VRT Rules 2014-06-19
This release adds and modifies rules in several categories.

The Sourcefire VRT has added and modified multiple rules in the app-detect, blacklist, browser-ie, exploit-kit, file-flash, file-pdf, malware-cnc, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2014-07-07 18:53:20 UTC

Sourcefire VRT Rules Update

Date: 2014-06-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2956.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:31304 <-> DISABLED <-> SERVER-WEBAPP PocketPAD brute-force login attempt (server-webapp.rules)
 * 1:31281 <-> ENABLED <-> FILE-FLASH Adobe Flash Player redirect attempt (file-flash.rules)
 * 1:31280 <-> ENABLED <-> EXPLOIT-KIT CottonCastle exploit kit encrypted binary download attempt (exploit-kit.rules)
 * 1:31278 <-> ENABLED <-> EXPLOIT-KIT CottonCastle exploit kit Oracle java outbound connection (exploit-kit.rules)
 * 1:31273 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vectecoin coin mining program download attempt (malware-cnc.rules)
 * 1:31269 <-> ENABLED <-> BLACKLIST DNS request for known malware domain honkytonk69.tk.hostinghood.com - Win.Trojan.Vectecoin (blacklist.rules)
 * 1:31266 <-> ENABLED <-> BLACKLIST DNS request for known malware domain gdm.cc - Win.Trojan.Caphaw (blacklist.rules)
 * 1:31263 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ac-shippingllc.com - Win.Trojan.Caphaw (blacklist.rules)
 * 1:31307 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Toumlec variant outbound connection (malware-cnc.rules)
 * 1:31299 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Necurs variant outbound detection (malware-cnc.rules)
 * 1:31265 <-> ENABLED <-> BLACKLIST DNS request for known malware domain elg.cc - Win.Trojan.Caphaw (blacklist.rules)
 * 1:31267 <-> ENABLED <-> BLACKLIST DNS request for known malware domain irm.cc - Win.Trojan.Caphaw (blacklist.rules)
 * 1:31268 <-> ENABLED <-> BLACKLIST DNS request for known malware domain uab.cc - Win.Trojan.Caphaw (blacklist.rules)
 * 1:31270 <-> ENABLED <-> BLACKLIST DNS request for known malware domain vectortango.biz - Win.Trojan.Vectecoin (blacklist.rules)
 * 1:31271 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vectecoin information disclosure attempt (malware-cnc.rules)
 * 1:31264 <-> ENABLED <-> BLACKLIST DNS request for known malware domain dza.cc - Win.Trojan.Caphaw (blacklist.rules)
 * 1:31272 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vectecoin outbound command request attempt (malware-cnc.rules)
 * 1:31300 <-> ENABLED <-> SERVER-OTHER Xerox DocuShare SQL injection attempt (server-other.rules)
 * 1:31301 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer XSLT memory corruption attempt (browser-ie.rules)
 * 1:31303 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hadeki variant outbound connection attempt (malware-cnc.rules)
 * 1:31302 <-> DISABLED <-> APP-DETECT Oracle Java debug wire protocol remote debugging attempt (app-detect.rules)
 * 1:31305 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center fileRequestor directory traversal attempt (server-webapp.rules)
 * 1:31274 <-> ENABLED <-> EXPLOIT-KIT CottonCastle exploit kit encrypted binary download (exploit-kit.rules)
 * 1:31275 <-> ENABLED <-> EXPLOIT-KIT CottonCastle exploit kit landing page (exploit-kit.rules)
 * 1:31276 <-> ENABLED <-> EXPLOIT-KIT CottonCastle exploit kit Adobe flash outbound connection (exploit-kit.rules)
 * 1:31277 <-> ENABLED <-> EXPLOIT-KIT CottonCastle exploit kit Oracle Java outbound connection (exploit-kit.rules)
 * 1:31279 <-> ENABLED <-> EXPLOIT-KIT CottonCastle exploit kit decryption page outbound request (exploit-kit.rules)
 * 1:31282 <-> ENABLED <-> FILE-FLASH Adobe Flash Player redirect attempt (file-flash.rules)
 * 1:31283 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:31284 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:31285 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:31286 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:31287 <-> ENABLED <-> BLACKLIST DNS request for known malware domain dc186.gulfup.com - Win.Downloader.Bladabindi (blacklist.rules)
 * 1:31288 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Bladabindi variant outbound download request (malware-cnc.rules)
 * 1:31289 <-> ENABLED <-> SERVER-WEBAPP /etc/passwd file access attempt (server-webapp.rules)
 * 1:31290 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vextstl outbound communication (malware-cnc.rules)
 * 1:31291 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader DynamicAnnotStore exploit attempt (file-pdf.rules)
 * 1:31292 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader DynamicAnnotStore exploit attempt (file-pdf.rules)
 * 1:31293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbount connection attempt (malware-cnc.rules)
 * 1:31294 <-> ENABLED <-> BLACKLIST DNS request for known malware domain www.give-us-btc.biz - Win.Trojan.Zusy (blacklist.rules)
 * 1:31295 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection attempt (malware-cnc.rules)
 * 1:31306 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Toumlec variant outbound connection (malware-cnc.rules)
 * 1:31296 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer negative margin use after free attempt (browser-ie.rules)
 * 1:31298 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit landing page (exploit-kit.rules)
 * 1:31297 <-> DISABLED <-> SERVER-WEBAPP VMWare vSphere API SOAP request RetrieveProperties remote denial of service attempt (server-webapp.rules)

Modified Rules:


 * 1:19671 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer XSLT memory corruption attempt (browser-ie.rules)
 * 1:23494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Onitab.A outbound connection (malware-cnc.rules)
 * 1:23836 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer negative margin use after free attempt (browser-ie.rules)
 * 1:24211 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Xamtrav update protocol connection (malware-cnc.rules)
 * 1:27595 <-> ENABLED <-> MALWARE-OTHER Fake Adobe Flash Player malware binary requested (malware-other.rules)
 * 1:28612 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Silverlight exploit download (exploit-kit.rules)
 * 1:31046 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound URL structure (exploit-kit.rules)
 * 1:31262 <-> ENABLED <-> MALWARE-CNC Win.Worm.VBNA variant check-in attempt (malware-cnc.rules)

2014-07-07 18:53:20 UTC

Sourcefire VRT Rules Update

Date: 2014-06-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2960.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:31280 <-> ENABLED <-> EXPLOIT-KIT CottonCastle exploit kit encrypted binary download attempt (exploit-kit.rules)
 * 1:31281 <-> ENABLED <-> FILE-FLASH Adobe Flash Player redirect attempt (file-flash.rules)
 * 1:31278 <-> ENABLED <-> EXPLOIT-KIT CottonCastle exploit kit Oracle java outbound connection (exploit-kit.rules)
 * 1:31273 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vectecoin coin mining program download attempt (malware-cnc.rules)
 * 1:31269 <-> ENABLED <-> BLACKLIST DNS request for known malware domain honkytonk69.tk.hostinghood.com - Win.Trojan.Vectecoin (blacklist.rules)
 * 1:31266 <-> ENABLED <-> BLACKLIST DNS request for known malware domain gdm.cc - Win.Trojan.Caphaw (blacklist.rules)
 * 1:31263 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ac-shippingllc.com - Win.Trojan.Caphaw (blacklist.rules)
 * 1:31264 <-> ENABLED <-> BLACKLIST DNS request for known malware domain dza.cc - Win.Trojan.Caphaw (blacklist.rules)
 * 1:31267 <-> ENABLED <-> BLACKLIST DNS request for known malware domain irm.cc - Win.Trojan.Caphaw (blacklist.rules)
 * 1:31268 <-> ENABLED <-> BLACKLIST DNS request for known malware domain uab.cc - Win.Trojan.Caphaw (blacklist.rules)
 * 1:31270 <-> ENABLED <-> BLACKLIST DNS request for known malware domain vectortango.biz - Win.Trojan.Vectecoin (blacklist.rules)
 * 1:31271 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vectecoin information disclosure attempt (malware-cnc.rules)
 * 1:31272 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vectecoin outbound command request attempt (malware-cnc.rules)
 * 1:31274 <-> ENABLED <-> EXPLOIT-KIT CottonCastle exploit kit encrypted binary download (exploit-kit.rules)
 * 1:31275 <-> ENABLED <-> EXPLOIT-KIT CottonCastle exploit kit landing page (exploit-kit.rules)
 * 1:31276 <-> ENABLED <-> EXPLOIT-KIT CottonCastle exploit kit Adobe flash outbound connection (exploit-kit.rules)
 * 1:31277 <-> ENABLED <-> EXPLOIT-KIT CottonCastle exploit kit Oracle Java outbound connection (exploit-kit.rules)
 * 1:31279 <-> ENABLED <-> EXPLOIT-KIT CottonCastle exploit kit decryption page outbound request (exploit-kit.rules)
 * 1:31282 <-> ENABLED <-> FILE-FLASH Adobe Flash Player redirect attempt (file-flash.rules)
 * 1:31283 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:31284 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:31285 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:31286 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:31287 <-> ENABLED <-> BLACKLIST DNS request for known malware domain dc186.gulfup.com - Win.Downloader.Bladabindi (blacklist.rules)
 * 1:31288 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Bladabindi variant outbound download request (malware-cnc.rules)
 * 1:31289 <-> ENABLED <-> SERVER-WEBAPP /etc/passwd file access attempt (server-webapp.rules)
 * 1:31290 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vextstl outbound communication (malware-cnc.rules)
 * 1:31291 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader DynamicAnnotStore exploit attempt (file-pdf.rules)
 * 1:31292 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader DynamicAnnotStore exploit attempt (file-pdf.rules)
 * 1:31293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbount connection attempt (malware-cnc.rules)
 * 1:31294 <-> ENABLED <-> BLACKLIST DNS request for known malware domain www.give-us-btc.biz - Win.Trojan.Zusy (blacklist.rules)
 * 1:31295 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection attempt (malware-cnc.rules)
 * 1:31296 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer negative margin use after free attempt (browser-ie.rules)
 * 1:31307 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Toumlec variant outbound connection (malware-cnc.rules)
 * 1:31306 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Toumlec variant outbound connection (malware-cnc.rules)
 * 1:31305 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center fileRequestor directory traversal attempt (server-webapp.rules)
 * 1:31304 <-> DISABLED <-> SERVER-WEBAPP PocketPAD brute-force login attempt (server-webapp.rules)
 * 1:31303 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hadeki variant outbound connection attempt (malware-cnc.rules)
 * 1:31265 <-> ENABLED <-> BLACKLIST DNS request for known malware domain elg.cc - Win.Trojan.Caphaw (blacklist.rules)
 * 1:31302 <-> DISABLED <-> APP-DETECT Oracle Java debug wire protocol remote debugging attempt (app-detect.rules)
 * 1:31299 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Necurs variant outbound detection (malware-cnc.rules)
 * 1:31300 <-> ENABLED <-> SERVER-OTHER Xerox DocuShare SQL injection attempt (server-other.rules)
 * 1:31301 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer XSLT memory corruption attempt (browser-ie.rules)
 * 1:31298 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit landing page (exploit-kit.rules)
 * 1:31297 <-> DISABLED <-> SERVER-WEBAPP VMWare vSphere API SOAP request RetrieveProperties remote denial of service attempt (server-webapp.rules)

Modified Rules:


 * 1:19671 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer XSLT memory corruption attempt (browser-ie.rules)
 * 1:23494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Onitab.A outbound connection (malware-cnc.rules)
 * 1:23836 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer negative margin use after free attempt (browser-ie.rules)
 * 1:24211 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Xamtrav update protocol connection (malware-cnc.rules)
 * 1:27595 <-> ENABLED <-> MALWARE-OTHER Fake Adobe Flash Player malware binary requested (malware-other.rules)
 * 1:28612 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Silverlight exploit download (exploit-kit.rules)
 * 1:31046 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound URL structure (exploit-kit.rules)
 * 1:31262 <-> ENABLED <-> MALWARE-CNC Win.Worm.VBNA variant check-in attempt (malware-cnc.rules)

2014-07-07 18:53:20 UTC

Sourcefire VRT Rules Update

Date: 2014-06-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2961.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:31307 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Toumlec variant outbound connection (malware-cnc.rules)
 * 1:31306 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Toumlec variant outbound connection (malware-cnc.rules)
 * 1:31305 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center fileRequestor directory traversal attempt (server-webapp.rules)
 * 1:31304 <-> DISABLED <-> SERVER-WEBAPP PocketPAD brute-force login attempt (server-webapp.rules)
 * 1:31303 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hadeki variant outbound connection attempt (malware-cnc.rules)
 * 1:31302 <-> DISABLED <-> APP-DETECT Oracle Java debug wire protocol remote debugging attempt (app-detect.rules)
 * 1:31301 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer XSLT memory corruption attempt (browser-ie.rules)
 * 1:31300 <-> ENABLED <-> SERVER-OTHER Xerox DocuShare SQL injection attempt (server-other.rules)
 * 1:31299 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Necurs variant outbound detection (malware-cnc.rules)
 * 1:31298 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit landing page (exploit-kit.rules)
 * 1:31297 <-> DISABLED <-> SERVER-WEBAPP VMWare vSphere API SOAP request RetrieveProperties remote denial of service attempt (server-webapp.rules)
 * 1:31296 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer negative margin use after free attempt (browser-ie.rules)
 * 1:31295 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection attempt (malware-cnc.rules)
 * 1:31294 <-> ENABLED <-> BLACKLIST DNS request for known malware domain www.give-us-btc.biz - Win.Trojan.Zusy (blacklist.rules)
 * 1:31293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbount connection attempt (malware-cnc.rules)
 * 1:31292 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader DynamicAnnotStore exploit attempt (file-pdf.rules)
 * 1:31291 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader DynamicAnnotStore exploit attempt (file-pdf.rules)
 * 1:31290 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vextstl outbound communication (malware-cnc.rules)
 * 1:31289 <-> ENABLED <-> SERVER-WEBAPP /etc/passwd file access attempt (server-webapp.rules)
 * 1:31288 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Bladabindi variant outbound download request (malware-cnc.rules)
 * 1:31287 <-> ENABLED <-> BLACKLIST DNS request for known malware domain dc186.gulfup.com - Win.Downloader.Bladabindi (blacklist.rules)
 * 1:31286 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:31285 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:31284 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:31283 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:31282 <-> ENABLED <-> FILE-FLASH Adobe Flash Player redirect attempt (file-flash.rules)
 * 1:31281 <-> ENABLED <-> FILE-FLASH Adobe Flash Player redirect attempt (file-flash.rules)
 * 1:31280 <-> ENABLED <-> EXPLOIT-KIT CottonCastle exploit kit encrypted binary download attempt (exploit-kit.rules)
 * 1:31279 <-> ENABLED <-> EXPLOIT-KIT CottonCastle exploit kit decryption page outbound request (exploit-kit.rules)
 * 1:31278 <-> ENABLED <-> EXPLOIT-KIT CottonCastle exploit kit Oracle java outbound connection (exploit-kit.rules)
 * 1:31277 <-> ENABLED <-> EXPLOIT-KIT CottonCastle exploit kit Oracle Java outbound connection (exploit-kit.rules)
 * 1:31276 <-> ENABLED <-> EXPLOIT-KIT CottonCastle exploit kit Adobe flash outbound connection (exploit-kit.rules)
 * 1:31275 <-> ENABLED <-> EXPLOIT-KIT CottonCastle exploit kit landing page (exploit-kit.rules)
 * 1:31274 <-> ENABLED <-> EXPLOIT-KIT CottonCastle exploit kit encrypted binary download (exploit-kit.rules)
 * 1:31273 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vectecoin coin mining program download attempt (malware-cnc.rules)
 * 1:31272 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vectecoin outbound command request attempt (malware-cnc.rules)
 * 1:31271 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vectecoin information disclosure attempt (malware-cnc.rules)
 * 1:31270 <-> ENABLED <-> BLACKLIST DNS request for known malware domain vectortango.biz - Win.Trojan.Vectecoin (blacklist.rules)
 * 1:31269 <-> ENABLED <-> BLACKLIST DNS request for known malware domain honkytonk69.tk.hostinghood.com - Win.Trojan.Vectecoin (blacklist.rules)
 * 1:31268 <-> ENABLED <-> BLACKLIST DNS request for known malware domain uab.cc - Win.Trojan.Caphaw (blacklist.rules)
 * 1:31267 <-> ENABLED <-> BLACKLIST DNS request for known malware domain irm.cc - Win.Trojan.Caphaw (blacklist.rules)
 * 1:31266 <-> ENABLED <-> BLACKLIST DNS request for known malware domain gdm.cc - Win.Trojan.Caphaw (blacklist.rules)
 * 1:31265 <-> ENABLED <-> BLACKLIST DNS request for known malware domain elg.cc - Win.Trojan.Caphaw (blacklist.rules)
 * 1:31264 <-> ENABLED <-> BLACKLIST DNS request for known malware domain dza.cc - Win.Trojan.Caphaw (blacklist.rules)
 * 1:31263 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ac-shippingllc.com - Win.Trojan.Caphaw (blacklist.rules)

Modified Rules:


 * 1:19671 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer XSLT memory corruption attempt (browser-ie.rules)
 * 1:23494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Onitab.A outbound connection (malware-cnc.rules)
 * 1:23836 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer negative margin use after free attempt (browser-ie.rules)
 * 1:24211 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Xamtrav update protocol connection (malware-cnc.rules)
 * 1:27595 <-> ENABLED <-> MALWARE-OTHER Fake Adobe Flash Player malware binary requested (malware-other.rules)
 * 1:28612 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Silverlight exploit download (exploit-kit.rules)
 * 1:31046 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound URL structure (exploit-kit.rules)
 * 1:31262 <-> ENABLED <-> MALWARE-CNC Win.Worm.VBNA variant check-in attempt (malware-cnc.rules)