED <-> INDICATOR-COMPROMISE Cobalt Strike multiple large DNS TXT query responses (indicator-compromise.rules)
 * 1:47943 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Distiller PostScript stack overflow attempt (file-image.rules)
 * 1:47940 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF+ GIF parsing out of bounds read attempt (file-image.rules)
 * 1:47941 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS heap overflow attempt (file-image.rules)
 * 1:47939 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF+ GIF parsing out of bounds read attempt (file-image.rules)
 * 1:47944 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Distiller PostScript stack overflow attempt (file-image.rules)
 * 1:45910 <-> DISABLED <-> MALWARE-CNC Cobalt Strike outbound beacon command result (malware-cnc.rules)
 * 1:47875 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF ALPHABLEND heap overflow attempt (file-image.rules)
 * 1:46669 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:47988 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules)
 * 1:47208 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:46670 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46671 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:48289 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawString out of bounds read attempt (file-other.rules)
 * 1:46673 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:48243 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-other.rules)
 * 1:46674 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46688 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS out-of-bounds read attempt (file-image.rules)
 * 1:46689 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS out-of-bounds read attempt (file-image.rules)
 * 1:46690 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro path rendertransform out of bound write attempt (file-other.rules)
 * 1:46691 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro path rendertransform out of bound write attempt (file-other.rules)
 * 1:47987 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules)
 * 1:46692 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawCurve out of bounds read attempt (file-image.rules)
 * 1:46693 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawCurve out of bounds read attempt (file-image.rules)
 * 1:46694 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF embedded GIF memory corruption attempt (file-other.rules)
 * 1:46695 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF embedded GIF memory corruption attempt (file-other.rules)
 * 1:46813 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds read attempt (file-other.rules)
 * 1:46698 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF embedded DIB out of bound read attempt (file-other.rules)
 * 1:46699 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF embedded DIB out of bound read attempt (file-other.rules)
 * 1:46701 <-> DISABLED <-> FILE-IMAGE Adobe Acrboat EMF invalid EMR_STRETCHDIBITS record out-of-bounds read attempt (file-image.rules)
 * 1:46702 <-> DISABLED <-> FILE-IMAGE Adobe Acrboat EMF invalid EMR_STRETCHDIBITS record out-of-bounds read attempt (file-image.rules)
 * 1:46703 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_STRETCHDIBITS size out of bounds read attempt (file-other.rules)
 * 1:47198 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:46704 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_STRETCHDIBITS size out of bounds read attempt (file-other.rules)
 * 1:46707 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF malformed EmfPlusPointF object buffer overflow attempt (file-other.rules)
 * 1:46708 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF malformed EmfPlusPointF object buffer overflow attempt (file-other.rules)
 * 1:46709 <-> ENABLED <-> FILE-OTHER Adobe Professional EMF embedded image heap overflow attempt (file-other.rules)
 * 1:47874 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF ALPHABLEND heap overflow attempt (file-image.rules)
 * 1:47217 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS heap overflow attempt (file-other.rules)
 * 1:47857 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file object out of bounds write attempt (file-image.rules)
 * 1:47218 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS heap overflow attempt (file-other.rules)
 * 1:47232 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47233 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47237 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47238 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47247 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro crafted GIF file out-of-bounds read attempt (file-image.rules)
 * 1:47248 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro crafted GIF file out-of-bounds read attempt (file-image.rules)
 * 1:47249 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47892 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object out of bounds read attempt (file-image.rules)
 * 1:47250 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47251 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:47252 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:47266 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47267 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47268 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:48040 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules)
 * 1:47269 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47274 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47275 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47276 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:47883 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF image conversion memory corruption attempt (file-other.rules)
 * 1:47277 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules)
 * 1:47963 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules)
 * 1:47279 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47280 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47283 <-> DISABLED <-> FILE-OTHER Adobe Reader HTML to PDF conversion getMatchedCSSRules use-after-free attempt (file-other.rules)
 * 1:47284 <-> DISABLED <-> FILE-OTHER Adobe Reader HTML to PDF conversion getMatchedCSSRules use-after-free attempt (file-other.rules)
 * 1:47306 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Distiller PostScript pdfmark out-of-bounds write attempt (file-other.rules)
 * 1:47307 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Distiller PostScript pdfmark out-of-bounds write attempt (file-other.rules)
 * 1:47308 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF RegionNodeCount out-of-bounds write attempt (file-other.rules)
 * 1:47309 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF RegionNodeCount out-of-bounds write attempt (file-other.rules)
 * 1:47312 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47313 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:46668 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:47314 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL out of bounds read attempt (file-image.rules)
 * 1:47315 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL out of bounds read attempt (file-image.rules)
 * 1:46812 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds read attempt (file-other.rules)
 * 1:47060 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-image.rules)
 * 1:47328 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47971 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47329 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47330 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47331 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47332 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds write attempt (file-other.rules)
 * 1:47333 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds write attempt (file-other.rules)
 * 1:47343 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47344 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47345 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_CREATEDIBPATTERNBRUSHPT record buffer overflow attempt (file-other.rules)
 * 1:47346 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_CREATEDIBPATTERNBRUSHPT record buffer overflow attempt (file-other.rules)
 * 1:47350 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:47351 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:47352 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:47911 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader EMF file JPEG Huffman table heap overflow attempt (file-image.rules)
 * 1:47353 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:47356 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47357 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47359 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47360 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47361 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47362 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47367 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro PSD malformed image data out-of-bounds write attempt (file-image.rules)
 * 1:47368 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro PSD malformed image data out-of-bounds write attempt (file-image.rules)
 * 1:47369 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds memory access attempt (file-other.rules)
 * 1:47370 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds memory access attempt (file-other.rules)
 * 1:47196 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47907 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules)
 * 1:47382 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro use after free attempt (file-image.rules)
 * 1:47383 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro use after free attempt (file-image.rules)
 * 1:47384 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:48075 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds read attempt (file-other.rules)
 * 1:47961 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out of bounds write attempt (file-other.rules)
 * 1:47385 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:47396 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JPEG quantization table out-of-bounds write attempt (file-image.rules)
 * 1:47397 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JPEG quantization table out-of-bounds write attempt (file-image.rules)
 * 1:47625 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader EMF path record out-of-bounds read attempt (file-other.rules)
 * 1:47626 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader EMF path record out-of-bounds read attempt (file-other.rules)
 * 1:47630 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro untrusted pointer dereference attempt (file-other.rules)
 * 1:47158 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jp2 out-of-bounds read attempt (file-image.rules)
 * 1:47631 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro untrusted pointer dereference attempt (file-other.rules)
 * 1:47827 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawImagePoints out of bounds read attempt (file-image.rules)
 * 1:47828 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawImagePoints out of bounds read attempt (file-image.rules)
 * 1:47838 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SGI RGB run-length encoding out of bounds read attempt (file-image.rules)
 * 1:47839 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SGI RGB run-length encoding out of bounds read attempt (file-image.rules)
 * 1:47852 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro HTML invalid pointer offset out-of-bounds read attempt (file-other.rules)
 * 1:47853 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro HTML invalid pointer offset out-of-bounds read attempt (file-other.rules)
 * 1:47958 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawDriverString malformed GlyphCount value integer overflow attempt (file-other.rules)
 * 1:47854 <-> DISABLED <-> FILE-OTHER Adobe Acrobat HTML invalid pointer out-of-bounds read attempt (file-other.rules)
 * 1:47130 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL heap overflow attempt (file-image.rules)
 * 1:46655 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS2PDF conversion buffer over-read attempt (file-other.rules)
 * 1:47855 <-> DISABLED <-> FILE-OTHER Adobe Acrobat HTML invalid pointer out-of-bounds read attempt (file-other.rules)
 * 1:48009 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro integer overflow attempt (file-image.rules)
 * 1:48125 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (file-other.rules)
 * 1:47991 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF engine type confusion attempt (file-image.rules)
 * 1:48217 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader U3D engine memory corruption attempt (file-other.rules)
 * 1:46719 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object heap overflow attempt (file-image.rules)
 * 1:48108 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (file-other.rules)
 * 1:48039 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules)
 * 1:47986 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds write attempt (file-other.rules)
 * 1:47993 <-> ENABLED <-> FILE-OTHER Acrobat Adobe Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:48017 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-image.rules)
 * 1:48002 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D engine untrusted pointer dereference attempt (file-image.rules)
 * 1:47912 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader EMF file JPEG Huffman table heap overflow attempt (file-image.rules)
 * 1:53970 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user and group creation command injection attempt (server-webapp.rules)
 * 1:46718 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object heap overflow attempt (file-image.rules)
 * 1:48010 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro integer overflow attempt (file-image.rules)
 * 1:46667 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:52214 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (os-windows.rules)
 * 1:47926 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (file-other.rules)
 * 1:43609 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)
 * 1:43974 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF comment memory corruption attempt (file-other.rules)
 * 1:47154 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:44060 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:46643 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF compression out of bounds write attempt (file-other.rules)
 * 1:48031 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:48032 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:48033 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file use-after-free attempt (file-other.rules)
 * 1:48034 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file use-after-free attempt (file-other.rules)
 * 1:46651 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro PDX malformed index out of bounds memory read attempt (file-other.rules)
 * 1:46720 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object heap overflow attempt (file-image.rules)
 * 1:47179 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF invalid EmfPlusFillRects out-of-bounds read attempt (file-other.rules)
 * 1:46659 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader jp2 double free attempt (file-other.rules)
 * 1:47949 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47950 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47933 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D Engine untrusted pointer dereference attempt (file-image.rules)
 * 1:47951 <-> DISABLED <-> FILE-OTHER Adobe Distiller PostScript conversion heap overflow attempt (file-other.rules)
 * 1:47908 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules)
 * 1:47952 <-> DISABLED <-> FILE-OTHER Adobe Distiller PostScript conversion heap overflow attempt (file-other.rules)
 * 1:41947 <-> DISABLED <-> FILE-IMAGE GDI+ malformed EMF description out of bounds read attempt (file-image.rules)
 * 1:46652 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro PDX malformed index out of bounds memory read attempt (file-other.rules)
 * 1:47959 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (file-other.rules)
 * 1:47953 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:47980 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47954 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:47996 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds write attempt (file-image.rules)
 * 1:47955 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:48290 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawString out of bounds read attempt (file-other.rules)