VRT Rules 2014-06-03
This release adds and modifies rules in several categories.

The Sourcefire VRT has added and modified multiple rules in the blacklist, browser-firefox, exploit, exploit-kit, file-identify, file-office, file-other, file-pdf, malware-backdoor, malware-cnc, malware-other, protocol-ftp, protocol-snmp, pua-adware and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2014-07-07 20:52:25 UTC

Sourcefire VRT Rules Update

Date: 2014-06-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2956.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:31145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant outbound backdoor response (malware-cnc.rules)
 * 1:31107 <-> ENABLED <-> BLACKLIST DNS request for known malware domain blackshades.ru - Win.Trojan.Blackshades (blacklist.rules)
 * 1:31130 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules)
 * 1:31128 <-> DISABLED <-> PROTOCOL-FTP CoreFTP FTP Server TYPE command denial of service attempt (protocol-ftp.rules)
 * 1:31127 <-> DISABLED <-> FILE-OFFICE Microsoft Excel rtToolbarDef record integer overflow attempt (file-office.rules)
 * 1:31123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gigade variant inbound connection attempt (malware-cnc.rules)
 * 1:31109 <-> ENABLED <-> BLACKLIST DNS request for known malware domain blackshades.info.ovh.net - Win.Trojan.Blackshades (blacklist.rules)
 * 1:31108 <-> ENABLED <-> BLACKLIST DNS request for known malware domain blackshades.info - Win.Trojan.Blackshades (blacklist.rules)
 * 1:31110 <-> ENABLED <-> BLACKLIST DNS request for known malware domain blackshades.no-ip.info - Win.Trojan.Blackshades (blacklist.rules)
 * 1:31113 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection attempt (malware-cnc.rules)
 * 1:31134 <-> ENABLED <-> BLACKLIST DNS request for known malware domain obamasu.webs.com - Win.Trojan.Deedevil (blacklist.rules)
 * 1:31120 <-> ENABLED <-> BLACKLIST DNS request for known malware domain uol.conhecaauol.com.br - Win.Trojan.Cahecon (blacklist.rules)
 * 1:31119 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Marmoolak variant outbound connection (malware-cnc.rules)
 * 1:31118 <-> ENABLED <-> BLACKLIST DNS request for known malware domain red-move.tk - Win.Trojan.Marmoolak (blacklist.rules)
 * 1:31117 <-> ENABLED <-> BLACKLIST DNS request for known malware domain download.ustechsupport.com (blacklist.rules)
 * 1:31116 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Garsuni variant outbound connection (malware-cnc.rules)
 * 1:31115 <-> ENABLED <-> BLACKLIST DNS request for known malware domain bagi.ly - Win.Trojan.Garsuni (blacklist.rules)
 * 1:31135 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Deedevil variant outbound connection (malware-cnc.rules)
 * 1:31112 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bancos password stealing attempt (malware-cnc.rules)
 * 1:31111 <-> ENABLED <-> BLACKLIST DNS request for known malware domain blackshades.sytes.net - Win.Trojan.Blackshades (blacklist.rules)
 * 1:31146 <-> DISABLED <-> PUA-ADWARE Win.Adware.iBryte variant outbound connection (pua-adware.rules)
 * 1:31114 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rfusclient outbound connection attempt (malware-cnc.rules)
 * 1:31122 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent - User-Agent svchost (blacklist.rules)
 * 1:31121 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cahecon outbound connection (malware-cnc.rules)
 * 1:31124 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pyrtomsop outbound communication (malware-cnc.rules)
 * 1:31125 <-> DISABLED <-> FILE-OFFICE Microsoft Excel rtToolbarDef record integer overflow attempt (file-office.rules)
 * 1:31126 <-> DISABLED <-> FILE-OFFICE Microsoft Excel rtToolbarDef record integer overflow attempt (file-office.rules)
 * 1:31129 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules)
 * 1:31132 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Petun variant outbound connection (malware-cnc.rules)
 * 1:31103 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:31105 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:31106 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:31102 <-> DISABLED <-> SERVER-OTHER TrendMicro InterScan Viruswall directory traversal attempt (server-other.rules)
 * 1:31104 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:31101 <-> DISABLED <-> SERVER-OTHER Sharetronix cross site request forgery attempt (server-other.rules)
 * 1:31098 <-> DISABLED <-> PROTOCOL-SNMP Ubee U10C019 series WEP key enumeration attempt (protocol-snmp.rules)
 * 1:31099 <-> DISABLED <-> PROTOCOL-SNMP Ubee U10C019 series WPA key enumeration attempt (protocol-snmp.rules)
 * 1:31100 <-> DISABLED <-> PROTOCOL-SNMP Ubee U10C019 series password enumeration attempt (protocol-snmp.rules)
 * 1:31097 <-> DISABLED <-> PROTOCOL-SNMP Ubee DDW3611 series password enumeration attempt (protocol-snmp.rules)
 * 1:31095 <-> DISABLED <-> PROTOCOL-SNMP Ubee DDW3611 series WEP key enumeration attempt (protocol-snmp.rules)
 * 1:31096 <-> DISABLED <-> PROTOCOL-SNMP Ubee DDW3611 series WPA key enumeration attempt (protocol-snmp.rules)
 * 1:31136 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess inbound communication (malware-cnc.rules)
 * 1:31133 <-> ENABLED <-> BLACKLIST DNS request for known malware domain fudcrypt.com - Win.Trojan.Deedevil (blacklist.rules)
 * 1:31138 <-> ENABLED <-> BLACKLIST DNS request for known malware domain dudicalworld.com - Win.Trojan.Sloft (blacklist.rules)
 * 1:31137 <-> ENABLED <-> BLACKLIST DNS request for known malware domain aisgolf.com - Win.Trojan.Sloft (blacklist.rules)
 * 1:31140 <-> ENABLED <-> BLACKLIST DNS request for known malware domain nyescortsasianoutcall.com - Win.Trojan.Sloft (blacklist.rules)
 * 1:31131 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Petun variant outbound connection (malware-cnc.rules)
 * 1:31144 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant inbound backdoor keep-alive (malware-cnc.rules)
 * 1:31142 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sloft variant outbound connection (malware-cnc.rules)
 * 1:31141 <-> ENABLED <-> BLACKLIST DNS request for known malware domain trinity-electric-inc.com - Win.Trojan.Sloft (blacklist.rules)
 * 1:31139 <-> ENABLED <-> BLACKLIST DNS request for known malware domain fourchette-des-arenes.com - Win.Trojan.Sloft (blacklist.rules)
 * 1:31143 <-> ENABLED <-> SERVER-WEBAPP CA ERwin Web Portal ConfigServiceProvider directory traversal attempt (server-webapp.rules)

Modified Rules:


 * 1:19049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gigade variant outbound connection attempt (malware-cnc.rules)
 * 1:20481 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules)
 * 1:20534 <-> DISABLED <-> FILE-OFFICE Microsoft Excel rtToolbarDef record integer overflow attempt (file-office.rules)
 * 1:22078 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules)
 * 1:23341 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Tinrot.A runtime detection (malware-backdoor.rules)
 * 1:24572 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules)
 * 1:24574 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules)
 * 1:27538 <-> DISABLED <-> MALWARE-OTHER self-signed SSL certificate with default MyCompany Ltd organization name (malware-other.rules)
 * 1:27702 <-> ENABLED <-> EXPLOIT-KIT Gong Da exploit kit landing page (exploit-kit.rules)
 * 1:28347 <-> DISABLED <-> MALWARE-OTHER SimpleTDS - page redirecting to a SimpleTDS (malware-other.rules)
 * 1:28348 <-> DISABLED <-> MALWARE-OTHER SimpleTDS - request to go.php (malware-other.rules)
 * 1:28549 <-> DISABLED <-> FILE-OFFICE Microsoft Excel rtToolbarDef record integer overflow attempt (file-office.rules)
 * 1:28550 <-> DISABLED <-> FILE-OFFICE Microsoft Excel rtToolbarDef record integer overflow attempt (file-office.rules)
 * 1:29412 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Java download attempt (exploit-kit.rules)
 * 1:29417 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Solimba download attempt (malware-cnc.rules)
 * 1:30260 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mudrop variant outbound connection (malware-cnc.rules)
 * 1:30261 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mudrop variant outbound connection (malware-cnc.rules)
 * 1:30973 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit payload request (exploit-kit.rules)
 * 1:30992 <-> DISABLED <-> FILE-OTHER invalid ELF padding field value attempt (file-other.rules)
 * 1:30993 <-> DISABLED <-> FILE-OTHER invalid ELF padding field value attempt (file-other.rules)
 * 1:31015 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader integer overflow attempt (file-pdf.rules)
 * 1:31016 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader integer overflow attempt (file-pdf.rules)
 * 1:31046 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound URL structure (exploit-kit.rules)
 * 1:31091 <-> ENABLED <-> PUA-ADWARE Win.Adware.Inbox/PCFixSpeed/RebateInformer variant outbound connection (pua-adware.rules)
 * 3:15848 <-> ENABLED <-> EXPLOIT WINS replication request memory corruption attempt (exploit.rules)

2014-07-07 20:52:25 UTC

Sourcefire VRT Rules Update

Date: 2014-06-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2960.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:31120 <-> ENABLED <-> BLACKLIST DNS request for known malware domain uol.conhecaauol.com.br - Win.Trojan.Cahecon (blacklist.rules)
 * 1:31119 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Marmoolak variant outbound connection (malware-cnc.rules)
 * 1:31118 <-> ENABLED <-> BLACKLIST DNS request for known malware domain red-move.tk - Win.Trojan.Marmoolak (blacklist.rules)
 * 1:31117 <-> ENABLED <-> BLACKLIST DNS request for known malware domain download.ustechsupport.com (blacklist.rules)
 * 1:31116 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Garsuni variant outbound connection (malware-cnc.rules)
 * 1:31115 <-> ENABLED <-> BLACKLIST DNS request for known malware domain bagi.ly - Win.Trojan.Garsuni (blacklist.rules)
 * 1:31105 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:31106 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:31103 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:31104 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:31101 <-> DISABLED <-> SERVER-OTHER Sharetronix cross site request forgery attempt (server-other.rules)
 * 1:31102 <-> DISABLED <-> SERVER-OTHER TrendMicro InterScan Viruswall directory traversal attempt (server-other.rules)
 * 1:31099 <-> DISABLED <-> PROTOCOL-SNMP Ubee U10C019 series WPA key enumeration attempt (protocol-snmp.rules)
 * 1:31100 <-> DISABLED <-> PROTOCOL-SNMP Ubee U10C019 series password enumeration attempt (protocol-snmp.rules)
 * 1:31097 <-> DISABLED <-> PROTOCOL-SNMP Ubee DDW3611 series password enumeration attempt (protocol-snmp.rules)
 * 1:31098 <-> DISABLED <-> PROTOCOL-SNMP Ubee U10C019 series WEP key enumeration attempt (protocol-snmp.rules)
 * 1:31095 <-> DISABLED <-> PROTOCOL-SNMP Ubee DDW3611 series WEP key enumeration attempt (protocol-snmp.rules)
 * 1:31096 <-> DISABLED <-> PROTOCOL-SNMP Ubee DDW3611 series WPA key enumeration attempt (protocol-snmp.rules)
 * 1:31108 <-> ENABLED <-> BLACKLIST DNS request for known malware domain blackshades.info - Win.Trojan.Blackshades (blacklist.rules)
 * 1:31109 <-> ENABLED <-> BLACKLIST DNS request for known malware domain blackshades.info.ovh.net - Win.Trojan.Blackshades (blacklist.rules)
 * 1:31110 <-> ENABLED <-> BLACKLIST DNS request for known malware domain blackshades.no-ip.info - Win.Trojan.Blackshades (blacklist.rules)
 * 1:31113 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection attempt (malware-cnc.rules)
 * 1:31114 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rfusclient outbound connection attempt (malware-cnc.rules)
 * 1:31121 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cahecon outbound connection (malware-cnc.rules)
 * 1:31122 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent - User-Agent svchost (blacklist.rules)
 * 1:31123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gigade variant inbound connection attempt (malware-cnc.rules)
 * 1:31124 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pyrtomsop outbound communication (malware-cnc.rules)
 * 1:31125 <-> DISABLED <-> FILE-OFFICE Microsoft Excel rtToolbarDef record integer overflow attempt (file-office.rules)
 * 1:31126 <-> DISABLED <-> FILE-OFFICE Microsoft Excel rtToolbarDef record integer overflow attempt (file-office.rules)
 * 1:31127 <-> DISABLED <-> FILE-OFFICE Microsoft Excel rtToolbarDef record integer overflow attempt (file-office.rules)
 * 1:31128 <-> DISABLED <-> PROTOCOL-FTP CoreFTP FTP Server TYPE command denial of service attempt (protocol-ftp.rules)
 * 1:31130 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules)
 * 1:31129 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules)
 * 1:31131 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Petun variant outbound connection (malware-cnc.rules)
 * 1:31132 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Petun variant outbound connection (malware-cnc.rules)
 * 1:31133 <-> ENABLED <-> BLACKLIST DNS request for known malware domain fudcrypt.com - Win.Trojan.Deedevil (blacklist.rules)
 * 1:31135 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Deedevil variant outbound connection (malware-cnc.rules)
 * 1:31134 <-> ENABLED <-> BLACKLIST DNS request for known malware domain obamasu.webs.com - Win.Trojan.Deedevil (blacklist.rules)
 * 1:31136 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess inbound communication (malware-cnc.rules)
 * 1:31137 <-> ENABLED <-> BLACKLIST DNS request for known malware domain aisgolf.com - Win.Trojan.Sloft (blacklist.rules)
 * 1:31138 <-> ENABLED <-> BLACKLIST DNS request for known malware domain dudicalworld.com - Win.Trojan.Sloft (blacklist.rules)
 * 1:31140 <-> ENABLED <-> BLACKLIST DNS request for known malware domain nyescortsasianoutcall.com - Win.Trojan.Sloft (blacklist.rules)
 * 1:31139 <-> ENABLED <-> BLACKLIST DNS request for known malware domain fourchette-des-arenes.com - Win.Trojan.Sloft (blacklist.rules)
 * 1:31146 <-> DISABLED <-> PUA-ADWARE Win.Adware.iBryte variant outbound connection (pua-adware.rules)
 * 1:31111 <-> ENABLED <-> BLACKLIST DNS request for known malware domain blackshades.sytes.net - Win.Trojan.Blackshades (blacklist.rules)
 * 1:31112 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bancos password stealing attempt (malware-cnc.rules)
 * 1:31145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant outbound backdoor response (malware-cnc.rules)
 * 1:31144 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant inbound backdoor keep-alive (malware-cnc.rules)
 * 1:31143 <-> ENABLED <-> SERVER-WEBAPP CA ERwin Web Portal ConfigServiceProvider directory traversal attempt (server-webapp.rules)
 * 1:31107 <-> ENABLED <-> BLACKLIST DNS request for known malware domain blackshades.ru - Win.Trojan.Blackshades (blacklist.rules)
 * 1:31141 <-> ENABLED <-> BLACKLIST DNS request for known malware domain trinity-electric-inc.com - Win.Trojan.Sloft (blacklist.rules)
 * 1:31142 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sloft variant outbound connection (malware-cnc.rules)

Modified Rules:


 * 1:19049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gigade variant outbound connection attempt (malware-cnc.rules)
 * 1:20481 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules)
 * 1:20534 <-> DISABLED <-> FILE-OFFICE Microsoft Excel rtToolbarDef record integer overflow attempt (file-office.rules)
 * 1:22078 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules)
 * 1:23341 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Tinrot.A runtime detection (malware-backdoor.rules)
 * 1:24572 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules)
 * 1:24574 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules)
 * 1:27538 <-> DISABLED <-> MALWARE-OTHER self-signed SSL certificate with default MyCompany Ltd organization name (malware-other.rules)
 * 1:27702 <-> ENABLED <-> EXPLOIT-KIT Gong Da exploit kit landing page (exploit-kit.rules)
 * 1:28347 <-> DISABLED <-> MALWARE-OTHER SimpleTDS - page redirecting to a SimpleTDS (malware-other.rules)
 * 1:28348 <-> DISABLED <-> MALWARE-OTHER SimpleTDS - request to go.php (malware-other.rules)
 * 1:28549 <-> DISABLED <-> FILE-OFFICE Microsoft Excel rtToolbarDef record integer overflow attempt (file-office.rules)
 * 1:28550 <-> DISABLED <-> FILE-OFFICE Microsoft Excel rtToolbarDef record integer overflow attempt (file-office.rules)
 * 1:29412 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Java download attempt (exploit-kit.rules)
 * 1:29417 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Solimba download attempt (malware-cnc.rules)
 * 1:30260 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mudrop variant outbound connection (malware-cnc.rules)
 * 1:30261 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mudrop variant outbound connection (malware-cnc.rules)
 * 1:30973 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit payload request (exploit-kit.rules)
 * 1:30992 <-> DISABLED <-> FILE-OTHER invalid ELF padding field value attempt (file-other.rules)
 * 1:30993 <-> DISABLED <-> FILE-OTHER invalid ELF padding field value attempt (file-other.rules)
 * 1:31015 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader integer overflow attempt (file-pdf.rules)
 * 1:31016 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader integer overflow attempt (file-pdf.rules)
 * 1:31046 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound URL structure (exploit-kit.rules)
 * 1:31091 <-> ENABLED <-> PUA-ADWARE Win.Adware.Inbox/PCFixSpeed/RebateInformer variant outbound connection (pua-adware.rules)
 * 3:15848 <-> ENABLED <-> EXPLOIT WINS replication request memory corruption attempt (exploit.rules)

2014-07-07 20:52:25 UTC

Sourcefire VRT Rules Update

Date: 2014-06-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2961.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:31146 <-> DISABLED <-> PUA-ADWARE Win.Adware.iBryte variant outbound connection (pua-adware.rules)
 * 1:31145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant outbound backdoor response (malware-cnc.rules)
 * 1:31144 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant inbound backdoor keep-alive (malware-cnc.rules)
 * 1:31143 <-> ENABLED <-> SERVER-WEBAPP CA ERwin Web Portal ConfigServiceProvider directory traversal attempt (server-webapp.rules)
 * 1:31142 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sloft variant outbound connection (malware-cnc.rules)
 * 1:31141 <-> ENABLED <-> BLACKLIST DNS request for known malware domain trinity-electric-inc.com - Win.Trojan.Sloft (blacklist.rules)
 * 1:31140 <-> ENABLED <-> BLACKLIST DNS request for known malware domain nyescortsasianoutcall.com - Win.Trojan.Sloft (blacklist.rules)
 * 1:31139 <-> ENABLED <-> BLACKLIST DNS request for known malware domain fourchette-des-arenes.com - Win.Trojan.Sloft (blacklist.rules)
 * 1:31138 <-> ENABLED <-> BLACKLIST DNS request for known malware domain dudicalworld.com - Win.Trojan.Sloft (blacklist.rules)
 * 1:31137 <-> ENABLED <-> BLACKLIST DNS request for known malware domain aisgolf.com - Win.Trojan.Sloft (blacklist.rules)
 * 1:31136 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess inbound communication (malware-cnc.rules)
 * 1:31135 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Deedevil variant outbound connection (malware-cnc.rules)
 * 1:31134 <-> ENABLED <-> BLACKLIST DNS request for known malware domain obamasu.webs.com - Win.Trojan.Deedevil (blacklist.rules)
 * 1:31133 <-> ENABLED <-> BLACKLIST DNS request for known malware domain fudcrypt.com - Win.Trojan.Deedevil (blacklist.rules)
 * 1:31132 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Petun variant outbound connection (malware-cnc.rules)
 * 1:31131 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Petun variant outbound connection (malware-cnc.rules)
 * 1:31130 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules)
 * 1:31129 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules)
 * 1:31128 <-> DISABLED <-> PROTOCOL-FTP CoreFTP FTP Server TYPE command denial of service attempt (protocol-ftp.rules)
 * 1:31127 <-> DISABLED <-> FILE-OFFICE Microsoft Excel rtToolbarDef record integer overflow attempt (file-office.rules)
 * 1:31126 <-> DISABLED <-> FILE-OFFICE Microsoft Excel rtToolbarDef record integer overflow attempt (file-office.rules)
 * 1:31125 <-> DISABLED <-> FILE-OFFICE Microsoft Excel rtToolbarDef record integer overflow attempt (file-office.rules)
 * 1:31124 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pyrtomsop outbound communication (malware-cnc.rules)
 * 1:31123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gigade variant inbound connection attempt (malware-cnc.rules)
 * 1:31122 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent - User-Agent svchost (blacklist.rules)
 * 1:31121 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cahecon outbound connection (malware-cnc.rules)
 * 1:31120 <-> ENABLED <-> BLACKLIST DNS request for known malware domain uol.conhecaauol.com.br - Win.Trojan.Cahecon (blacklist.rules)
 * 1:31119 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Marmoolak variant outbound connection (malware-cnc.rules)
 * 1:31118 <-> ENABLED <-> BLACKLIST DNS request for known malware domain red-move.tk - Win.Trojan.Marmoolak (blacklist.rules)
 * 1:31117 <-> ENABLED <-> BLACKLIST DNS request for known malware domain download.ustechsupport.com (blacklist.rules)
 * 1:31116 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Garsuni variant outbound connection (malware-cnc.rules)
 * 1:31115 <-> ENABLED <-> BLACKLIST DNS request for known malware domain bagi.ly - Win.Trojan.Garsuni (blacklist.rules)
 * 1:31114 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rfusclient outbound connection attempt (malware-cnc.rules)
 * 1:31113 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection attempt (malware-cnc.rules)
 * 1:31112 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bancos password stealing attempt (malware-cnc.rules)
 * 1:31111 <-> ENABLED <-> BLACKLIST DNS request for known malware domain blackshades.sytes.net - Win.Trojan.Blackshades (blacklist.rules)
 * 1:31110 <-> ENABLED <-> BLACKLIST DNS request for known malware domain blackshades.no-ip.info - Win.Trojan.Blackshades (blacklist.rules)
 * 1:31109 <-> ENABLED <-> BLACKLIST DNS request for known malware domain blackshades.info.ovh.net - Win.Trojan.Blackshades (blacklist.rules)
 * 1:31108 <-> ENABLED <-> BLACKLIST DNS request for known malware domain blackshades.info - Win.Trojan.Blackshades (blacklist.rules)
 * 1:31107 <-> ENABLED <-> BLACKLIST DNS request for known malware domain blackshades.ru - Win.Trojan.Blackshades (blacklist.rules)
 * 1:31106 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:31105 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:31104 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:31103 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:31102 <-> DISABLED <-> SERVER-OTHER TrendMicro InterScan Viruswall directory traversal attempt (server-other.rules)
 * 1:31101 <-> DISABLED <-> SERVER-OTHER Sharetronix cross site request forgery attempt (server-other.rules)
 * 1:31100 <-> DISABLED <-> PROTOCOL-SNMP Ubee U10C019 series password enumeration attempt (protocol-snmp.rules)
 * 1:31099 <-> DISABLED <-> PROTOCOL-SNMP Ubee U10C019 series WPA key enumeration attempt (protocol-snmp.rules)
 * 1:31098 <-> DISABLED <-> PROTOCOL-SNMP Ubee U10C019 series WEP key enumeration attempt (protocol-snmp.rules)
 * 1:31097 <-> DISABLED <-> PROTOCOL-SNMP Ubee DDW3611 series password enumeration attempt (protocol-snmp.rules)
 * 1:31096 <-> DISABLED <-> PROTOCOL-SNMP Ubee DDW3611 series WPA key enumeration attempt (protocol-snmp.rules)
 * 1:31095 <-> DISABLED <-> PROTOCOL-SNMP Ubee DDW3611 series WEP key enumeration attempt (protocol-snmp.rules)

Modified Rules:


 * 1:19049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gigade variant outbound connection attempt (malware-cnc.rules)
 * 1:20481 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules)
 * 1:20534 <-> DISABLED <-> FILE-OFFICE Microsoft Excel rtToolbarDef record integer overflow attempt (file-office.rules)
 * 1:22078 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules)
 * 1:23341 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Tinrot.A runtime detection (malware-backdoor.rules)
 * 1:24572 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules)
 * 1:24574 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules)
 * 1:27538 <-> DISABLED <-> MALWARE-OTHER self-signed SSL certificate with default MyCompany Ltd organization name (malware-other.rules)
 * 1:27702 <-> ENABLED <-> EXPLOIT-KIT Gong Da exploit kit landing page (exploit-kit.rules)
 * 1:28347 <-> DISABLED <-> MALWARE-OTHER SimpleTDS - page redirecting to a SimpleTDS (malware-other.rules)
 * 1:28348 <-> DISABLED <-> MALWARE-OTHER SimpleTDS - request to go.php (malware-other.rules)
 * 1:28549 <-> DISABLED <-> FILE-OFFICE Microsoft Excel rtToolbarDef record integer overflow attempt (file-office.rules)
 * 1:28550 <-> DISABLED <-> FILE-OFFICE Microsoft Excel rtToolbarDef record integer overflow attempt (file-office.rules)
 * 1:29412 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Java download attempt (exploit-kit.rules)
 * 1:29417 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Solimba download attempt (malware-cnc.rules)
 * 1:30260 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mudrop variant outbound connection (malware-cnc.rules)
 * 1:30261 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mudrop variant outbound connection (malware-cnc.rules)
 * 1:30973 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit payload request (exploit-kit.rules)
 * 1:30992 <-> DISABLED <-> FILE-OTHER invalid ELF padding field value attempt (file-other.rules)
 * 1:30993 <-> DISABLED <-> FILE-OTHER invalid ELF padding field value attempt (file-other.rules)
 * 1:31015 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader integer overflow attempt (file-pdf.rules)
 * 1:31016 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader integer overflow attempt (file-pdf.rules)
 * 1:31046 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound URL structure (exploit-kit.rules)
 * 1:31091 <-> ENABLED <-> PUA-ADWARE Win.Adware.Inbox/PCFixSpeed/RebateInformer variant outbound connection (pua-adware.rules)
 * 3:15848 <-> ENABLED <-> EXPLOIT WINS replication request memory corruption attempt (exploit.rules)