VRT Rules 2015-03-17
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the blacklist, malware-cnc, protocol-voip, pua-adware, server-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2015-03-17 16:06:43 UTC

Sourcefire VRT Rules Update

Date: 2015-03-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:33859 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules)
 * 1:33855 <-> DISABLED <-> SERVER-WEBAPP Wordpress Ultimate CSV Importer auth bypass export attempt (server-webapp.rules)
 * 1:33843 <-> ENABLED <-> BLACKLIST DNS request for known malware domain mifastubiv.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33847 <-> ENABLED <-> BLACKLIST DNS request for known malware domain kilaxuntf.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33839 <-> ENABLED <-> BLACKLIST DNS request for known malware domain linturefa.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33838 <-> ENABLED <-> BLACKLIST DNS request for known malware domain tabidzuwek.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33834 <-> DISABLED <-> PUA-ADWARE User-Agent adware OutBrowse/Amonitize (pua-adware.rules)
 * 1:33837 <-> ENABLED <-> BLACKLIST DNS request for known malware domain xablopefgr.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33833 <-> DISABLED <-> PUA-ADWARE User-Agent adware OutBrowse/Amonitize (pua-adware.rules)
 * 1:33831 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent DownloadMR - Solimba (blacklist.rules)
 * 1:33832 <-> DISABLED <-> SERVER-WEBAPP Seagate BlackArmor NAS getAlias.php command injection attempt (server-webapp.rules)
 * 1:33836 <-> ENABLED <-> BLACKLIST DNS request for known malware domain linturefa.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33844 <-> ENABLED <-> BLACKLIST DNS request for known malware domain lacdileftre.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33867 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules)
 * 1:33845 <-> ENABLED <-> BLACKLIST DNS request for known malware domain quartlet.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33835 <-> DISABLED <-> PUA-ADWARE User-Agent adware OutBrowse/Amonitize (pua-adware.rules)
 * 1:33868 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules)
 * 1:33840 <-> ENABLED <-> BLACKLIST DNS request for known malware domain xablopefgr.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33864 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules)
 * 1:33863 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules)
 * 1:33865 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules)
 * 1:33860 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules)
 * 1:33866 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules)
 * 1:33849 <-> ENABLED <-> BLACKLIST DNS request for known malware domain fimzusoln.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33842 <-> ENABLED <-> BLACKLIST DNS request for known malware domain weksrubaz.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33850 <-> ENABLED <-> BLACKLIST DNS request for known malware domain wetguqan.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33852 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules)
 * 1:33854 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LogPOS variant outbound connection (malware-cnc.rules)
 * 1:33853 <-> DISABLED <-> SERVER-WEBAPP D-Link multiple products ping.cpp command injection attempt (server-webapp.rules)
 * 1:33851 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules)
 * 1:33857 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PwnPOS data exfiltration attempt (malware-cnc.rules)
 * 1:33856 <-> DISABLED <-> SERVER-WEBAPP Wordpress Holding Pattern theme file upload attempt (server-webapp.rules)
 * 1:33858 <-> DISABLED <-> SERVER-OTHER rsyslog remote PRI out of bounds attempt (server-other.rules)
 * 1:33861 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules)
 * 1:33862 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules)
 * 1:33846 <-> ENABLED <-> BLACKLIST DNS request for known malware domain horticartf.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33848 <-> ENABLED <-> BLACKLIST DNS request for known malware domain dreplicag.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33841 <-> ENABLED <-> BLACKLIST DNS request for known malware domain tabidzuwek.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 3:33871 <-> ENABLED <-> SERVER-WEBAPP Cisco TelePresence Video Communication Server authentication bypass attempt (server-webapp.rules)
 * 3:33869 <-> ENABLED <-> PROTOCOL-VOIP Cisco TelePresence Video Communication Server SDP media description denial of service attempt (protocol-voip.rules)
 * 3:33870 <-> ENABLED <-> PROTOCOL-VOIP Cisco TelePresence Video Communication Server SDP media description denial of service attempt (protocol-voip.rules)

Modified Rules:


 * 1:33748 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules)
 * 1:33753 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules)
 * 1:33752 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules)
 * 1:33755 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules)
 * 1:19556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Homa variant outbound connection (malware-cnc.rules)
 * 1:19484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules)
 * 1:19555 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small variant outbound connection (malware-cnc.rules)
 * 1:33746 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules)
 * 1:33750 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules)
 * 1:33747 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules)
 * 1:31167 <-> DISABLED <-> PUA-ADWARE InstallRex bundled installer outbound activity (pua-adware.rules)
 * 1:27964 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules)
 * 1:21232 <-> DISABLED <-> SERVER-OTHER Remote Desktop Protocol brute force attempt (server-other.rules)
 * 1:33749 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules)
 * 1:33745 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules)
 * 1:33754 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules)
 * 1:33751 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules)
 * 1:33826 <-> DISABLED <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt (server-samba.rules)

2015-03-17 16:06:43 UTC

Sourcefire VRT Rules Update

Date: 2015-03-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2970.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:33838 <-> ENABLED <-> BLACKLIST DNS request for known malware domain tabidzuwek.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33839 <-> ENABLED <-> BLACKLIST DNS request for known malware domain linturefa.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33836 <-> ENABLED <-> BLACKLIST DNS request for known malware domain linturefa.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33837 <-> ENABLED <-> BLACKLIST DNS request for known malware domain xablopefgr.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33834 <-> DISABLED <-> PUA-ADWARE User-Agent adware OutBrowse/Amonitize (pua-adware.rules)
 * 1:33835 <-> DISABLED <-> PUA-ADWARE User-Agent adware OutBrowse/Amonitize (pua-adware.rules)
 * 1:33832 <-> DISABLED <-> SERVER-WEBAPP Seagate BlackArmor NAS getAlias.php command injection attempt (server-webapp.rules)
 * 1:33833 <-> DISABLED <-> PUA-ADWARE User-Agent adware OutBrowse/Amonitize (pua-adware.rules)
 * 1:33831 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent DownloadMR - Solimba (blacklist.rules)
 * 1:33844 <-> ENABLED <-> BLACKLIST DNS request for known malware domain lacdileftre.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33845 <-> ENABLED <-> BLACKLIST DNS request for known malware domain quartlet.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33843 <-> ENABLED <-> BLACKLIST DNS request for known malware domain mifastubiv.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33842 <-> ENABLED <-> BLACKLIST DNS request for known malware domain weksrubaz.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33847 <-> ENABLED <-> BLACKLIST DNS request for known malware domain kilaxuntf.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33840 <-> ENABLED <-> BLACKLIST DNS request for known malware domain xablopefgr.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33848 <-> ENABLED <-> BLACKLIST DNS request for known malware domain dreplicag.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33849 <-> ENABLED <-> BLACKLIST DNS request for known malware domain fimzusoln.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33850 <-> ENABLED <-> BLACKLIST DNS request for known malware domain wetguqan.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33852 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules)
 * 1:33853 <-> DISABLED <-> SERVER-WEBAPP D-Link multiple products ping.cpp command injection attempt (server-webapp.rules)
 * 1:33854 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LogPOS variant outbound connection (malware-cnc.rules)
 * 1:33855 <-> DISABLED <-> SERVER-WEBAPP Wordpress Ultimate CSV Importer auth bypass export attempt (server-webapp.rules)
 * 1:33856 <-> DISABLED <-> SERVER-WEBAPP Wordpress Holding Pattern theme file upload attempt (server-webapp.rules)
 * 1:33851 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules)
 * 1:33857 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PwnPOS data exfiltration attempt (malware-cnc.rules)
 * 1:33859 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules)
 * 1:33858 <-> DISABLED <-> SERVER-OTHER rsyslog remote PRI out of bounds attempt (server-other.rules)
 * 1:33860 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules)
 * 1:33861 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules)
 * 1:33862 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules)
 * 1:33864 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules)
 * 1:33863 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules)
 * 1:33846 <-> ENABLED <-> BLACKLIST DNS request for known malware domain horticartf.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33868 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules)
 * 1:33867 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules)
 * 1:33865 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules)
 * 1:33841 <-> ENABLED <-> BLACKLIST DNS request for known malware domain tabidzuwek.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33866 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules)
 * 3:33871 <-> ENABLED <-> SERVER-WEBAPP Cisco TelePresence Video Communication Server authentication bypass attempt (server-webapp.rules)
 * 3:33869 <-> ENABLED <-> PROTOCOL-VOIP Cisco TelePresence Video Communication Server SDP media description denial of service attempt (protocol-voip.rules)
 * 3:33870 <-> ENABLED <-> PROTOCOL-VOIP Cisco TelePresence Video Communication Server SDP media description denial of service attempt (protocol-voip.rules)

Modified Rules:


 * 1:33755 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules)
 * 1:33753 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules)
 * 1:33754 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules)
 * 1:33752 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules)
 * 1:19556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Homa variant outbound connection (malware-cnc.rules)
 * 1:19555 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small variant outbound connection (malware-cnc.rules)
 * 1:19484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules)
 * 1:31167 <-> DISABLED <-> PUA-ADWARE InstallRex bundled installer outbound activity (pua-adware.rules)
 * 1:33746 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules)
 * 1:33745 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules)
 * 1:33747 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules)
 * 1:33749 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules)
 * 1:27964 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules)
 * 1:21232 <-> DISABLED <-> SERVER-OTHER Remote Desktop Protocol brute force attempt (server-other.rules)
 * 1:33750 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules)
 * 1:33751 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules)
 * 1:33826 <-> DISABLED <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt (server-samba.rules)
 * 1:33748 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules)

2015-03-17 16:06:43 UTC

Sourcefire VRT Rules Update

Date: 2015-03-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2972.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:33868 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules)
 * 1:33867 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules)
 * 1:33866 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules)
 * 1:33865 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules)
 * 1:33864 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules)
 * 1:33863 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules)
 * 1:33862 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules)
 * 1:33861 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules)
 * 1:33860 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules)
 * 1:33859 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound communication attempt (malware-cnc.rules)
 * 1:33858 <-> DISABLED <-> SERVER-OTHER rsyslog remote PRI out of bounds attempt (server-other.rules)
 * 1:33857 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PwnPOS data exfiltration attempt (malware-cnc.rules)
 * 1:33856 <-> DISABLED <-> SERVER-WEBAPP Wordpress Holding Pattern theme file upload attempt (server-webapp.rules)
 * 1:33855 <-> DISABLED <-> SERVER-WEBAPP Wordpress Ultimate CSV Importer auth bypass export attempt (server-webapp.rules)
 * 1:33854 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LogPOS variant outbound connection (malware-cnc.rules)
 * 1:33853 <-> DISABLED <-> SERVER-WEBAPP D-Link multiple products ping.cpp command injection attempt (server-webapp.rules)
 * 1:33852 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules)
 * 1:33851 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules)
 * 1:33850 <-> ENABLED <-> BLACKLIST DNS request for known malware domain wetguqan.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33849 <-> ENABLED <-> BLACKLIST DNS request for known malware domain fimzusoln.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33848 <-> ENABLED <-> BLACKLIST DNS request for known malware domain dreplicag.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33847 <-> ENABLED <-> BLACKLIST DNS request for known malware domain kilaxuntf.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33846 <-> ENABLED <-> BLACKLIST DNS request for known malware domain horticartf.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33845 <-> ENABLED <-> BLACKLIST DNS request for known malware domain quartlet.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33844 <-> ENABLED <-> BLACKLIST DNS request for known malware domain lacdileftre.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33843 <-> ENABLED <-> BLACKLIST DNS request for known malware domain mifastubiv.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33842 <-> ENABLED <-> BLACKLIST DNS request for known malware domain weksrubaz.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33841 <-> ENABLED <-> BLACKLIST DNS request for known malware domain tabidzuwek.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33840 <-> ENABLED <-> BLACKLIST DNS request for known malware domain xablopefgr.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33839 <-> ENABLED <-> BLACKLIST DNS request for known malware domain linturefa.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33838 <-> ENABLED <-> BLACKLIST DNS request for known malware domain tabidzuwek.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33837 <-> ENABLED <-> BLACKLIST DNS request for known malware domain xablopefgr.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33836 <-> ENABLED <-> BLACKLIST DNS request for known malware domain linturefa.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:33835 <-> DISABLED <-> PUA-ADWARE User-Agent adware OutBrowse/Amonitize (pua-adware.rules)
 * 1:33834 <-> DISABLED <-> PUA-ADWARE User-Agent adware OutBrowse/Amonitize (pua-adware.rules)
 * 1:33833 <-> DISABLED <-> PUA-ADWARE User-Agent adware OutBrowse/Amonitize (pua-adware.rules)
 * 1:33832 <-> DISABLED <-> SERVER-WEBAPP Seagate BlackArmor NAS getAlias.php command injection attempt (server-webapp.rules)
 * 1:33831 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent DownloadMR - Solimba (blacklist.rules)
 * 3:33871 <-> ENABLED <-> SERVER-WEBAPP Cisco TelePresence Video Communication Server authentication bypass attempt (server-webapp.rules)
 * 3:33870 <-> ENABLED <-> PROTOCOL-VOIP Cisco TelePresence Video Communication Server SDP media description denial of service attempt (protocol-voip.rules)
 * 3:33869 <-> ENABLED <-> PROTOCOL-VOIP Cisco TelePresence Video Communication Server SDP media description denial of service attempt (protocol-voip.rules)

Modified Rules:


 * 1:19555 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small variant outbound connection (malware-cnc.rules)
 * 1:19484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules)
 * 1:21232 <-> DISABLED <-> SERVER-OTHER Remote Desktop Protocol brute force attempt (server-other.rules)
 * 1:27964 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules)
 * 1:31167 <-> DISABLED <-> PUA-ADWARE InstallRex bundled installer outbound activity (pua-adware.rules)
 * 1:33745 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules)
 * 1:33746 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules)
 * 1:33747 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules)
 * 1:33748 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules)
 * 1:33749 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules)
 * 1:33750 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules)
 * 1:33751 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules)
 * 1:33752 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules)
 * 1:33753 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules)
 * 1:33754 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules)
 * 1:33755 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication attempt (malware-cnc.rules)
 * 1:33826 <-> DISABLED <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt (server-samba.rules)
 * 1:19556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Homa variant outbound connection (malware-cnc.rules)