Talos Rules 2025-03-25
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the file-flash, malware-cnc, malware-other, os-windows, policy-other, server-apache, server-mail and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2025-03-25 15:47:16 UTC

Snort Subscriber Rules Update

Date: 2025-03-25

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2092000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:

 * 1:60686 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules)
 * 1:60687 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules)
 * 1:64684 <-> DISABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules)
 * 1:64685 <-> ENABLED <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt (server-webapp.rules)
 * 1:64686 <-> DISABLED <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt (server-apache.rules)
 * 1:64687 <-> DISABLED <-> SERVER-MAIL Exim SMTP vulnerable version detected (server-mail.rules)
 * 1:64688 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules)
 * 1:64689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules)
 * 1:64690 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules)
 * 1:64691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules)
 * 1:64692 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules)
 * 1:64693 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules)
 * 1:64694 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules)
 * 1:64695 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules)
 * 1:64696 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules)
 * 1:64697 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules)
 * 1:64698 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules)
 * 1:64699 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules)
 * 1:64700 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules)
 * 1:64701 <-> DISABLED <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt (policy-other.rules)

Modified Rules:

 * 1:20782 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules)
 * 1:20783 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules)
 * 1:20784 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules)
 * 1:20785 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:20803 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:21326 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX URL import attempt (file-flash.rules)
 * 1:21335 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode type confusion null dereference attempt (file-flash.rules)
 * 1:21336 <-> DISABLED <-> FILE-FLASH Adobe Flash ASConstructor insecure calling attempt (file-flash.rules)
 * 1:21338 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 zero length atom attempt (file-flash.rules)
 * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:21533 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules)
 * 1:21534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules)
 * 1:21535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules)
 * 1:21536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules)
 * 1:21653 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript getURL target null reference attempt (file-flash.rules)
 * 1:21654 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules)
 * 1:21655 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules)
 * 1:22069 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:22070 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:22915 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:22916 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:23129 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SecureSocket use without Connect attempt (file-flash.rules)
 * 1:23130 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X509 direct instantiation property access attempt (file-flash.rules)
 * 1:23131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X500 DistinguishedName property access attempt (file-flash.rules)
 * 1:23132 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineSound tag long recordheader length field attempt (file-flash.rules)
 * 1:23133 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.display.BitmapData constuctor overflow attempt (file-flash.rules)
 * 1:23134 <-> DISABLED <-> FILE-FLASH Adobe Flash Player broker destructor DoS attempt (file-flash.rules)
 * 1:23135 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.DisplayObject memory corruption attempt (file-flash.rules)
 * 1:23853 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules)
 * 1:23854 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules)
 * 1:23967 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt - compressed (file-flash.rules)
 * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:24138 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules)
 * 1:24139 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules)
 * 1:24140 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules)
 * 1:24142 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:24244 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules)
 * 1:24245 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules)
 * 1:24362 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24363 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24364 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24365 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24366 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules)
 * 1:24367 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules)
 * 1:24414 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules)
 * 1:24415 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules)
 * 1:24428 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24429 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24430 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24431 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24808 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules)
 * 1:24809 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules)
 * 1:24810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24813 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24874 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24875 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24876 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24877 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24879 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules)
 * 1:24882 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules)
 * 1:24890 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24892 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24893 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24895 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules)
 * 1:24896 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules)
 * 1:24980 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24981 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24982 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24983 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24984 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:24985 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules)
 * 1:24986 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules)
 * 1:24989 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules)
 * 1:24990 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules)
 * 1:24991 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules)
 * 1:24992 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules)
 * 1:25676 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:25677 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:25678 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:25679 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:25681 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules)
 * 1:25683 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules)
 * 1:25815 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV crafted ADPCM stream heap overflow attempt (file-flash.rules)
 * 1:43995 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules)
 * 1:43996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules)
 * 1:44002 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules)
 * 1:44003 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules)
 * 1:44016 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules)
 * 1:44017 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules)
 * 1:44173 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules)
 * 1:44174 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules)
 * 1:44345 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:44346 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:44347 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:44348 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:44351 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules)
 * 1:44352 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules)
 * 1:44552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules)
 * 1:44553 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules)
 * 1:44583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules)
 * 1:44584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules)
 * 1:44887 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules)
 * 1:44888 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules)
 * 1:44891 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules)
 * 1:44892 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules)
 * 1:44902 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules)
 * 1:44903 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules)
 * 1:44951 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules)
 * 1:44952 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules)
 * 1:44963 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules)
 * 1:44964 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules)
 * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:45404 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules)
 * 1:45405 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules)
 * 1:45459 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip attachbitmap use-after-free attempt (file-flash.rules)
 * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:45546 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules)
 * 1:45547 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules)
 * 1:45593 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:45594 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:45595 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:45613 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules)
 * 1:45614 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules)
 * 1:45615 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules)
 * 1:45616 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules)
 * 1:45683 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:45743 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:45744 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:46247 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules)
 * 1:46248 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules)
 * 1:46254 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules)
 * 1:46255 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules)
 * 1:46260 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules)
 * 1:46261 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules)
 * 1:46262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:46263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:46324 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:46598 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules)
 * 1:46599 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules)
 * 1:46917 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:46918 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:46919 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:46920 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:46949 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules)
 * 1:46950 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules)
 * 1:47127 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules)
 * 1:47128 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules)
 * 1:47191 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules)
 * 1:47192 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules)
 * 1:47531 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules)
 * 1:47532 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules)
 * 1:47786 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:47787 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:47833 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules)
 * 1:47834 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules)
 * 1:48425 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules)
 * 1:48426 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules)
 * 1:48491 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:48492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:48493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:48494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:48495 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:48496 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:48566 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:48567 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:49231 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules)
 * 1:49232 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules)
 * 1:49311 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules)
 * 1:49312 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules)
 * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:49654 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules)
 * 1:49655 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules)
 * 1:49656 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules)
 * 1:50139 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules)
 * 1:50140 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules)
 * 1:50267 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:50268 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:50534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:50535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:50536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:50537 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:50761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:50762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:50763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:50764 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:50765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel (malware-cnc.rules)
 * 1:50766 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel (malware-cnc.rules)
 * 1:50767 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel (malware-cnc.rules)
 * 1:50768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel (malware-cnc.rules)
 * 1:50769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel (malware-cnc.rules)
 * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:51643 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules)
 * 1:51644 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules)
 * 1:51648 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX same origin method execution attempt (file-flash.rules)
 * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:52658 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
 * 1:52659 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
 * 1:53057 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
 * 1:53058 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
 * 1:54825 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules)
 * 1:54826 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules)
 * 1:55813 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules)
 * 1:55814 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules)
 * 1:57499 <-> DISABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules)
 * 1:59440 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules)
 * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules)
 * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19682 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 integer overflow attempt (file-flash.rules)
 * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:20131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:20778 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules)
 * 1:20779 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules)
 * 1:20780 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules)
 * 1:20781 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)

2025-03-25 15:47:16 UTC

Snort Subscriber Rules Update

Date: 2025-03-25

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091900.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:

 * 1:64697 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules)
 * 1:64691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules)
 * 1:64693 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules)
 * 1:64696 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules)
 * 1:64700 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules)
 * 1:64686 <-> DISABLED <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt (server-apache.rules)
 * 1:64701 <-> DISABLED <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt (policy-other.rules)
 * 1:60686 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules)
 * 1:64692 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules)
 * 1:64695 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules)
 * 1:64684 <-> DISABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules)
 * 1:64698 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules)
 * 1:64699 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules)
 * 1:64689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules)
 * 1:64685 <-> ENABLED <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt (server-webapp.rules)
 * 1:64694 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules)
 * 1:64690 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules)
 * 1:60687 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules)
 * 1:64687 <-> DISABLED <-> SERVER-MAIL Exim SMTP vulnerable version detected (server-mail.rules)
 * 1:64688 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules)

Modified Rules:

 * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules)
 * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19682 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 integer overflow attempt (file-flash.rules)
 * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:20131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:20778 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules)
 * 1:20779 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules)
 * 1:20780 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules)
 * 1:20781 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:20782 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules)
 * 1:20783 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules)
 * 1:20784 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules)
 * 1:20785 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:20803 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:21326 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX URL import attempt (file-flash.rules)
 * 1:21335 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode type confusion null dereference attempt (file-flash.rules)
 * 1:21336 <-> DISABLED <-> FILE-FLASH Adobe Flash ASConstructor insecure calling attempt (file-flash.rules)
 * 1:21338 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 zero length atom attempt (file-flash.rules)
 * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:21533 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules)
 * 1:21534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules)
 * 1:21535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules)
 * 1:21536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules)
 * 1:21653 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript getURL target null reference attempt (file-flash.rules)
 * 1:21654 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules)
 * 1:21655 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules)
 * 1:22069 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:22070 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:22915 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:22916 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:23129 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SecureSocket use without Connect attempt (file-flash.rules)
 * 1:23130 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X509 direct instantiation property access attempt (file-flash.rules)
 * 1:23131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X500 DistinguishedName property access attempt (file-flash.rules)
 * 1:23132 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineSound tag long recordheader length field attempt (file-flash.rules)
 * 1:23133 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.display.BitmapData constuctor overflow attempt (file-flash.rules)
 * 1:23134 <-> DISABLED <-> FILE-FLASH Adobe Flash Player broker destructor DoS attempt (file-flash.rules)
 * 1:23135 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.DisplayObject memory corruption attempt (file-flash.rules)
 * 1:23853 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules)
 * 1:23854 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules)
 * 1:23967 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt - compressed (file-flash.rules)
 * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:24138 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules)
 * 1:24139 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules)
 * 1:24140 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules)
 * 1:24142 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:24244 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules)
 * 1:24245 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules)
 * 1:24362 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24363 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24364 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24365 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24366 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules)
 * 1:24367 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules)
 * 1:24414 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules)
 * 1:24415 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules)
 * 1:24428 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24429 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24430 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24431 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24808 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules)
 * 1:24809 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules)
 * 1:24810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24813 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24874 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24875 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24876 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24877 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24879 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules)
 * 1:24882 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules)
 * 1:24890 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24892 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24893 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24895 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules)
 * 1:24896 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules)
 * 1:24980 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24981 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24982 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24983 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24984 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:24985 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules)
 * 1:24986 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules)
 * 1:24989 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules)
 * 1:24990 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules)
 * 1:24991 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules)
 * 1:24992 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules)
 * 1:25676 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:25677 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:25678 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:25679 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:25681 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules)
 * 1:25683 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules)
 * 1:25815 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV crafted ADPCM stream heap overflow attempt (file-flash.rules)
 * 1:43995 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules)
 * 1:43996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules)
 * 1:44002 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules)
 * 1:44003 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules)
 * 1:44016 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules)
 * 1:44017 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules)
 * 1:44173 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules)
 * 1:44174 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules)
 * 1:44345 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:44346 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:44347 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:44348 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:44351 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules)
 * 1:44352 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules)
 * 1:44552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules)
 * 1:44553 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules)
 * 1:44583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules)
 * 1:44584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules)
 * 1:44887 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules)
 * 1:44888 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules)
 * 1:44891 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules)
 * 1:44892 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules)
 * 1:44902 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules)
 * 1:44903 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules)
 * 1:44951 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules)
 * 1:44952 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules)
 * 1:44963 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules)
 * 1:44964 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules)
 * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:45404 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules)
 * 1:45405 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules)
 * 1:45459 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip attachbitmap use-after-free attempt (file-flash.rules)
 * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:45546 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules)
 * 1:45547 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules)
 * 1:45593 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:45594 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:45595 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:45613 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules)
 * 1:45614 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules)
 * 1:45615 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules)
 * 1:45616 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules)
 * 1:45683 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:45743 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:45744 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:46247 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules)
 * 1:46248 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules)
 * 1:46254 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules)
 * 1:46255 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules)
 * 1:46260 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules)
 * 1:46261 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules)
 * 1:47833 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules)
 * 1:46262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:46263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:46324 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:46598 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules)
 * 1:46599 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules)
 * 1:46917 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:46918 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:48426 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules)
 * 1:48425 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules)
 * 1:48491 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:48493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:48494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:48495 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:48496 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:48566 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:48567 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:49231 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules)
 * 1:49232 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules)
 * 1:49311 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules)
 * 1:49312 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules)
 * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:49654 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules)
 * 1:49655 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules)
 * 1:49656 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules)
 * 1:50139 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules)
 * 1:50140 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules)
 * 1:50267 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:50268 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:50534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:50535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:50536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:50537 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:50761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:50762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:50763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:50764 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:50765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel (malware-cnc.rules)
 * 1:50766 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel (malware-cnc.rules)
 * 1:50767 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel (malware-cnc.rules)
 * 1:50768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel (malware-cnc.rules)
 * 1:48492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:47834 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules)
 * 1:46919 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:46920 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:46949 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules)
 * 1:46950 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules)
 * 1:47127 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules)
 * 1:47128 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules)
 * 1:47191 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules)
 * 1:47192 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules)
 * 1:47531 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules)
 * 1:47532 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules)
 * 1:47786 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:47787 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:50769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel (malware-cnc.rules)
 * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:51643 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules)
 * 1:51644 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules)
 * 1:51648 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX same origin method execution attempt (file-flash.rules)
 * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:52658 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
 * 1:52659 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
 * 1:53057 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
 * 1:53058 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
 * 1:54825 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules)
 * 1:54826 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules)
 * 1:55813 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules)
 * 1:55814 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules)
 * 1:57499 <-> DISABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules)
 * 1:59440 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules)

2025-03-25 15:47:16 UTC

Snort Subscriber Rules Update

Date: 2025-03-25

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091801.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:

 * 1:64701 <-> DISABLED <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt (policy-other.rules)
 * 1:64695 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules)
 * 1:64687 <-> DISABLED <-> SERVER-MAIL Exim SMTP vulnerable version detected (server-mail.rules)
 * 1:64691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules)
 * 1:64692 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules)
 * 1:64700 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules)
 * 1:64688 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules)
 * 1:64697 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules)
 * 1:60687 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules)
 * 1:64693 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules)
 * 1:60686 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules)
 * 1:64684 <-> DISABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules)
 * 1:64689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules)
 * 1:64698 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules)
 * 1:64696 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules)
 * 1:64699 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules)
 * 1:64686 <-> DISABLED <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt (server-apache.rules)
 * 1:64690 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules)
 * 1:64694 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules)
 * 1:64685 <-> ENABLED <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt (server-webapp.rules)

Modified Rules:

 * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules)
 * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19682 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 integer overflow attempt (file-flash.rules)
 * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:20131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:20778 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules)
 * 1:20779 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules)
 * 1:20780 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules)
 * 1:20781 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:20782 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules)
 * 1:20783 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules)
 * 1:20784 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules)
 * 1:20785 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:20803 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:21326 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX URL import attempt (file-flash.rules)
 * 1:21335 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode type confusion null dereference attempt (file-flash.rules)
 * 1:21336 <-> DISABLED <-> FILE-FLASH Adobe Flash ASConstructor insecure calling attempt (file-flash.rules)
 * 1:21338 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 zero length atom attempt (file-flash.rules)
 * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:21533 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules)
 * 1:21534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules)
 * 1:21535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules)
 * 1:21536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules)
 * 1:21653 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript getURL target null reference attempt (file-flash.rules)
 * 1:21654 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules)
 * 1:21655 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules)
 * 1:22069 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:22070 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:22915 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:22916 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:23129 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SecureSocket use without Connect attempt (file-flash.rules)
 * 1:23130 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X509 direct instantiation property access attempt (file-flash.rules)
 * 1:23131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X500 DistinguishedName property access attempt (file-flash.rules)
 * 1:23132 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineSound tag long recordheader length field attempt (file-flash.rules)
 * 1:23133 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.display.BitmapData constuctor overflow attempt (file-flash.rules)
 * 1:23134 <-> DISABLED <-> FILE-FLASH Adobe Flash Player broker destructor DoS attempt (file-flash.rules)
 * 1:23135 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.DisplayObject memory corruption attempt (file-flash.rules)
 * 1:23853 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules)
 * 1:23854 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules)
 * 1:23967 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt - compressed (file-flash.rules)
 * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:24138 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules)
 * 1:24139 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules)
 * 1:24140 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules)
 * 1:24142 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:24244 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules)
 * 1:24245 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules)
 * 1:24362 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24363 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24364 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24365 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24366 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules)
 * 1:24367 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules)
 * 1:24414 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules)
 * 1:24415 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules)
 * 1:24428 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24429 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24430 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24431 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24808 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules)
 * 1:24809 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules)
 * 1:24810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24813 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24874 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24875 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24876 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24877 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24879 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules)
 * 1:24882 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules)
 * 1:24890 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24892 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24893 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24895 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules)
 * 1:24896 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules)
 * 1:24980 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24981 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24982 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24983 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24984 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:24985 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules)
 * 1:24986 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules)
 * 1:24989 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules)
 * 1:24990 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules)
 * 1:24991 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules)
 * 1:24992 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules)
 * 1:25676 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:25677 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:25678 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:44173 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules)
 * 1:45613 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules)
 * 1:50140 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules)
 * 1:50139 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules)
 * 1:47834 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules)
 * 1:48491 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:48425 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules)
 * 1:25681 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules)
 * 1:25683 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules)
 * 1:25815 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV crafted ADPCM stream heap overflow attempt (file-flash.rules)
 * 1:43995 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules)
 * 1:43996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules)
 * 1:44002 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules)
 * 1:45614 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules)
 * 1:44016 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules)
 * 1:44174 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules)
 * 1:44345 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:44346 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:44347 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:44348 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:44351 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules)
 * 1:44352 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules)
 * 1:44552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules)
 * 1:44553 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules)
 * 1:44583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules)
 * 1:44584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules)
 * 1:44887 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules)
 * 1:44888 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules)
 * 1:44891 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules)
 * 1:44892 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules)
 * 1:44902 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules)
 * 1:44903 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules)
 * 1:44951 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules)
 * 1:44952 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules)
 * 1:44963 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules)
 * 1:44964 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules)
 * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:45404 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules)
 * 1:45405 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules)
 * 1:45459 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip attachbitmap use-after-free attempt (file-flash.rules)
 * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:45546 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules)
 * 1:45547 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules)
 * 1:45593 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:45594 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:50536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:50537 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:50761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:50762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:25679 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:48492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:48493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:48494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:48495 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:50763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:48496 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:48566 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:48567 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:49231 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules)
 * 1:50764 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:49232 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules)
 * 1:49311 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules)
 * 1:49312 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules)
 * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:50765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel (malware-cnc.rules)
 * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:49654 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules)
 * 1:50766 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel (malware-cnc.rules)
 * 1:49655 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules)
 * 1:49656 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules)
 * 1:44017 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules)
 * 1:50267 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:50268 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:50534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:50535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:50767 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel (malware-cnc.rules)
 * 1:50768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel (malware-cnc.rules)
 * 1:50769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel (malware-cnc.rules)
 * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:51643 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules)
 * 1:51644 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules)
 * 1:51648 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX same origin method execution attempt (file-flash.rules)
 * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:52658 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
 * 1:52659 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
 * 1:53057 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
 * 1:53058 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
 * 1:54825 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules)
 * 1:54826 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules)
 * 1:55813 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules)
 * 1:55814 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules)
 * 1:57499 <-> DISABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules)
 * 1:59440 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules)
 * 1:44003 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules)
 * 1:45615 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules)
 * 1:45616 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules)
 * 1:45683 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:45743 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:45744 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:46247 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules)
 * 1:46248 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules)
 * 1:46254 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules)
 * 1:46255 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules)
 * 1:46260 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules)
 * 1:46261 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules)
 * 1:45595 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:46263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:46324 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:46598 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules)
 * 1:46599 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules)
 * 1:46917 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:46918 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:46919 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:46920 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:46949 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules)
 * 1:46950 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules)
 * 1:47127 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules)
 * 1:47128 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules)
 * 1:47191 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules)
 * 1:47192 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules)
 * 1:47531 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules)
 * 1:47532 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules)
 * 1:47786 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:47787 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:47833 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules)
 * 1:48426 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules)
 * 1:46262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)

2025-03-25 15:47:16 UTC

Snort Subscriber Rules Update

Date: 2025-03-25

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091701.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:

 * 1:64697 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules)
 * 1:64694 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules)
 * 1:64684 <-> DISABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules)
 * 1:64687 <-> DISABLED <-> SERVER-MAIL Exim SMTP vulnerable version detected (server-mail.rules)
 * 1:64691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules)
 * 1:64690 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules)
 * 1:60686 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules)
 * 1:64696 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules)
 * 1:64701 <-> DISABLED <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt (policy-other.rules)
 * 1:64688 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules)
 * 1:64695 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules)
 * 1:64689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules)
 * 1:64692 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules)
 * 1:60687 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules)
 * 1:64693 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules)
 * 1:64700 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules)
 * 1:64686 <-> DISABLED <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt (server-apache.rules)
 * 1:64685 <-> ENABLED <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt (server-webapp.rules)
 * 1:64699 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules)
 * 1:64698 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules)

Modified Rules:

 * 1:53058 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
 * 1:54825 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules)
 * 1:54826 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules)
 * 1:55813 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules)
 * 1:55814 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules)
 * 1:51648 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX same origin method execution attempt (file-flash.rules)
 * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:52658 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
 * 1:53057 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
 * 1:47834 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules)
 * 1:48567 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:44352 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules)
 * 1:51643 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules)
 * 1:51644 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules)
 * 1:48496 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:47532 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules)
 * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:49231 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules)
 * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:50268 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:50140 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules)
 * 1:50139 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules)
 * 1:48491 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:48494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:49654 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules)
 * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:50536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:23134 <-> DISABLED <-> FILE-FLASH Adobe Flash Player broker destructor DoS attempt (file-flash.rules)
 * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:50769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel (malware-cnc.rules)
 * 1:50763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:50762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:50537 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:49311 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules)
 * 1:50534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:50767 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel (malware-cnc.rules)
 * 1:48566 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:50764 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:48493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:48495 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:49312 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules)
 * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:50765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel (malware-cnc.rules)
 * 1:50761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:49656 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules)
 * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:49655 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules)
 * 1:50267 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:50768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel (malware-cnc.rules)
 * 1:50535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:49232 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules)
 * 1:48492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:50766 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel (malware-cnc.rules)
 * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules)
 * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19682 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 integer overflow attempt (file-flash.rules)
 * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:20131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:20778 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules)
 * 1:20780 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules)
 * 1:20779 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules)
 * 1:20781 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:20783 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules)
 * 1:20782 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules)
 * 1:20784 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules)
 * 1:20803 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:20785 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:21326 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX URL import attempt (file-flash.rules)
 * 1:21336 <-> DISABLED <-> FILE-FLASH Adobe Flash ASConstructor insecure calling attempt (file-flash.rules)
 * 1:21335 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode type confusion null dereference attempt (file-flash.rules)
 * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:21338 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 zero length atom attempt (file-flash.rules)
 * 1:21533 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules)
 * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:21535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules)
 * 1:21534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules)
 * 1:21536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules)
 * 1:21653 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript getURL target null reference attempt (file-flash.rules)
 * 1:21655 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules)
 * 1:21654 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules)
 * 1:22070 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:22069 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:22916 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:22915 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:24985 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules)
 * 1:23129 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SecureSocket use without Connect attempt (file-flash.rules)
 * 1:23967 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt - compressed (file-flash.rules)
 * 1:23854 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules)
 * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:24139 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules)
 * 1:24138 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules)
 * 1:24142 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:45593 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:23130 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X509 direct instantiation property access attempt (file-flash.rules)
 * 1:44347 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:24245 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules)
 * 1:24244 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules)
 * 1:24363 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24362 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24365 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24364 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24367 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules)
 * 1:24366 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules)
 * 1:24415 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules)
 * 1:24414 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules)
 * 1:24429 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24428 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24431 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24430 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24809 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules)
 * 1:24808 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules)
 * 1:24811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24813 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24875 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24874 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24877 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24876 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24882 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules)
 * 1:24879 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules)
 * 1:24892 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24890 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24895 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules)
 * 1:24893 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24980 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24896 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules)
 * 1:23131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X500 DistinguishedName property access attempt (file-flash.rules)
 * 1:46254 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules)
 * 1:45594 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:24140 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules)
 * 1:45613 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules)
 * 1:45595 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:45615 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules)
 * 1:45614 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules)
 * 1:45616 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules)
 * 1:45683 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:45744 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:45743 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:46248 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules)
 * 1:46247 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules)
 * 1:46260 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules)
 * 1:46255 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules)
 * 1:46262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:46261 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules)
 * 1:46324 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:46263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:46599 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules)
 * 1:46598 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules)
 * 1:46918 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:46917 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:46920 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:46919 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:46950 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules)
 * 1:46949 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules)
 * 1:47128 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules)
 * 1:47127 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules)
 * 1:47192 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules)
 * 1:47191 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules)
 * 1:47531 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules)
 * 1:59440 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules)
 * 1:57499 <-> DISABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules)
 * 1:47787 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:47786 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:23133 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.display.BitmapData constuctor overflow attempt (file-flash.rules)
 * 1:52659 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
 * 1:24981 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24982 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24983 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24984 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:24986 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules)
 * 1:24992 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules)
 * 1:24990 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules)
 * 1:24991 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules)
 * 1:25676 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:25681 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules)
 * 1:25677 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:25678 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:25679 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:25683 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules)
 * 1:44002 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules)
 * 1:25815 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV crafted ADPCM stream heap overflow attempt (file-flash.rules)
 * 1:43995 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules)
 * 1:43996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules)
 * 1:44003 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules)
 * 1:44174 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules)
 * 1:44016 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules)
 * 1:44017 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules)
 * 1:44173 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules)
 * 1:44345 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:44553 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules)
 * 1:23132 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineSound tag long recordheader length field attempt (file-flash.rules)
 * 1:44348 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:44351 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules)
 * 1:44552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules)
 * 1:44583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules)
 * 1:44584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules)
 * 1:44887 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules)
 * 1:44888 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules)
 * 1:44891 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules)
 * 1:44892 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules)
 * 1:44902 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules)
 * 1:44903 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules)
 * 1:44951 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules)
 * 1:44952 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules)
 * 1:44963 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules)
 * 1:44964 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules)
 * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:45404 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules)
 * 1:45405 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules)
 * 1:45459 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip attachbitmap use-after-free attempt (file-flash.rules)
 * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:45546 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules)
 * 1:24989 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules)
 * 1:44346 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:45547 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules)
 * 1:47833 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules)
 * 1:48425 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules)
 * 1:23853 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules)
 * 1:48426 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules)
 * 1:23135 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.DisplayObject memory corruption attempt (file-flash.rules)

2025-03-25 15:47:16 UTC

Snort Subscriber Rules Update

Date: 2025-03-25

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:

 * 1:64694 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules)
 * 1:64687 <-> DISABLED <-> SERVER-MAIL Exim SMTP vulnerable version detected (server-mail.rules)
 * 1:64684 <-> DISABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules)
 * 1:64699 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules)
 * 1:64696 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules)
 * 1:64701 <-> DISABLED <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt (policy-other.rules)
 * 1:60687 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules)
 * 1:60686 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules)
 * 1:64692 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules)
 * 1:64697 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules)
 * 1:64695 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules)
 * 1:64689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules)
 * 1:64685 <-> ENABLED <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt (server-webapp.rules)
 * 1:64693 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules)
 * 1:64700 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules)
 * 1:64686 <-> DISABLED <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt (server-apache.rules)
 * 1:64690 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules)
 * 1:64698 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules)
 * 1:64691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules)
 * 1:64688 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules)

Modified Rules:

 * 1:48491 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:48425 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules)
 * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:55813 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules)
 * 1:53057 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
 * 1:53058 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
 * 1:54825 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules)
 * 1:54826 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules)
 * 1:47834 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules)
 * 1:50537 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:55814 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules)
 * 1:57499 <-> DISABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules)
 * 1:59440 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules)
 * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:47833 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules)
 * 1:47787 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:52658 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
 * 1:50765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel (malware-cnc.rules)
 * 1:51648 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX same origin method execution attempt (file-flash.rules)
 * 1:52659 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
 * 1:48426 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules)
 * 1:50763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:50267 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:50536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:50761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:50268 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules)
 * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19682 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 integer overflow attempt (file-flash.rules)
 * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:20131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:20778 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules)
 * 1:20779 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules)
 * 1:20780 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules)
 * 1:20781 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:20782 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules)
 * 1:20783 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules)
 * 1:20784 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules)
 * 1:20785 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:20803 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:21326 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX URL import attempt (file-flash.rules)
 * 1:21335 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode type confusion null dereference attempt (file-flash.rules)
 * 1:21336 <-> DISABLED <-> FILE-FLASH Adobe Flash ASConstructor insecure calling attempt (file-flash.rules)
 * 1:21338 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 zero length atom attempt (file-flash.rules)
 * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:21533 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules)
 * 1:21534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules)
 * 1:21535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules)
 * 1:21536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules)
 * 1:21653 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript getURL target null reference attempt (file-flash.rules)
 * 1:21654 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules)
 * 1:21655 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules)
 * 1:22069 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:22070 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:22915 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:22916 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:23129 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SecureSocket use without Connect attempt (file-flash.rules)
 * 1:23130 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X509 direct instantiation property access attempt (file-flash.rules)
 * 1:23131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X500 DistinguishedName property access attempt (file-flash.rules)
 * 1:23132 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineSound tag long recordheader length field attempt (file-flash.rules)
 * 1:23133 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.display.BitmapData constuctor overflow attempt (file-flash.rules)
 * 1:23134 <-> DISABLED <-> FILE-FLASH Adobe Flash Player broker destructor DoS attempt (file-flash.rules)
 * 1:23135 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.DisplayObject memory corruption attempt (file-flash.rules)
 * 1:23853 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules)
 * 1:23854 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules)
 * 1:23967 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt - compressed (file-flash.rules)
 * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:24138 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules)
 * 1:24139 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules)
 * 1:24140 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules)
 * 1:24142 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:24244 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules)
 * 1:24245 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules)
 * 1:24362 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24363 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24364 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24365 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24366 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules)
 * 1:24367 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules)
 * 1:24414 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules)
 * 1:24415 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules)
 * 1:24428 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24429 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24430 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24431 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24808 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules)
 * 1:24809 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules)
 * 1:24810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24813 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24874 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24875 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24876 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24877 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24879 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules)
 * 1:24882 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules)
 * 1:24890 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24892 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24893 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24895 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules)
 * 1:24896 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules)
 * 1:24980 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24981 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24982 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24983 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24984 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:24985 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules)
 * 1:24986 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules)
 * 1:24989 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules)
 * 1:24990 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules)
 * 1:24991 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules)
 * 1:24992 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules)
 * 1:25676 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:25677 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:25678 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:25679 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:25681 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules)
 * 1:25683 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules)
 * 1:25815 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV crafted ADPCM stream heap overflow attempt (file-flash.rules)
 * 1:43995 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules)
 * 1:43996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules)
 * 1:44002 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules)
 * 1:44003 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules)
 * 1:44016 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules)
 * 1:44017 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules)
 * 1:44173 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules)
 * 1:44174 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules)
 * 1:44345 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:48492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:44346 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:44347 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:50768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel (malware-cnc.rules)
 * 1:48493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:51643 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules)
 * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:49654 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules)
 * 1:48494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:51644 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules)
 * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:48495 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:50769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel (malware-cnc.rules)
 * 1:49655 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules)
 * 1:48496 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:50140 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules)
 * 1:48566 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:48567 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:50535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:49231 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules)
 * 1:49232 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules)
 * 1:49311 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules)
 * 1:50766 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel (malware-cnc.rules)
 * 1:49656 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules)
 * 1:44348 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:49312 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules)
 * 1:44351 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules)
 * 1:50764 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:50139 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules)
 * 1:50534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:50762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:50767 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel (malware-cnc.rules)
 * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:44352 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules)
 * 1:44552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules)
 * 1:44553 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules)
 * 1:44583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules)
 * 1:44584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules)
 * 1:44887 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules)
 * 1:44888 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules)
 * 1:44891 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules)
 * 1:44892 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules)
 * 1:44902 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules)
 * 1:44903 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules)
 * 1:44951 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules)
 * 1:44952 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules)
 * 1:44963 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules)
 * 1:44964 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules)
 * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:45404 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules)
 * 1:45405 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules)
 * 1:45459 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip attachbitmap use-after-free attempt (file-flash.rules)
 * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:45546 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules)
 * 1:45547 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules)
 * 1:45593 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:45594 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:45595 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:45613 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules)
 * 1:45614 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules)
 * 1:45615 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules)
 * 1:45616 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules)
 * 1:45683 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:45743 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:45744 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:46247 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules)
 * 1:46248 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules)
 * 1:46254 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules)
 * 1:46255 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules)
 * 1:46260 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules)
 * 1:46261 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules)
 * 1:46262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:46263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:46324 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:46598 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules)
 * 1:46599 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules)
 * 1:46917 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:46918 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:46919 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:46920 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:46949 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules)
 * 1:46950 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules)
 * 1:47127 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules)
 * 1:47128 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules)
 * 1:47191 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules)
 * 1:47192 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules)
 * 1:47531 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules)
 * 1:47532 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules)
 * 1:47786 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)

2025-03-25 15:47:16 UTC

Snort Subscriber Rules Update

Date: 2025-03-25

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:

 * 1:64688 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules)
 * 1:64690 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules)
 * 1:64697 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules)
 * 1:64700 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules)
 * 1:64686 <-> DISABLED <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt (server-apache.rules)
 * 1:64698 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules)
 * 1:64696 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules)
 * 1:64701 <-> DISABLED <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt (policy-other.rules)
 * 1:60687 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules)
 * 1:60686 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules)
 * 1:64692 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules)
 * 1:64694 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules)
 * 1:64684 <-> DISABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules)
 * 1:64695 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules)
 * 1:64685 <-> ENABLED <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt (server-webapp.rules)
 * 1:64691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules)
 * 1:64699 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules)
 * 1:64689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules)
 * 1:64693 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules)
 * 1:64687 <-> DISABLED <-> SERVER-MAIL Exim SMTP vulnerable version detected (server-mail.rules)

Modified Rules:

 * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:52658 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
 * 1:48491 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:51643 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules)
 * 1:50764 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:49312 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules)
 * 1:50268 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:48494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:49654 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules)
 * 1:50267 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:50763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:50762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:50534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:48495 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:50139 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules)
 * 1:50768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel (malware-cnc.rules)
 * 1:49655 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules)
 * 1:50140 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules)
 * 1:49231 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules)
 * 1:50761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:59440 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules)
 * 1:48493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:52659 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
 * 1:53057 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
 * 1:53058 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
 * 1:54825 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules)
 * 1:54826 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules)
 * 1:47833 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules)
 * 1:51644 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules)
 * 1:50536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:50537 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:49232 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules)
 * 1:48496 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:47786 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:49311 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules)
 * 1:48567 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:48492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:48425 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules)
 * 1:48426 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules)
 * 1:50767 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel (malware-cnc.rules)
 * 1:50765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel (malware-cnc.rules)
 * 1:49656 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules)
 * 1:51648 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX same origin method execution attempt (file-flash.rules)
 * 1:50769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel (malware-cnc.rules)
 * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:50766 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel (malware-cnc.rules)
 * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:47834 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules)
 * 1:50535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:48566 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules)
 * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:20131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19682 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 integer overflow attempt (file-flash.rules)
 * 1:20780 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules)
 * 1:20779 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules)
 * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:20784 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules)
 * 1:20783 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules)
 * 1:20778 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules)
 * 1:20781 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:21335 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode type confusion null dereference attempt (file-flash.rules)
 * 1:21326 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX URL import attempt (file-flash.rules)
 * 1:20782 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules)
 * 1:20785 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:20803 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:21336 <-> DISABLED <-> FILE-FLASH Adobe Flash ASConstructor insecure calling attempt (file-flash.rules)
 * 1:21536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules)
 * 1:21535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules)
 * 1:21338 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 zero length atom attempt (file-flash.rules)
 * 1:21533 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules)
 * 1:22069 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:21655 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules)
 * 1:21534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules)
 * 1:21653 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript getURL target null reference attempt (file-flash.rules)
 * 1:23129 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SecureSocket use without Connect attempt (file-flash.rules)
 * 1:22916 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:21654 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules)
 * 1:22070 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:23133 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.display.BitmapData constuctor overflow attempt (file-flash.rules)
 * 1:23132 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineSound tag long recordheader length field attempt (file-flash.rules)
 * 1:22915 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:23130 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X509 direct instantiation property access attempt (file-flash.rules)
 * 1:23854 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules)
 * 1:23853 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules)
 * 1:23131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X500 DistinguishedName property access attempt (file-flash.rules)
 * 1:23134 <-> DISABLED <-> FILE-FLASH Adobe Flash Player broker destructor DoS attempt (file-flash.rules)
 * 1:24138 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules)
 * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:23135 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.DisplayObject memory corruption attempt (file-flash.rules)
 * 1:23967 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt - compressed (file-flash.rules)
 * 1:24244 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules)
 * 1:24142 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:24139 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules)
 * 1:24364 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24363 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24245 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules)
 * 1:24430 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24140 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules)
 * 1:24367 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules)
 * 1:24414 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules)
 * 1:24365 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24362 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24429 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24366 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules)
 * 1:24415 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules)
 * 1:24810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24809 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules)
 * 1:24428 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24431 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24874 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24813 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24877 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24808 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules)
 * 1:24879 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules)
 * 1:24812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24875 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24893 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24892 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24876 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24882 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules)
 * 1:24981 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24980 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24890 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24895 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules)
 * 1:24985 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules)
 * 1:24984 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:24896 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules)
 * 1:24982 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24991 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules)
 * 1:24990 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules)
 * 1:24983 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24986 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules)
 * 1:25678 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:25677 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:24989 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules)
 * 1:24992 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules)
 * 1:25815 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV crafted ADPCM stream heap overflow attempt (file-flash.rules)
 * 1:25683 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules)
 * 1:25676 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:25679 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:44003 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules)
 * 1:44002 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules)
 * 1:43995 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules)
 * 1:25681 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules)
 * 1:44174 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules)
 * 1:44173 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules)
 * 1:43996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules)
 * 1:44016 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules)
 * 1:44348 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:44347 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:44017 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules)
 * 1:44345 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:44553 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules)
 * 1:44552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules)
 * 1:44346 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:44351 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules)
 * 1:44888 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules)
 * 1:44887 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules)
 * 1:44352 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules)
 * 1:44583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules)
 * 1:44903 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules)
 * 1:44902 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules)
 * 1:44584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules)
 * 1:44891 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules)
 * 1:44963 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules)
 * 1:44964 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules)
 * 1:44892 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules)
 * 1:44951 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules)
 * 1:45405 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules)
 * 1:45404 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules)
 * 1:44952 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules)
 * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:45546 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules)
 * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:45459 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip attachbitmap use-after-free attempt (file-flash.rules)
 * 1:45595 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:45594 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:45547 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules)
 * 1:45616 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules)
 * 1:45615 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules)
 * 1:45593 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:45613 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules)
 * 1:46247 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules)
 * 1:45744 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:45614 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules)
 * 1:45683 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:45743 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:46255 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules)
 * 1:46260 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules)
 * 1:46248 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules)
 * 1:46324 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:46263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:46254 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules)
 * 1:46261 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules)
 * 1:46918 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:46917 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:46598 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules)
 * 1:46949 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules)
 * 1:46262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:46919 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:46950 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules)
 * 1:47191 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules)
 * 1:46599 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules)
 * 1:47127 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules)
 * 1:47192 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules)
 * 1:47531 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules)
 * 1:46920 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:47532 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules)
 * 1:47128 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules)
 * 1:55813 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules)
 * 1:55814 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules)
 * 1:47787 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:57499 <-> DISABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules)

2025-03-25 15:47:16 UTC

Snort Subscriber Rules Update

Date: 2025-03-25

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:

 * 1:64694 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules)
 * 1:64689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules)
 * 1:64693 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules)
 * 1:64692 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules)
 * 1:64691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules)
 * 1:64684 <-> DISABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules)
 * 1:64698 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules)
 * 1:64695 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules)
 * 1:60686 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules)
 * 1:64686 <-> DISABLED <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt (server-apache.rules)
 * 1:64696 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules)
 * 1:64700 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules)
 * 1:64697 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules)
 * 1:64688 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules)
 * 1:64687 <-> DISABLED <-> SERVER-MAIL Exim SMTP vulnerable version detected (server-mail.rules)
 * 1:64701 <-> DISABLED <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt (policy-other.rules)
 * 1:64690 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules)
 * 1:64699 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules)
 * 1:64685 <-> ENABLED <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt (server-webapp.rules)
 * 1:60687 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules)

Modified Rules:

 * 1:51648 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX same origin method execution attempt (file-flash.rules)
 * 1:50140 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules)
 * 1:50766 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel (malware-cnc.rules)
 * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:50536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:49311 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules)
 * 1:50763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:50534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:49656 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules)
 * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:49312 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules)
 * 1:49655 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules)
 * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:48566 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:51644 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules)
 * 1:50761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:51643 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules)
 * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:48426 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules)
 * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:48491 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:49654 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules)
 * 1:49232 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules)
 * 1:49231 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules)
 * 1:50769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel (malware-cnc.rules)
 * 1:48496 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:50535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:50767 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel (malware-cnc.rules)
 * 1:53057 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
 * 1:50268 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:52659 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
 * 1:53058 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
 * 1:50762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:50764 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:54826 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules)
 * 1:54825 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules)
 * 1:50139 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules)
 * 1:57499 <-> DISABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules)
 * 1:50765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel (malware-cnc.rules)
 * 1:48493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:55814 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules)
 * 1:50768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel (malware-cnc.rules)
 * 1:55813 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules)
 * 1:59440 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules)
 * 1:50537 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:48495 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:52658 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
 * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules)
 * 1:48567 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:50267 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19682 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 integer overflow attempt (file-flash.rules)
 * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:20131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:20778 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules)
 * 1:20779 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules)
 * 1:20780 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules)
 * 1:20781 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:20782 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules)
 * 1:20783 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules)
 * 1:20784 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules)
 * 1:20785 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:20803 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:21326 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX URL import attempt (file-flash.rules)
 * 1:21335 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode type confusion null dereference attempt (file-flash.rules)
 * 1:21336 <-> DISABLED <-> FILE-FLASH Adobe Flash ASConstructor insecure calling attempt (file-flash.rules)
 * 1:21338 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 zero length atom attempt (file-flash.rules)
 * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:21533 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules)
 * 1:21534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules)
 * 1:21535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules)
 * 1:21536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules)
 * 1:21653 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript getURL target null reference attempt (file-flash.rules)
 * 1:21654 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules)
 * 1:21655 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules)
 * 1:22069 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:22070 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:22915 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:22916 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:23129 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SecureSocket use without Connect attempt (file-flash.rules)
 * 1:23130 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X509 direct instantiation property access attempt (file-flash.rules)
 * 1:23131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X500 DistinguishedName property access attempt (file-flash.rules)
 * 1:23132 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineSound tag long recordheader length field attempt (file-flash.rules)
 * 1:23133 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.display.BitmapData constuctor overflow attempt (file-flash.rules)
 * 1:23134 <-> DISABLED <-> FILE-FLASH Adobe Flash Player broker destructor DoS attempt (file-flash.rules)
 * 1:23135 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.DisplayObject memory corruption attempt (file-flash.rules)
 * 1:23853 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules)
 * 1:23854 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules)
 * 1:23967 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt - compressed (file-flash.rules)
 * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:24138 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules)
 * 1:24139 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules)
 * 1:24140 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules)
 * 1:24142 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:24244 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules)
 * 1:24245 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules)
 * 1:24362 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24363 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24364 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24365 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24366 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules)
 * 1:24367 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules)
 * 1:24414 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules)
 * 1:24415 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules)
 * 1:24428 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24429 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24430 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24431 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24808 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules)
 * 1:24809 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules)
 * 1:24810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24813 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24874 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24875 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24876 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24877 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24879 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules)
 * 1:24882 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules)
 * 1:24890 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24892 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24893 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24895 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules)
 * 1:24896 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules)
 * 1:24980 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24981 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24982 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24983 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24984 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:24985 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules)
 * 1:24986 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules)
 * 1:24989 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules)
 * 1:24990 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules)
 * 1:24991 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules)
 * 1:24992 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules)
 * 1:25676 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:25677 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:25678 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:25679 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:25681 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules)
 * 1:25683 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules)
 * 1:25815 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV crafted ADPCM stream heap overflow attempt (file-flash.rules)
 * 1:43995 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules)
 * 1:43996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules)
 * 1:44002 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules)
 * 1:44003 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules)
 * 1:44016 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules)
 * 1:44017 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules)
 * 1:44173 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules)
 * 1:44174 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules)
 * 1:44345 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:44346 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:44347 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:44348 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:44351 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules)
 * 1:44352 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules)
 * 1:44552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules)
 * 1:44553 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules)
 * 1:44583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules)
 * 1:44584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules)
 * 1:44887 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules)
 * 1:44888 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules)
 * 1:44891 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules)
 * 1:44892 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules)
 * 1:44902 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules)
 * 1:44903 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules)
 * 1:44951 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules)
 * 1:44952 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules)
 * 1:44963 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules)
 * 1:44964 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules)
 * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:45404 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules)
 * 1:45405 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules)
 * 1:45459 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip attachbitmap use-after-free attempt (file-flash.rules)
 * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:45546 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules)
 * 1:45547 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules)
 * 1:45593 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:45594 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:45595 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:45613 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules)
 * 1:45614 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules)
 * 1:45615 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules)
 * 1:45616 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules)
 * 1:45683 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:45743 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:45744 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:46247 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules)
 * 1:46248 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules)
 * 1:46254 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules)
 * 1:46255 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules)
 * 1:46260 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules)
 * 1:46261 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules)
 * 1:46262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:46263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:46324 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:46598 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules)
 * 1:46599 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules)
 * 1:46917 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:46918 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:46919 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:46920 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:46949 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules)
 * 1:46950 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules)
 * 1:47127 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules)
 * 1:47128 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules)
 * 1:47191 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules)
 * 1:47192 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules)
 * 1:47531 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules)
 * 1:47532 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules)
 * 1:47786 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:48494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:48492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:47787 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:47833 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules)
 * 1:47834 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules)
 * 1:48425 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules)

2025-03-25 15:47:16 UTC

Snort Subscriber Rules Update

Date: 2025-03-25

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:

 * 1:60686 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules)
 * 1:64695 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules)
 * 1:64690 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules)
 * 1:64696 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules)
 * 1:64700 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules)
 * 1:64688 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules)
 * 1:64697 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules)
 * 1:64685 <-> ENABLED <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt (server-webapp.rules)
 * 1:64687 <-> DISABLED <-> SERVER-MAIL Exim SMTP vulnerable version detected (server-mail.rules)
 * 1:64694 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules)
 * 1:64684 <-> DISABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules)
 * 1:64692 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules)
 * 1:64699 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules)
 * 1:64701 <-> DISABLED <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt (policy-other.rules)
 * 1:64693 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules)
 * 1:64689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules)
 * 1:60687 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules)
 * 1:64686 <-> DISABLED <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt (server-apache.rules)
 * 1:64698 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules)
 * 1:64691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules)

Modified Rules:

 * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:53057 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
 * 1:47786 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:46950 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules)
 * 1:51648 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX same origin method execution attempt (file-flash.rules)
 * 1:47191 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules)
 * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:24876 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24892 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24896 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules)
 * 1:24981 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24984 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:24992 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules)
 * 1:25676 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:25815 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV crafted ADPCM stream heap overflow attempt (file-flash.rules)
 * 1:43995 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules)
 * 1:44017 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules)
 * 1:47532 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules)
 * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:48492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:24982 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:48493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:48494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:48495 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:50767 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel (malware-cnc.rules)
 * 1:50766 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel (malware-cnc.rules)
 * 1:48496 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:50534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:48566 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:48567 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:49231 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules)
 * 1:50537 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:49232 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules)
 * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:50764 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:50765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel (malware-cnc.rules)
 * 1:49311 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules)
 * 1:49312 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules)
 * 1:47192 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules)
 * 1:47531 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules)
 * 1:46919 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:46920 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:24989 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules)
 * 1:24890 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules)
 * 1:44002 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules)
 * 1:25681 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules)
 * 1:50768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel (malware-cnc.rules)
 * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:51644 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules)
 * 1:51643 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules)
 * 1:47834 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules)
 * 1:52658 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
 * 1:44003 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules)
 * 1:47787 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:24990 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules)
 * 1:24895 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules)
 * 1:24893 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules)
 * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:50761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:50536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:48425 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules)
 * 1:44016 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules)
 * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:24879 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules)
 * 1:24983 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:25677 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:53058 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
 * 1:54825 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules)
 * 1:24986 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules)
 * 1:52659 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
 * 1:24980 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:44345 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:50769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel (malware-cnc.rules)
 * 1:25683 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules)
 * 1:43996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules)
 * 1:24991 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules)
 * 1:24877 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24985 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules)
 * 1:24813 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:50763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:46599 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules)
 * 1:47833 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules)
 * 1:48426 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules)
 * 1:54826 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules)
 * 1:57499 <-> DISABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules)
 * 1:55814 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules)
 * 1:59440 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules)
 * 1:55813 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules)
 * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules)
 * 1:49656 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules)
 * 1:19682 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 integer overflow attempt (file-flash.rules)
 * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:20781 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:20778 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules)
 * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:20785 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:20782 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules)
 * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:20780 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules)
 * 1:21336 <-> DISABLED <-> FILE-FLASH Adobe Flash ASConstructor insecure calling attempt (file-flash.rules)
 * 1:20803 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:20131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:20784 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules)
 * 1:21338 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 zero length atom attempt (file-flash.rules)
 * 1:21533 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules)
 * 1:20779 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules)
 * 1:21335 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode type confusion null dereference attempt (file-flash.rules)
 * 1:21653 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript getURL target null reference attempt (file-flash.rules)
 * 1:21534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules)
 * 1:20783 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules)
 * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:22070 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:21654 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules)
 * 1:21326 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX URL import attempt (file-flash.rules)
 * 1:21536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules)
 * 1:23130 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X509 direct instantiation property access attempt (file-flash.rules)
 * 1:22915 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:22069 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:23134 <-> DISABLED <-> FILE-FLASH Adobe Flash Player broker destructor DoS attempt (file-flash.rules)
 * 1:23131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X500 DistinguishedName property access attempt (file-flash.rules)
 * 1:21535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules)
 * 1:23129 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SecureSocket use without Connect attempt (file-flash.rules)
 * 1:23967 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt - compressed (file-flash.rules)
 * 1:23135 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.DisplayObject memory corruption attempt (file-flash.rules)
 * 1:21655 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules)
 * 1:23133 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.display.BitmapData constuctor overflow attempt (file-flash.rules)
 * 1:22916 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:24142 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:23854 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules)
 * 1:24363 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24139 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules)
 * 1:24138 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules)
 * 1:24362 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:23132 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineSound tag long recordheader length field attempt (file-flash.rules)
 * 1:24244 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules)
 * 1:24365 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24366 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules)
 * 1:23853 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules)
 * 1:24364 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24415 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules)
 * 1:24428 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:24414 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules)
 * 1:24809 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules)
 * 1:24431 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24245 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules)
 * 1:24430 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24140 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules)
 * 1:24808 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules)
 * 1:24875 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24882 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules)
 * 1:24367 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules)
 * 1:25679 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:24874 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:44346 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:24429 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:44174 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules)
 * 1:44351 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules)
 * 1:44352 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules)
 * 1:24810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:44348 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:44583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules)
 * 1:44584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules)
 * 1:25678 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:44553 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules)
 * 1:44891 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules)
 * 1:44892 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules)
 * 1:44173 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules)
 * 1:44887 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules)
 * 1:44951 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules)
 * 1:44952 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules)
 * 1:44347 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:44903 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules)
 * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:44552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules)
 * 1:44964 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules)
 * 1:45459 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip attachbitmap use-after-free attempt (file-flash.rules)
 * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:44888 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules)
 * 1:45405 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules)
 * 1:45547 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules)
 * 1:45593 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:44902 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules)
 * 1:45546 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules)
 * 1:45613 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules)
 * 1:45614 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules)
 * 1:44963 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules)
 * 1:45595 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:45615 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules)
 * 1:45743 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:45404 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules)
 * 1:45616 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules)
 * 1:46248 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules)
 * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:46263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:46254 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules)
 * 1:45594 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:46247 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules)
 * 1:46261 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules)
 * 1:46260 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules)
 * 1:46917 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:46324 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:45683 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:46949 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules)
 * 1:45744 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:46262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:46918 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:47127 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules)
 * 1:46255 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules)
 * 1:46598 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules)
 * 1:50139 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules)
 * 1:47128 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules)
 * 1:50140 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules)
 * 1:50535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:49654 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules)
 * 1:49655 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules)
 * 1:50268 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:50267 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:50762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:48491 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)

2025-03-25 15:47:16 UTC

Snort Subscriber Rules Update

Date: 2025-03-25

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:

 * 1:64700 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules)
 * 1:64687 <-> DISABLED <-> SERVER-MAIL Exim SMTP vulnerable version detected (server-mail.rules)
 * 1:64694 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules)
 * 1:64692 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules)
 * 1:60686 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules)
 * 1:64697 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules)
 * 1:64686 <-> DISABLED <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt (server-apache.rules)
 * 1:64695 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules)
 * 1:64699 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules)
 * 1:64696 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules)
 * 1:64691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules)
 * 1:64685 <-> ENABLED <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt (server-webapp.rules)
 * 1:64693 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules)
 * 1:64698 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules)
 * 1:60687 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules)
 * 1:64684 <-> DISABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules)
 * 1:64690 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules)
 * 1:64701 <-> DISABLED <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt (policy-other.rules)
 * 1:64689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules)
 * 1:64688 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules)

Modified Rules:

 * 1:47787 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:50761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:50769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel (malware-cnc.rules)
 * 1:47786 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:50768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel (malware-cnc.rules)
 * 1:59440 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules)
 * 1:54826 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules)
 * 1:50762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:49655 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules)
 * 1:54825 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules)
 * 1:20781 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:51644 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules)
 * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:48492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:48496 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:50765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel (malware-cnc.rules)
 * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:52658 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
 * 1:47531 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules)
 * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:46920 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:22070 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:48491 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:20779 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules)
 * 1:21655 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules)
 * 1:21535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules)
 * 1:21536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules)
 * 1:21653 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript getURL target null reference attempt (file-flash.rules)
 * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules)
 * 1:47192 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules)
 * 1:48566 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:50534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:49311 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules)
 * 1:52659 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
 * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:48495 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:55813 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules)
 * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:50763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:48494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:50764 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:49654 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules)
 * 1:47532 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules)
 * 1:48493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:21534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules)
 * 1:50267 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:47834 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules)
 * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:48567 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:50537 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:50140 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules)
 * 1:46950 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules)
 * 1:47191 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules)
 * 1:55814 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules)
 * 1:50535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:57499 <-> DISABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules)
 * 1:53057 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
 * 1:50139 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules)
 * 1:47833 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules)
 * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:49656 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules)
 * 1:51648 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX same origin method execution attempt (file-flash.rules)
 * 1:50767 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel (malware-cnc.rules)
 * 1:20778 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules)
 * 1:50536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:47128 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules)
 * 1:22069 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:22916 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:23854 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules)
 * 1:23131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X500 DistinguishedName property access attempt (file-flash.rules)
 * 1:22915 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:23130 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X509 direct instantiation property access attempt (file-flash.rules)
 * 1:24138 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules)
 * 1:23134 <-> DISABLED <-> FILE-FLASH Adobe Flash Player broker destructor DoS attempt (file-flash.rules)
 * 1:23129 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SecureSocket use without Connect attempt (file-flash.rules)
 * 1:23133 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.display.BitmapData constuctor overflow attempt (file-flash.rules)
 * 1:24244 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules)
 * 1:23967 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt - compressed (file-flash.rules)
 * 1:23132 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineSound tag long recordheader length field attempt (file-flash.rules)
 * 1:23853 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules)
 * 1:24364 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24139 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules)
 * 1:23135 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.DisplayObject memory corruption attempt (file-flash.rules)
 * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:24414 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules)
 * 1:24245 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules)
 * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:24140 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules)
 * 1:24430 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24365 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24142 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:24363 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24415 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules)
 * 1:24362 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24367 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules)
 * 1:24874 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24431 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24366 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules)
 * 1:24429 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24876 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24428 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24809 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules)
 * 1:24896 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules)
 * 1:24875 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24808 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules)
 * 1:24813 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24983 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24882 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules)
 * 1:24812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24877 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24989 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules)
 * 1:24893 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24892 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules)
 * 1:25681 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules)
 * 1:24879 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules)
 * 1:24980 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:25676 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:24895 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules)
 * 1:24890 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24984 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:24981 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24982 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:43996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules)
 * 1:24990 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules)
 * 1:24985 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules)
 * 1:24986 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules)
 * 1:44017 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules)
 * 1:25677 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:24992 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules)
 * 1:25683 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules)
 * 1:24991 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules)
 * 1:44346 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:25678 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:25679 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:21338 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 zero length atom attempt (file-flash.rules)
 * 1:44003 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules)
 * 1:25815 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV crafted ADPCM stream heap overflow attempt (file-flash.rules)
 * 1:21335 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode type confusion null dereference attempt (file-flash.rules)
 * 1:20131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:43995 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules)
 * 1:20782 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules)
 * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:21336 <-> DISABLED <-> FILE-FLASH Adobe Flash ASConstructor insecure calling attempt (file-flash.rules)
 * 1:20780 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules)
 * 1:21326 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX URL import attempt (file-flash.rules)
 * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:44352 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules)
 * 1:44002 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules)
 * 1:20785 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:20803 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:19682 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 integer overflow attempt (file-flash.rules)
 * 1:44584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules)
 * 1:44173 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules)
 * 1:20783 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules)
 * 1:44016 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules)
 * 1:44892 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules)
 * 1:44347 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:44174 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules)
 * 1:44345 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:44952 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules)
 * 1:44552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules)
 * 1:44348 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:44351 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules)
 * 1:44887 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules)
 * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:44553 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules)
 * 1:44583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules)
 * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:44902 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules)
 * 1:44888 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules)
 * 1:44891 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules)
 * 1:45593 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:44963 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules)
 * 1:44903 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules)
 * 1:44951 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules)
 * 1:45614 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules)
 * 1:45404 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules)
 * 1:44964 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules)
 * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:45683 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:45405 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules)
 * 1:45459 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip attachbitmap use-after-free attempt (file-flash.rules)
 * 1:46247 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules)
 * 1:45594 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:45546 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules)
 * 1:45547 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules)
 * 1:45595 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:45615 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules)
 * 1:46262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:45613 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules)
 * 1:46324 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:46248 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules)
 * 1:45616 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules)
 * 1:45744 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:46918 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:46255 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules)
 * 1:46254 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules)
 * 1:46598 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules)
 * 1:45743 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:46261 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules)
 * 1:46919 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:46260 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules)
 * 1:46599 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules)
 * 1:46263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:48426 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules)
 * 1:21654 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules)
 * 1:49312 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules)
 * 1:50766 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel (malware-cnc.rules)
 * 1:50268 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:49232 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules)
 * 1:49231 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules)
 * 1:48425 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules)
 * 1:51643 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules)
 * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:46917 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:47127 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules)
 * 1:20784 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules)
 * 1:46949 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules)
 * 1:21533 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules)
 * 1:53058 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)

2025-03-25 15:47:16 UTC

Snort Subscriber Rules Update

Date: 2025-03-25

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:

 * 1:64695 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules)
 * 1:64691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules)
 * 1:60687 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules)
 * 1:60686 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules)
 * 1:64693 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules)
 * 1:64698 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules)
 * 1:64686 <-> DISABLED <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt (server-apache.rules)
 * 1:64700 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules)
 * 1:64688 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules)
 * 1:64701 <-> DISABLED <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt (policy-other.rules)
 * 1:64687 <-> DISABLED <-> SERVER-MAIL Exim SMTP vulnerable version detected (server-mail.rules)
 * 1:64692 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules)
 * 1:64696 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules)
 * 1:64699 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules)
 * 1:64689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules)
 * 1:64685 <-> ENABLED <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt (server-webapp.rules)
 * 1:64690 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules)
 * 1:64694 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules)
 * 1:64684 <-> DISABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules)
 * 1:64697 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules)

Modified Rules:

 * 1:54825 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules)
 * 1:19682 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 integer overflow attempt (file-flash.rules)
 * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:47833 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules)
 * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:50267 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:50767 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel (malware-cnc.rules)
 * 1:46950 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules)
 * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:47786 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:50766 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel (malware-cnc.rules)
 * 1:48491 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:48566 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:49311 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules)
 * 1:48492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:48494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:46949 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules)
 * 1:53058 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
 * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:49654 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules)
 * 1:49231 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules)
 * 1:49656 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules)
 * 1:20131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:49232 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules)
 * 1:50762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:50139 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules)
 * 1:51644 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules)
 * 1:54826 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules)
 * 1:50763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:46918 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:52658 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
 * 1:46920 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:52659 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
 * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:46917 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:46919 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:50536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:51648 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX same origin method execution attempt (file-flash.rules)
 * 1:47787 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:51643 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules)
 * 1:50764 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:50765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel (malware-cnc.rules)
 * 1:48493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:50768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel (malware-cnc.rules)
 * 1:50140 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules)
 * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:55813 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules)
 * 1:59440 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules)
 * 1:55814 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules)
 * 1:57499 <-> DISABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules)
 * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:50537 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:25815 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV crafted ADPCM stream heap overflow attempt (file-flash.rules)
 * 1:47127 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules)
 * 1:24985 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules)
 * 1:24990 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules)
 * 1:25677 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:20778 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules)
 * 1:48496 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:46599 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules)
 * 1:24992 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules)
 * 1:24989 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules)
 * 1:44002 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules)
 * 1:47192 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules)
 * 1:25681 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules)
 * 1:25683 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules)
 * 1:25676 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:46324 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:24984 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:24991 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules)
 * 1:20779 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules)
 * 1:50268 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:47834 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules)
 * 1:50535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:49312 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules)
 * 1:49655 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules)
 * 1:48426 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules)
 * 1:20780 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules)
 * 1:50761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:48495 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:48425 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules)
 * 1:24981 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:50769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel (malware-cnc.rules)
 * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules)
 * 1:46260 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules)
 * 1:47532 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules)
 * 1:48567 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:46598 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules)
 * 1:20782 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules)
 * 1:20803 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:20783 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules)
 * 1:21338 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 zero length atom attempt (file-flash.rules)
 * 1:21326 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX URL import attempt (file-flash.rules)
 * 1:20785 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:21534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules)
 * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:21336 <-> DISABLED <-> FILE-FLASH Adobe Flash ASConstructor insecure calling attempt (file-flash.rules)
 * 1:21654 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules)
 * 1:21535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules)
 * 1:20784 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules)
 * 1:21533 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules)
 * 1:22915 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:21655 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules)
 * 1:21335 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode type confusion null dereference attempt (file-flash.rules)
 * 1:21653 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript getURL target null reference attempt (file-flash.rules)
 * 1:22916 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:23131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X500 DistinguishedName property access attempt (file-flash.rules)
 * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:22070 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:23135 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.DisplayObject memory corruption attempt (file-flash.rules)
 * 1:23132 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineSound tag long recordheader length field attempt (file-flash.rules)
 * 1:21536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules)
 * 1:23130 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X509 direct instantiation property access attempt (file-flash.rules)
 * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:23853 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules)
 * 1:22069 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:23134 <-> DISABLED <-> FILE-FLASH Adobe Flash Player broker destructor DoS attempt (file-flash.rules)
 * 1:24140 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules)
 * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:23129 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SecureSocket use without Connect attempt (file-flash.rules)
 * 1:23967 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt - compressed (file-flash.rules)
 * 1:24362 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24142 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:23133 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.display.BitmapData constuctor overflow attempt (file-flash.rules)
 * 1:24139 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules)
 * 1:24366 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules)
 * 1:24363 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:23854 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules)
 * 1:24245 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules)
 * 1:24138 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules)
 * 1:24367 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules)
 * 1:24430 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24365 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24428 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24415 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules)
 * 1:24809 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules)
 * 1:24244 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules)
 * 1:24431 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24813 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24364 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24876 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24877 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24414 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules)
 * 1:24875 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24893 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24890 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24808 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules)
 * 1:24882 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules)
 * 1:24896 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules)
 * 1:24980 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24429 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24892 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24983 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24986 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules)
 * 1:24874 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:25679 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:24982 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:44003 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules)
 * 1:24879 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules)
 * 1:43996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules)
 * 1:44173 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules)
 * 1:44174 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules)
 * 1:24895 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules)
 * 1:44017 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules)
 * 1:44347 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:44348 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:25678 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:44346 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:44552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules)
 * 1:44553 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules)
 * 1:43995 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules)
 * 1:44351 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules)
 * 1:44887 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules)
 * 1:44888 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules)
 * 1:44016 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules)
 * 1:44584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules)
 * 1:44902 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules)
 * 1:44903 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules)
 * 1:44345 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:44892 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules)
 * 1:44963 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules)
 * 1:44964 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules)
 * 1:44352 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules)
 * 1:44952 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules)
 * 1:45404 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules)
 * 1:45405 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules)
 * 1:44583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules)
 * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:45546 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules)
 * 1:44891 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules)
 * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:45547 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules)
 * 1:45595 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:44951 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules)
 * 1:45593 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:45615 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules)
 * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:46248 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules)
 * 1:45616 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules)
 * 1:45459 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip attachbitmap use-after-free attempt (file-flash.rules)
 * 1:45614 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules)
 * 1:45744 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:45743 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:46261 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules)
 * 1:46254 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules)
 * 1:45594 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:46263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:45613 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules)
 * 1:46247 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules)
 * 1:46262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:50534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:47128 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules)
 * 1:45683 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:46255 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules)
 * 1:47531 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules)
 * 1:47191 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules)
 * 1:20781 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:53057 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)

2025-03-25 15:47:16 UTC

Snort Subscriber Rules Update

Date: 2025-03-25

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:

 * 1:64687 <-> DISABLED <-> SERVER-MAIL Exim SMTP vulnerable version detected (server-mail.rules)
 * 1:64690 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules)
 * 1:64686 <-> DISABLED <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt (server-apache.rules)
 * 1:60686 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules)
 * 1:64693 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules)
 * 1:64695 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules)
 * 1:64684 <-> DISABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules)
 * 1:64688 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules)
 * 1:60687 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules)
 * 1:64701 <-> DISABLED <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt (policy-other.rules)
 * 1:64692 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules)
 * 1:64691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules)
 * 1:64696 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules)
 * 1:64700 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules)
 * 1:64694 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules)
 * 1:64698 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules)
 * 1:64697 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules)
 * 1:64685 <-> ENABLED <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt (server-webapp.rules)
 * 1:64689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules)
 * 1:64699 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules)

Modified Rules:

 * 1:48494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:24890 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules)
 * 1:50267 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:50536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:48426 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules)
 * 1:49311 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules)
 * 1:49232 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules)
 * 1:49231 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules)
 * 1:50767 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel (malware-cnc.rules)
 * 1:49655 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules)
 * 1:50268 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:48493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:49654 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules)
 * 1:50766 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel (malware-cnc.rules)
 * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:49312 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules)
 * 1:50761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:51648 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX same origin method execution attempt (file-flash.rules)
 * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:22069 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:51643 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules)
 * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules)
 * 1:47834 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules)
 * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:44903 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules)
 * 1:23131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X500 DistinguishedName property access attempt (file-flash.rules)
 * 1:52658 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
 * 1:50762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:47192 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules)
 * 1:50139 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules)
 * 1:53057 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
 * 1:50140 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules)
 * 1:55813 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules)
 * 1:50534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:57499 <-> DISABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules)
 * 1:59440 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules)
 * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:48425 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules)
 * 1:48567 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:24980 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:46950 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules)
 * 1:21655 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules)
 * 1:47786 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:48491 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:45743 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:45744 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:45615 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules)
 * 1:22915 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:45683 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:46261 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules)
 * 1:24362 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:46263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:23130 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X509 direct instantiation property access attempt (file-flash.rules)
 * 1:45459 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip attachbitmap use-after-free attempt (file-flash.rules)
 * 1:46920 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:45405 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules)
 * 1:46324 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:46262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:46918 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:47531 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules)
 * 1:46260 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules)
 * 1:45547 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules)
 * 1:46919 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:45616 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules)
 * 1:46949 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules)
 * 1:45593 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:45594 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:20785 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:23133 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.display.BitmapData constuctor overflow attempt (file-flash.rules)
 * 1:46254 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules)
 * 1:46255 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules)
 * 1:46598 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules)
 * 1:45546 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules)
 * 1:45613 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules)
 * 1:46599 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules)
 * 1:46247 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules)
 * 1:24415 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules)
 * 1:45595 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:46248 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules)
 * 1:46917 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:47127 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules)
 * 1:47532 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules)
 * 1:47128 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules)
 * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:24876 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:48496 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:50763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:48566 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:50769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel (malware-cnc.rules)
 * 1:21654 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules)
 * 1:21533 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules)
 * 1:55814 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules)
 * 1:44963 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules)
 * 1:48495 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:50764 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules)
 * 1:47787 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
 * 1:20781 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:21535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules)
 * 1:23132 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineSound tag long recordheader length field attempt (file-flash.rules)
 * 1:50768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel (malware-cnc.rules)
 * 1:47191 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules)
 * 1:21336 <-> DISABLED <-> FILE-FLASH Adobe Flash ASConstructor insecure calling attempt (file-flash.rules)
 * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:44951 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules)
 * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:49656 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules)
 * 1:52659 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
 * 1:24810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:44003 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules)
 * 1:24892 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules)
 * 1:23129 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SecureSocket use without Connect attempt (file-flash.rules)
 * 1:21338 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 zero length atom attempt (file-flash.rules)
 * 1:22916 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:20131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:21335 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode type confusion null dereference attempt (file-flash.rules)
 * 1:21653 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript getURL target null reference attempt (file-flash.rules)
 * 1:47833 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules)
 * 1:23134 <-> DISABLED <-> FILE-FLASH Adobe Flash Player broker destructor DoS attempt (file-flash.rules)
 * 1:23853 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules)
 * 1:24244 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules)
 * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:23135 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.DisplayObject memory corruption attempt (file-flash.rules)
 * 1:23967 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt - compressed (file-flash.rules)
 * 1:24364 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24139 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules)
 * 1:23854 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules)
 * 1:24138 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules)
 * 1:24414 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules)
 * 1:24245 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules)
 * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:24142 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:50765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel (malware-cnc.rules)
 * 1:20784 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules)
 * 1:24430 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24365 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24140 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules)
 * 1:25681 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules)
 * 1:24431 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24366 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules)
 * 1:24874 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24367 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules)
 * 1:24429 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24428 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24879 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules)
 * 1:24811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24809 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules)
 * 1:24893 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24813 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24875 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24808 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules)
 * 1:24896 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules)
 * 1:24882 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules)
 * 1:24989 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules)
 * 1:24812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24877 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24895 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules)
 * 1:25676 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:21536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules)
 * 1:24982 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24985 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules)
 * 1:24984 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:44017 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules)
 * 1:24981 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24990 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules)
 * 1:43996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules)
 * 1:24986 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules)
 * 1:24983 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:25677 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:24991 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules)
 * 1:24992 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules)
 * 1:44346 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:25683 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules)
 * 1:25678 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:25679 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:25815 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV crafted ADPCM stream heap overflow attempt (file-flash.rules)
 * 1:44352 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules)
 * 1:44002 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules)
 * 1:43995 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules)
 * 1:44173 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules)
 * 1:24363 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:44584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules)
 * 1:45614 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules)
 * 1:45404 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules)
 * 1:44964 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules)
 * 1:50537 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:44016 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules)
 * 1:22070 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:44348 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:44174 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules)
 * 1:20803 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:44345 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:20779 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules)
 * 1:19682 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 integer overflow attempt (file-flash.rules)
 * 1:21326 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX URL import attempt (file-flash.rules)
 * 1:20778 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules)
 * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:44892 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules)
 * 1:44347 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules)
 * 1:20782 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules)
 * 1:20783 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules)
 * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:44952 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules)
 * 1:44552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules)
 * 1:20780 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules)
 * 1:44351 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules)
 * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:44887 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules)
 * 1:44553 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules)
 * 1:44583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules)
 * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:44902 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules)
 * 1:44888 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules)
 * 1:44891 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules)
 * 1:51644 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules)
 * 1:54826 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules)
 * 1:54825 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules)
 * 1:21534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules)
 * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:50535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:48492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
 * 1:53058 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)

2025-03-25 15:49:56 UTC

Snort Subscriber Rules Update

Date: 2025-03-25-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301168 <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt
* 1:64684 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection
* 1:64685 <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt
* 1:64686 <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt
* 1:64687 <-> SERVER-MAIL Exim SMTP vulnerable version detected
* 1:64689 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64690 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64691 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64692 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection
* 1:64693 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection
* 1:64694 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt
* 1:64695 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt
* 1:64696 <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt
* 1:64699 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt
* 1:64700 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt
* 1:64701 <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt

Modified Rules:

* 1:43300 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt
* 1:43301 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt
* 1:50761 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50762 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50763 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50764 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50765 <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel
* 1:50766 <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel
* 1:50767 <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel
* 1:50768 <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel
* 1:50769 <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel
* 1:55813 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt
* 1:55814 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt


2025-03-25 15:49:56 UTC

Snort Subscriber Rules Update

Date: 2025-03-25-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301168 <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt
* 1:64684 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection
* 1:64685 <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt
* 1:64686 <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt
* 1:64687 <-> SERVER-MAIL Exim SMTP vulnerable version detected
* 1:64689 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64690 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64691 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64692 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection
* 1:64693 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection
* 1:64694 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt
* 1:64695 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt
* 1:64696 <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt
* 1:64699 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt
* 1:64700 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt
* 1:64701 <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt

Modified Rules:

* 1:43300 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt
* 1:43301 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt
* 1:50761 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50762 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50763 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50764 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50765 <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel
* 1:50766 <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel
* 1:50767 <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel
* 1:50768 <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel
* 1:50769 <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel
* 1:55813 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt
* 1:55814 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt


2025-03-25 15:49:56 UTC

Snort Subscriber Rules Update

Date: 2025-03-25-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.4.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301168 <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt
* 1:64684 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection
* 1:64685 <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt
* 1:64686 <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt
* 1:64687 <-> SERVER-MAIL Exim SMTP vulnerable version detected
* 1:64689 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64690 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64691 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64692 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection
* 1:64693 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection
* 1:64694 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt
* 1:64695 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt
* 1:64696 <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt
* 1:64699 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt
* 1:64700 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt
* 1:64701 <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt

Modified Rules:

* 1:43300 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt
* 1:43301 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt
* 1:50761 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50762 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50763 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50764 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50765 <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel
* 1:50766 <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel
* 1:50767 <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel
* 1:50768 <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel
* 1:50769 <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel
* 1:55813 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt
* 1:55814 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt


2025-03-25 15:49:56 UTC

Snort Subscriber Rules Update

Date: 2025-03-25-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301168 <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt
* 1:64684 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection
* 1:64685 <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt
* 1:64686 <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt
* 1:64687 <-> SERVER-MAIL Exim SMTP vulnerable version detected
* 1:64689 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64690 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64691 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64692 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection
* 1:64693 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection
* 1:64694 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt
* 1:64695 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt
* 1:64696 <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt
* 1:64699 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt
* 1:64700 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt
* 1:64701 <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt

Modified Rules:

* 1:43300 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt
* 1:43301 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt
* 1:50761 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50762 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50763 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50764 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50765 <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel
* 1:50766 <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel
* 1:50767 <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel
* 1:50768 <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel
* 1:50769 <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel
* 1:55813 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt
* 1:55814 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt


2025-03-25 15:49:56 UTC

Snort Subscriber Rules Update

Date: 2025-03-25-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301168 <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt
* 1:64684 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection
* 1:64685 <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt
* 1:64686 <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt
* 1:64687 <-> SERVER-MAIL Exim SMTP vulnerable version detected
* 1:64689 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64690 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64691 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64692 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection
* 1:64693 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection
* 1:64694 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt
* 1:64695 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt
* 1:64696 <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt
* 1:64699 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt
* 1:64700 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt
* 1:64701 <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt

Modified Rules:

* 1:43300 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt
* 1:43301 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt
* 1:50761 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50762 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50763 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50764 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50765 <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel
* 1:50766 <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel
* 1:50767 <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel
* 1:50768 <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel
* 1:50769 <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel
* 1:55813 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt
* 1:55814 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt


2025-03-25 15:49:56 UTC

Snort Subscriber Rules Update

Date: 2025-03-25-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.1.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301168 <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt
* 1:64684 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection
* 1:64685 <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt
* 1:64686 <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt
* 1:64687 <-> SERVER-MAIL Exim SMTP vulnerable version detected
* 1:64689 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64690 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64691 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64692 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection
* 1:64693 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection
* 1:64694 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt
* 1:64695 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt
* 1:64696 <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt
* 1:64699 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt
* 1:64700 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt
* 1:64701 <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt

Modified Rules:

* 1:43300 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt
* 1:43301 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt
* 1:50761 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50762 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50763 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50764 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50765 <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel
* 1:50766 <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel
* 1:50767 <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel
* 1:50768 <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel
* 1:50769 <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel
* 1:55813 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt
* 1:55814 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt


2025-03-25 15:49:57 UTC

Snort Subscriber Rules Update

Date: 2025-03-25-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.3.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301168 <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt
* 1:64684 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection
* 1:64685 <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt
* 1:64686 <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt
* 1:64687 <-> SERVER-MAIL Exim SMTP vulnerable version detected
* 1:64689 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64690 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64691 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64692 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection
* 1:64693 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection
* 1:64694 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt
* 1:64695 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt
* 1:64696 <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt
* 1:64699 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt
* 1:64700 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt
* 1:64701 <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt

Modified Rules:

* 1:43300 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt
* 1:43301 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt
* 1:50761 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50762 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50763 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50764 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50765 <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel
* 1:50766 <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel
* 1:50767 <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel
* 1:50768 <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel
* 1:50769 <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel
* 1:55813 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt
* 1:55814 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt


2025-03-25 15:49:57 UTC

Snort Subscriber Rules Update

Date: 2025-03-25-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.4.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301168 <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt
* 1:64684 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection
* 1:64685 <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt
* 1:64686 <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt
* 1:64687 <-> SERVER-MAIL Exim SMTP vulnerable version detected
* 1:64689 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64690 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64691 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64692 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection
* 1:64693 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection
* 1:64694 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt
* 1:64695 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt
* 1:64696 <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt
* 1:64699 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt
* 1:64700 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt
* 1:64701 <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt

Modified Rules:

* 1:43300 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt
* 1:43301 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt
* 1:50761 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50762 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50763 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50764 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50765 <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel
* 1:50766 <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel
* 1:50767 <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel
* 1:50768 <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel
* 1:50769 <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel
* 1:55813 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt
* 1:55814 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt


2025-03-25 15:49:57 UTC

Snort Subscriber Rules Update

Date: 2025-03-25-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.5.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301168 <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt
* 1:64684 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection
* 1:64685 <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt
* 1:64686 <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt
* 1:64687 <-> SERVER-MAIL Exim SMTP vulnerable version detected
* 1:64689 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64690 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64691 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64692 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection
* 1:64693 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection
* 1:64694 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt
* 1:64695 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt
* 1:64696 <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt
* 1:64699 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt
* 1:64700 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt
* 1:64701 <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt

Modified Rules:

* 1:43300 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt
* 1:43301 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt
* 1:50761 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50762 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50763 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50764 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50765 <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel
* 1:50766 <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel
* 1:50767 <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel
* 1:50768 <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel
* 1:50769 <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel
* 1:55813 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt
* 1:55814 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt


2025-03-25 15:49:57 UTC

Snort Subscriber Rules Update

Date: 2025-03-25-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.7.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301168 <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt
* 1:64684 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection
* 1:64685 <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt
* 1:64686 <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt
* 1:64687 <-> SERVER-MAIL Exim SMTP vulnerable version detected
* 1:64689 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64690 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64691 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64692 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection
* 1:64693 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection
* 1:64694 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt
* 1:64695 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt
* 1:64696 <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt
* 1:64699 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt
* 1:64700 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt
* 1:64701 <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt

Modified Rules:

* 1:43300 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt
* 1:43301 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt
* 1:50761 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50762 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50763 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50764 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50765 <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel
* 1:50766 <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel
* 1:50767 <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel
* 1:50768 <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel
* 1:50769 <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel
* 1:55813 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt
* 1:55814 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt


2025-03-25 15:49:57 UTC

Snort Subscriber Rules Update

Date: 2025-03-25-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.9.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301168 <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt
* 1:64684 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection
* 1:64685 <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt
* 1:64686 <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt
* 1:64687 <-> SERVER-MAIL Exim SMTP vulnerable version detected
* 1:64689 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64690 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64691 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64692 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection
* 1:64693 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection
* 1:64694 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt
* 1:64695 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt
* 1:64696 <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt
* 1:64699 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt
* 1:64700 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt
* 1:64701 <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt

Modified Rules:

* 1:43300 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt
* 1:43301 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt
* 1:50761 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50762 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50763 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50764 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50765 <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel
* 1:50766 <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel
* 1:50767 <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel
* 1:50768 <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel
* 1:50769 <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel
* 1:55813 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt
* 1:55814 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt


2025-03-25 15:49:57 UTC

Snort Subscriber Rules Update

Date: 2025-03-25-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.2.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301168 <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt
* 1:64684 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection
* 1:64685 <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt
* 1:64686 <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt
* 1:64687 <-> SERVER-MAIL Exim SMTP vulnerable version detected
* 1:64689 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64690 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64691 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64692 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection
* 1:64693 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection
* 1:64694 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt
* 1:64695 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt
* 1:64696 <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt
* 1:64699 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt
* 1:64700 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt
* 1:64701 <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt

Modified Rules:

* 1:43300 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt
* 1:43301 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt
* 1:50761 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50762 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50763 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50764 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50765 <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel
* 1:50766 <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel
* 1:50767 <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel
* 1:50768 <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel
* 1:50769 <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel
* 1:55813 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt
* 1:55814 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt


2025-03-25 15:49:57 UTC

Snort Subscriber Rules Update

Date: 2025-03-25-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.7.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301168 <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt
* 1:64684 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection
* 1:64685 <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt
* 1:64686 <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt
* 1:64687 <-> SERVER-MAIL Exim SMTP vulnerable version detected
* 1:64689 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64690 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64691 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64692 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection
* 1:64693 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection
* 1:64694 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt
* 1:64695 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt
* 1:64696 <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt
* 1:64699 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt
* 1:64700 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt
* 1:64701 <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt

Modified Rules:

* 1:43300 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt
* 1:43301 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt
* 1:50761 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50762 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50763 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50764 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50765 <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel
* 1:50766 <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel
* 1:50767 <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel
* 1:50768 <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel
* 1:50769 <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel
* 1:55813 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt
* 1:55814 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt


2025-03-25 15:49:57 UTC

Snort Subscriber Rules Update

Date: 2025-03-25-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.11.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301168 <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt
* 1:64684 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection
* 1:64685 <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt
* 1:64686 <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt
* 1:64687 <-> SERVER-MAIL Exim SMTP vulnerable version detected
* 1:64689 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64690 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64691 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64692 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection
* 1:64693 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection
* 1:64694 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt
* 1:64695 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt
* 1:64696 <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt
* 1:64699 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt
* 1:64700 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt
* 1:64701 <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt

Modified Rules:

* 1:43300 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt
* 1:43301 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt
* 1:50761 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50762 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50763 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50764 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50765 <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel
* 1:50766 <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel
* 1:50767 <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel
* 1:50768 <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel
* 1:50769 <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel
* 1:55813 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt
* 1:55814 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt


2025-03-25 15:49:57 UTC

Snort Subscriber Rules Update

Date: 2025-03-25-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.15.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301168 <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt
* 1:64684 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection
* 1:64685 <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt
* 1:64686 <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt
* 1:64687 <-> SERVER-MAIL Exim SMTP vulnerable version detected
* 1:64689 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64690 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64691 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64692 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection
* 1:64693 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection
* 1:64694 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt
* 1:64695 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt
* 1:64696 <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt
* 1:64699 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt
* 1:64700 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt
* 1:64701 <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt

Modified Rules:

* 1:43300 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt
* 1:43301 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt
* 1:50761 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50762 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50763 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50764 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50765 <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel
* 1:50766 <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel
* 1:50767 <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel
* 1:50768 <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel
* 1:50769 <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel
* 1:55813 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt
* 1:55814 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt


2025-03-25 15:49:57 UTC

Snort Subscriber Rules Update

Date: 2025-03-25-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.18.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301168 <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt
* 1:64684 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection
* 1:64685 <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt
* 1:64686 <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt
* 1:64687 <-> SERVER-MAIL Exim SMTP vulnerable version detected
* 1:64689 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64690 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64691 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64692 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection
* 1:64693 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection
* 1:64694 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt
* 1:64695 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt
* 1:64696 <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt
* 1:64699 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt
* 1:64700 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt
* 1:64701 <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt

Modified Rules:

* 1:43300 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt
* 1:43301 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt
* 1:50761 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50762 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50763 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50764 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50765 <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel
* 1:50766 <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel
* 1:50767 <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel
* 1:50768 <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel
* 1:50769 <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel
* 1:55813 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt
* 1:55814 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt


2025-03-25 15:49:57 UTC

Snort Subscriber Rules Update

Date: 2025-03-25-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.20.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301168 <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt
* 1:64684 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection
* 1:64685 <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt
* 1:64686 <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt
* 1:64687 <-> SERVER-MAIL Exim SMTP vulnerable version detected
* 1:64689 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64690 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64691 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64692 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection
* 1:64693 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection
* 1:64694 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt
* 1:64695 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt
* 1:64696 <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt
* 1:64699 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt
* 1:64700 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt
* 1:64701 <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt

Modified Rules:

* 1:43300 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt
* 1:43301 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt
* 1:50761 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50762 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50763 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50764 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50765 <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel
* 1:50766 <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel
* 1:50767 <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel
* 1:50768 <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel
* 1:50769 <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel
* 1:55813 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt
* 1:55814 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt


2025-03-25 15:49:57 UTC

Snort Subscriber Rules Update

Date: 2025-03-25-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.21.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301168 <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt
* 1:64684 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection
* 1:64685 <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt
* 1:64686 <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt
* 1:64687 <-> SERVER-MAIL Exim SMTP vulnerable version detected
* 1:64689 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64690 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64691 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64692 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection
* 1:64693 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection
* 1:64694 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt
* 1:64695 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt
* 1:64696 <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt
* 1:64699 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt
* 1:64700 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt
* 1:64701 <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt

Modified Rules:

* 1:43300 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt
* 1:43301 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt
* 1:50761 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50762 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50763 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50764 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50765 <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel
* 1:50766 <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel
* 1:50767 <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel
* 1:50768 <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel
* 1:50769 <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel
* 1:55813 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt
* 1:55814 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt


2025-03-25 15:49:57 UTC

Snort Subscriber Rules Update

Date: 2025-03-25-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.35.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301168 <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt
* 1:64684 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection
* 1:64685 <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt
* 1:64686 <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt
* 1:64687 <-> SERVER-MAIL Exim SMTP vulnerable version detected
* 1:64689 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64690 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64691 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64692 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection
* 1:64693 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection
* 1:64694 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt
* 1:64695 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt
* 1:64696 <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt
* 1:64699 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt
* 1:64700 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt
* 1:64701 <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt

Modified Rules:

* 1:43300 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt
* 1:43301 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt
* 1:50761 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50762 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50763 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50764 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50765 <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel
* 1:50766 <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel
* 1:50767 <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel
* 1:50768 <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel
* 1:50769 <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel
* 1:55813 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt
* 1:55814 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt


2025-03-25 15:49:57 UTC

Snort Subscriber Rules Update

Date: 2025-03-25-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.44.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301168 <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt
* 1:64684 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection
* 1:64685 <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt
* 1:64686 <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt
* 1:64687 <-> SERVER-MAIL Exim SMTP vulnerable version detected
* 1:64689 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64690 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64691 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64692 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection
* 1:64693 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection
* 1:64694 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt
* 1:64695 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt
* 1:64696 <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt
* 1:64699 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt
* 1:64700 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt
* 1:64701 <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt

Modified Rules:

* 1:43300 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt
* 1:43301 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt
* 1:50761 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50762 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50763 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50764 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50765 <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel
* 1:50766 <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel
* 1:50767 <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel
* 1:50768 <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel
* 1:50769 <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel
* 1:55813 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt
* 1:55814 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt


2025-03-25 15:49:57 UTC

Snort Subscriber Rules Update

Date: 2025-03-25-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.47.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301168 <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt
* 1:64684 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection
* 1:64685 <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt
* 1:64686 <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt
* 1:64687 <-> SERVER-MAIL Exim SMTP vulnerable version detected
* 1:64689 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64690 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64691 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection
* 1:64692 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection
* 1:64693 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection
* 1:64694 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt
* 1:64695 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt
* 1:64696 <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt
* 1:64699 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt
* 1:64700 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt
* 1:64701 <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt

Modified Rules:

* 1:43300 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt
* 1:43301 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt
* 1:50761 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50762 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50763 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50764 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel
* 1:50765 <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel
* 1:50766 <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel
* 1:50767 <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel
* 1:50768 <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel
* 1:50769 <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel
* 1:55813 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt
* 1:55814 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt