VRT Rules 2015-01-20
This release adds and modifies rules in several categories.

The VRT has added and modified multiple rules in the blacklist, browser-ie, browser-plugins, file-flash, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2015-01-20 18:03:39 UTC

Sourcefire VRT Rules Update

Date: 2015-01-20

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2956.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:33156 <-> ENABLED <-> OS-WINDOWS CryptProtectMemory Impersonation Check Bypass attempt (os-windows.rules)
 * 1:33145 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication (malware-cnc.rules)
 * 1:33151 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ford-mustang.ro (blacklist.rules)
 * 1:33152 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nurjax.A outbound connection attempt (malware-cnc.rules)
 * 1:33153 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Heur variant outbound connection attempt (malware-cnc.rules)
 * 1:33147 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules)
 * 1:33148 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules)
 * 1:33146 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules)
 * 1:33149 <-> ENABLED <-> MALWARE-CNC Win.Worm.Ultramine outbound connection (malware-cnc.rules)
 * 1:33101 <-> DISABLED <-> BROWSER-PLUGINS PTC IsoView ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33100 <-> DISABLED <-> BROWSER-PLUGINS PTC IsoView ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33102 <-> DISABLED <-> BROWSER-PLUGINS PTC IsoView ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33103 <-> DISABLED <-> BROWSER-PLUGINS PTC IsoView ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33104 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products directory traversal attempt (server-webapp.rules)
 * 1:33106 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scanner.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33105 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scanner.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33107 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scanner.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33108 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scanner.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33109 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scale.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33110 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scale.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33111 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scale.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33112 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scale.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33113 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory IMONITOR cross site scripting attempt (server-webapp.rules)
 * 1:33114 <-> DISABLED <-> SERVER-WEBAPP HP System Management Homepage cross site scripting attempt (server-webapp.rules)
 * 1:33115 <-> ENABLED <-> BROWSER-IE Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules)
 * 1:33116 <-> ENABLED <-> BROWSER-IE Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules)
 * 1:33117 <-> ENABLED <-> BLACKLIST DNS request for known malware domain bf2back.sinip.es - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33118 <-> ENABLED <-> BLACKLIST DNS request for known malware domain bfisback.sinip.es - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33119 <-> ENABLED <-> BLACKLIST DNS request for known malware domain binaryfeed.in - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33120 <-> ENABLED <-> BLACKLIST DNS request for known malware domain booster.estr.es - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33121 <-> ENABLED <-> BLACKLIST DNS request for known malware domain butterfly.BigMoney.biz - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33122 <-> ENABLED <-> BLACKLIST DNS request for known malware domain defintelsucks.com - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33123 <-> ENABLED <-> BLACKLIST DNS request for known malware domain defintelsucks.net - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33124 <-> ENABLED <-> BLACKLIST DNS request for known malware domain defintelsucks.sinip.es - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33125 <-> ENABLED <-> BLACKLIST DNS request for known malware domain extraperlo.biz - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33126 <-> ENABLED <-> BLACKLIST DNS request for known malware domain gusanodeseda.mobi - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33127 <-> ENABLED <-> BLACKLIST DNS request for known malware domain gusanodeseda.net - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33128 <-> ENABLED <-> BLACKLIST DNS request for known malware domain gusanodeseda.sinip.es - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33129 <-> ENABLED <-> BLACKLIST DNS request for known malware domain lalundelau.sinip.es - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33130 <-> ENABLED <-> BLACKLIST DNS request for known malware domain legion.sinip.es - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33131 <-> ENABLED <-> BLACKLIST DNS request for known malware domain mierda.notengodominio.com - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33132 <-> ENABLED <-> BLACKLIST DNS request for known malware domain sexme.in - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33133 <-> ENABLED <-> BLACKLIST DNS request for known malware domain tamiflux.net - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33134 <-> ENABLED <-> BLACKLIST DNS request for known malware domain tamiflux.org - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33135 <-> ENABLED <-> BLACKLIST DNS request for known malware domain thejacksonfive.biz - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33136 <-> ENABLED <-> BLACKLIST DNS request for known malware domain thejacksonfive.mobi - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33137 <-> ENABLED <-> BLACKLIST DNS request for known malware domain thejacksonfive.us - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33138 <-> ENABLED <-> BLACKLIST DNS request for known malware domain thesexydude.com - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33155 <-> ENABLED <-> OS-WINDOWS CryptProtectMemory Impersonation Check Bypass attempt (os-windows.rules)
 * 1:33154 <-> ENABLED <-> BLACKLIST DNS request for known malware domain news-bbc.podzone.org - Linux.Trojan.Turla (blacklist.rules)
 * 1:33139 <-> ENABLED <-> BLACKLIST DNS request for known malware domain youare.sexidude.com - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33140 <-> ENABLED <-> BLACKLIST DNS request for known malware domain hnox.org - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33141 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ronpc.net - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33150 <-> ENABLED <-> BLACKLIST DNS request for known malware domain okurimono.ina-ka.com (blacklist.rules)
 * 1:33142 <-> ENABLED <-> BLACKLIST DNS request for known malware domain socksa.com - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33143 <-> ENABLED <-> BLACKLIST DNS request for known malware domain thepicturehut.net - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33144 <-> ENABLED <-> BLACKLIST DNS request for known malware domain yougotissuez.com - Win.Trojan.Mariposa (blacklist.rules)

Modified Rules:


 * 1:32990 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Toopu outbound connection attempt (malware-cnc.rules)
 * 1:30990 <-> ENABLED <-> MALWARE-CNC Shiqiang Gang malicious XLS targeted attack detection (malware-cnc.rules)
 * 1:32817 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules)
 * 1:30991 <-> ENABLED <-> MALWARE-CNC Shiqiang Gang malicious XLS targeted attack detection (malware-cnc.rules)
 * 1:32818 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules)
 * 1:1546 <-> DISABLED <-> SERVER-WEBAPP Cisco HTTP double-percent DOS attempt (server-webapp.rules)

2015-01-20 18:03:39 UTC

Sourcefire VRT Rules Update

Date: 2015-01-20

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:33101 <-> DISABLED <-> BROWSER-PLUGINS PTC IsoView ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33100 <-> DISABLED <-> BROWSER-PLUGINS PTC IsoView ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33102 <-> DISABLED <-> BROWSER-PLUGINS PTC IsoView ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33103 <-> DISABLED <-> BROWSER-PLUGINS PTC IsoView ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33104 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products directory traversal attempt (server-webapp.rules)
 * 1:33105 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scanner.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33106 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scanner.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33107 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scanner.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33108 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scanner.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33109 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scale.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33110 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scale.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33111 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scale.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33112 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scale.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33113 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory IMONITOR cross site scripting attempt (server-webapp.rules)
 * 1:33114 <-> DISABLED <-> SERVER-WEBAPP HP System Management Homepage cross site scripting attempt (server-webapp.rules)
 * 1:33115 <-> ENABLED <-> BROWSER-IE Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules)
 * 1:33116 <-> ENABLED <-> BROWSER-IE Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules)
 * 1:33117 <-> ENABLED <-> BLACKLIST DNS request for known malware domain bf2back.sinip.es - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33118 <-> ENABLED <-> BLACKLIST DNS request for known malware domain bfisback.sinip.es - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33119 <-> ENABLED <-> BLACKLIST DNS request for known malware domain binaryfeed.in - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33120 <-> ENABLED <-> BLACKLIST DNS request for known malware domain booster.estr.es - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33121 <-> ENABLED <-> BLACKLIST DNS request for known malware domain butterfly.BigMoney.biz - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33122 <-> ENABLED <-> BLACKLIST DNS request for known malware domain defintelsucks.com - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33123 <-> ENABLED <-> BLACKLIST DNS request for known malware domain defintelsucks.net - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33124 <-> ENABLED <-> BLACKLIST DNS request for known malware domain defintelsucks.sinip.es - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33125 <-> ENABLED <-> BLACKLIST DNS request for known malware domain extraperlo.biz - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33126 <-> ENABLED <-> BLACKLIST DNS request for known malware domain gusanodeseda.mobi - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33127 <-> ENABLED <-> BLACKLIST DNS request for known malware domain gusanodeseda.net - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33128 <-> ENABLED <-> BLACKLIST DNS request for known malware domain gusanodeseda.sinip.es - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33129 <-> ENABLED <-> BLACKLIST DNS request for known malware domain lalundelau.sinip.es - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33130 <-> ENABLED <-> BLACKLIST DNS request for known malware domain legion.sinip.es - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33131 <-> ENABLED <-> BLACKLIST DNS request for known malware domain mierda.notengodominio.com - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33132 <-> ENABLED <-> BLACKLIST DNS request for known malware domain sexme.in - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33133 <-> ENABLED <-> BLACKLIST DNS request for known malware domain tamiflux.net - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33134 <-> ENABLED <-> BLACKLIST DNS request for known malware domain tamiflux.org - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33135 <-> ENABLED <-> BLACKLIST DNS request for known malware domain thejacksonfive.biz - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33136 <-> ENABLED <-> BLACKLIST DNS request for known malware domain thejacksonfive.mobi - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33137 <-> ENABLED <-> BLACKLIST DNS request for known malware domain thejacksonfive.us - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33138 <-> ENABLED <-> BLACKLIST DNS request for known malware domain thesexydude.com - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33139 <-> ENABLED <-> BLACKLIST DNS request for known malware domain youare.sexidude.com - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33140 <-> ENABLED <-> BLACKLIST DNS request for known malware domain hnox.org - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33141 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ronpc.net - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33142 <-> ENABLED <-> BLACKLIST DNS request for known malware domain socksa.com - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33156 <-> ENABLED <-> OS-WINDOWS CryptProtectMemory Impersonation Check Bypass attempt (os-windows.rules)
 * 1:33155 <-> ENABLED <-> OS-WINDOWS CryptProtectMemory Impersonation Check Bypass attempt (os-windows.rules)
 * 1:33154 <-> ENABLED <-> BLACKLIST DNS request for known malware domain news-bbc.podzone.org - Linux.Trojan.Turla (blacklist.rules)
 * 1:33153 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Heur variant outbound connection attempt (malware-cnc.rules)
 * 1:33152 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nurjax.A outbound connection attempt (malware-cnc.rules)
 * 1:33151 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ford-mustang.ro (blacklist.rules)
 * 1:33150 <-> ENABLED <-> BLACKLIST DNS request for known malware domain okurimono.ina-ka.com (blacklist.rules)
 * 1:33149 <-> ENABLED <-> MALWARE-CNC Win.Worm.Ultramine outbound connection (malware-cnc.rules)
 * 1:33148 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules)
 * 1:33147 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules)
 * 1:33145 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication (malware-cnc.rules)
 * 1:33146 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules)
 * 1:33144 <-> ENABLED <-> BLACKLIST DNS request for known malware domain yougotissuez.com - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33143 <-> ENABLED <-> BLACKLIST DNS request for known malware domain thepicturehut.net - Win.Trojan.Mariposa (blacklist.rules)

Modified Rules:


 * 1:32990 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Toopu outbound connection attempt (malware-cnc.rules)
 * 1:30990 <-> ENABLED <-> MALWARE-CNC Shiqiang Gang malicious XLS targeted attack detection (malware-cnc.rules)
 * 1:1546 <-> DISABLED <-> SERVER-WEBAPP Cisco HTTP double-percent DOS attempt (server-webapp.rules)
 * 1:30991 <-> ENABLED <-> MALWARE-CNC Shiqiang Gang malicious XLS targeted attack detection (malware-cnc.rules)
 * 1:32817 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules)
 * 1:32818 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules)

2015-01-20 18:03:39 UTC

Sourcefire VRT Rules Update

Date: 2015-01-20

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2970.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:33156 <-> ENABLED <-> OS-WINDOWS CryptProtectMemory Impersonation Check Bypass attempt (os-windows.rules)
 * 1:33155 <-> ENABLED <-> OS-WINDOWS CryptProtectMemory Impersonation Check Bypass attempt (os-windows.rules)
 * 1:33154 <-> ENABLED <-> BLACKLIST DNS request for known malware domain news-bbc.podzone.org - Linux.Trojan.Turla (blacklist.rules)
 * 1:33153 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Heur variant outbound connection attempt (malware-cnc.rules)
 * 1:33152 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nurjax.A outbound connection attempt (malware-cnc.rules)
 * 1:33151 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ford-mustang.ro (blacklist.rules)
 * 1:33150 <-> ENABLED <-> BLACKLIST DNS request for known malware domain okurimono.ina-ka.com (blacklist.rules)
 * 1:33149 <-> ENABLED <-> MALWARE-CNC Win.Worm.Ultramine outbound connection (malware-cnc.rules)
 * 1:33148 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules)
 * 1:33147 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules)
 * 1:33146 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules)
 * 1:33145 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication (malware-cnc.rules)
 * 1:33144 <-> ENABLED <-> BLACKLIST DNS request for known malware domain yougotissuez.com - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33143 <-> ENABLED <-> BLACKLIST DNS request for known malware domain thepicturehut.net - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33142 <-> ENABLED <-> BLACKLIST DNS request for known malware domain socksa.com - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33141 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ronpc.net - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33140 <-> ENABLED <-> BLACKLIST DNS request for known malware domain hnox.org - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33139 <-> ENABLED <-> BLACKLIST DNS request for known malware domain youare.sexidude.com - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33138 <-> ENABLED <-> BLACKLIST DNS request for known malware domain thesexydude.com - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33137 <-> ENABLED <-> BLACKLIST DNS request for known malware domain thejacksonfive.us - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33136 <-> ENABLED <-> BLACKLIST DNS request for known malware domain thejacksonfive.mobi - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33135 <-> ENABLED <-> BLACKLIST DNS request for known malware domain thejacksonfive.biz - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33134 <-> ENABLED <-> BLACKLIST DNS request for known malware domain tamiflux.org - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33133 <-> ENABLED <-> BLACKLIST DNS request for known malware domain tamiflux.net - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33132 <-> ENABLED <-> BLACKLIST DNS request for known malware domain sexme.in - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33131 <-> ENABLED <-> BLACKLIST DNS request for known malware domain mierda.notengodominio.com - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33130 <-> ENABLED <-> BLACKLIST DNS request for known malware domain legion.sinip.es - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33129 <-> ENABLED <-> BLACKLIST DNS request for known malware domain lalundelau.sinip.es - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33128 <-> ENABLED <-> BLACKLIST DNS request for known malware domain gusanodeseda.sinip.es - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33127 <-> ENABLED <-> BLACKLIST DNS request for known malware domain gusanodeseda.net - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33126 <-> ENABLED <-> BLACKLIST DNS request for known malware domain gusanodeseda.mobi - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33125 <-> ENABLED <-> BLACKLIST DNS request for known malware domain extraperlo.biz - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33124 <-> ENABLED <-> BLACKLIST DNS request for known malware domain defintelsucks.sinip.es - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33123 <-> ENABLED <-> BLACKLIST DNS request for known malware domain defintelsucks.net - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33122 <-> ENABLED <-> BLACKLIST DNS request for known malware domain defintelsucks.com - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33121 <-> ENABLED <-> BLACKLIST DNS request for known malware domain butterfly.BigMoney.biz - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33120 <-> ENABLED <-> BLACKLIST DNS request for known malware domain booster.estr.es - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33119 <-> ENABLED <-> BLACKLIST DNS request for known malware domain binaryfeed.in - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33118 <-> ENABLED <-> BLACKLIST DNS request for known malware domain bfisback.sinip.es - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33117 <-> ENABLED <-> BLACKLIST DNS request for known malware domain bf2back.sinip.es - Win.Trojan.Mariposa (blacklist.rules)
 * 1:33116 <-> ENABLED <-> BROWSER-IE Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules)
 * 1:33115 <-> ENABLED <-> BROWSER-IE Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules)
 * 1:33114 <-> DISABLED <-> SERVER-WEBAPP HP System Management Homepage cross site scripting attempt (server-webapp.rules)
 * 1:33113 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory IMONITOR cross site scripting attempt (server-webapp.rules)
 * 1:33112 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scale.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33111 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scale.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33110 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scale.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33109 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scale.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33108 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scanner.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33107 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scanner.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33106 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scanner.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33105 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scanner.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33104 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products directory traversal attempt (server-webapp.rules)
 * 1:33103 <-> DISABLED <-> BROWSER-PLUGINS PTC IsoView ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33102 <-> DISABLED <-> BROWSER-PLUGINS PTC IsoView ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33101 <-> DISABLED <-> BROWSER-PLUGINS PTC IsoView ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33100 <-> DISABLED <-> BROWSER-PLUGINS PTC IsoView ActiveX clsid access attempt (browser-plugins.rules)

Modified Rules:


 * 1:1546 <-> DISABLED <-> SERVER-WEBAPP Cisco HTTP double-percent DOS attempt (server-webapp.rules)
 * 1:30990 <-> ENABLED <-> MALWARE-CNC Shiqiang Gang malicious XLS targeted attack detection (malware-cnc.rules)
 * 1:30991 <-> ENABLED <-> MALWARE-CNC Shiqiang Gang malicious XLS targeted attack detection (malware-cnc.rules)
 * 1:32817 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules)
 * 1:32818 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules)
 * 1:32990 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Toopu outbound connection attempt (malware-cnc.rules)