VRT Rules 2015-04-02
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the blacklist, browser-plugins, exploit-kit, file-flash, indicator-shellcode, malware-cnc, policy-other, protocol-voip and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2015-04-02 14:43:44 UTC

Sourcefire VRT Rules Update

Date: 2015-04-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:34021 <-> ENABLED <-> FILE-FLASH Adobe Flash Player mp4 trex tag heap corruption attempt (file-flash.rules)
 * 1:33997 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection attempt (malware-cnc.rules)
 * 1:33993 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules)
 * 1:33999 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed mp4 tag memory corruption attempt (file-flash.rules)
 * 1:34003 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection attempt (malware-cnc.rules)
 * 1:34002 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection attempt (malware-cnc.rules)
 * 1:34020 <-> ENABLED <-> FILE-FLASH Adobe Flash Player mp4 trex tag heap corruption attempt (file-flash.rules)
 * 1:33995 <-> ENABLED <-> BLACKLIST DNS request for known malware domain getb.tmpbr.net - Win.Trojan.Pwexes (blacklist.rules)
 * 1:33998 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed mp4 tag memory corruption attempt (file-flash.rules)
 * 1:34000 <-> DISABLED <-> SERVER-WEBAPP Berta Content Management System PHP code execution attempt (server-webapp.rules)
 * 1:33992 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules)
 * 1:33994 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Beshida outbound connection (malware-cnc.rules)
 * 1:33991 <-> ENABLED <-> BLACKLIST DNS request for known malware domain insidiouspool.com - Win.Trojan.Insidious (blacklist.rules)
 * 1:33989 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules)
 * 1:33990 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules)
 * 1:33987 <-> DISABLED <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt (server-other.rules)
 * 1:33988 <-> ENABLED <-> BLACKLIST DNS request for known malware domain getb.tmpbr.net - Win.Trojan.Trioptid (blacklist.rules)
 * 1:33985 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.ChinaZ outbound connection (malware-cnc.rules)
 * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:33984 <-> DISABLED <-> SERVER-WEBAPP D-Link DNS-345 Network Storage System system_mgr.cgi command injection attempt (server-webapp.rules)
 * 1:34004 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules)
 * 1:34005 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules)
 * 1:34006 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules)
 * 1:34007 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules)
 * 1:34008 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules)
 * 1:34009 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules)
 * 1:34010 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules)
 * 1:34011 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules)
 * 1:34012 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules)
 * 1:34013 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ayuther variant outbound connection attempt (malware-cnc.rules)
 * 1:34001 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection attempt (malware-cnc.rules)
 * 1:34014 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess webeye.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:34016 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess webeye.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:34015 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess webeye.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:34017 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess webeye.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:34018 <-> DISABLED <-> INDICATOR-SHELLCODE percent encoded heapspray detected (indicator-shellcode.rules)
 * 1:34019 <-> DISABLED <-> INDICATOR-SHELLCODE percent encoded heapspray detected (indicator-shellcode.rules)
 * 1:33996 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection attempt (malware-cnc.rules)
 * 3:34022 <-> ENABLED <-> PROTOCOL-VOIP Cisco Unity Connection malformed contact header denial of service attempt (protocol-voip.rules)
 * 3:34023 <-> ENABLED <-> PROTOCOL-VOIP Unity Conversation Manager record-route INVITE anomaly denial of service attempt (protocol-voip.rules)

Modified Rules:


 * 1:33658 <-> DISABLED <-> SERVER-WEBAPP Dell ScriptLogic Asset Manager SQL injection attempt (server-webapp.rules)
 * 1:33983 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit obfuscated file download (exploit-kit.rules)
 * 1:33981 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit flash file download (exploit-kit.rules)
 * 1:33982 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detected (exploit-kit.rules)
 * 1:33657 <-> DISABLED <-> SERVER-WEBAPP Dell ScriptLogic Asset Manager SQL injection attempt (server-webapp.rules)
 * 1:33659 <-> DISABLED <-> SERVER-WEBAPP Dell ScriptLogic Asset Manager SQL injection attempt (server-webapp.rules)
 * 1:33472 <-> DISABLED <-> FILE-FLASH Adobe Flash Player arbitrary code execution attempt (file-flash.rules)
 * 1:32639 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit jar file requested on defined port (exploit-kit.rules)
 * 1:32804 <-> ENABLED <-> EXPLOIT-KIT known malicious javascript packer detected (exploit-kit.rules)
 * 1:33471 <-> DISABLED <-> FILE-FLASH Adobe Flash Player arbitrary code execution attempt (file-flash.rules)
 * 1:31046 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound URL structure (exploit-kit.rules)
 * 1:31729 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Password Manager MetadataServlet SQL injection attempt (server-webapp.rules)
 * 1:29031 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banload variant inbound communication attempt (malware-cnc.rules)
 * 1:31728 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central LinkViewFetchServlet SQL injection attempt (server-webapp.rules)
 * 1:28809 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dofoil inbound connection attempt (malware-cnc.rules)
 * 1:29300 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Graftor variant inbound connection (malware-cnc.rules)
 * 1:28803 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Injector inbound connection (malware-cnc.rules)
 * 1:27013 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant inbound connection (malware-cnc.rules)
 * 1:16195 <-> DISABLED <-> SERVER-WEBAPP HTTP request content-length heap buffer overflow attempt (server-webapp.rules)

2015-04-02 14:43:44 UTC

Sourcefire VRT Rules Update

Date: 2015-04-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2970.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:33997 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection attempt (malware-cnc.rules)
 * 1:34000 <-> DISABLED <-> SERVER-WEBAPP Berta Content Management System PHP code execution attempt (server-webapp.rules)
 * 1:33999 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed mp4 tag memory corruption attempt (file-flash.rules)
 * 1:34001 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection attempt (malware-cnc.rules)
 * 1:33993 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules)
 * 1:33992 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules)
 * 1:33994 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Beshida outbound connection (malware-cnc.rules)
 * 1:33991 <-> ENABLED <-> BLACKLIST DNS request for known malware domain insidiouspool.com - Win.Trojan.Insidious (blacklist.rules)
 * 1:33989 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules)
 * 1:34002 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection attempt (malware-cnc.rules)
 * 1:33990 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules)
 * 1:33987 <-> DISABLED <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt (server-other.rules)
 * 1:33988 <-> ENABLED <-> BLACKLIST DNS request for known malware domain getb.tmpbr.net - Win.Trojan.Trioptid (blacklist.rules)
 * 1:33985 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.ChinaZ outbound connection (malware-cnc.rules)
 * 1:34003 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection attempt (malware-cnc.rules)
 * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:33984 <-> DISABLED <-> SERVER-WEBAPP D-Link DNS-345 Network Storage System system_mgr.cgi command injection attempt (server-webapp.rules)
 * 1:34004 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules)
 * 1:34005 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules)
 * 1:34006 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules)
 * 1:34007 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules)
 * 1:34008 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules)
 * 1:34009 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules)
 * 1:34010 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules)
 * 1:34011 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules)
 * 1:34012 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules)
 * 1:34013 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ayuther variant outbound connection attempt (malware-cnc.rules)
 * 1:34014 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess webeye.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:34015 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess webeye.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:34016 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess webeye.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:34017 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess webeye.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:34021 <-> ENABLED <-> FILE-FLASH Adobe Flash Player mp4 trex tag heap corruption attempt (file-flash.rules)
 * 1:34020 <-> ENABLED <-> FILE-FLASH Adobe Flash Player mp4 trex tag heap corruption attempt (file-flash.rules)
 * 1:34019 <-> DISABLED <-> INDICATOR-SHELLCODE percent encoded heapspray detected (indicator-shellcode.rules)
 * 1:34018 <-> DISABLED <-> INDICATOR-SHELLCODE percent encoded heapspray detected (indicator-shellcode.rules)
 * 1:33996 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection attempt (malware-cnc.rules)
 * 1:33995 <-> ENABLED <-> BLACKLIST DNS request for known malware domain getb.tmpbr.net - Win.Trojan.Pwexes (blacklist.rules)
 * 1:33998 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed mp4 tag memory corruption attempt (file-flash.rules)
 * 3:34022 <-> ENABLED <-> PROTOCOL-VOIP Cisco Unity Connection malformed contact header denial of service attempt (protocol-voip.rules)
 * 3:34023 <-> ENABLED <-> PROTOCOL-VOIP Unity Conversation Manager record-route INVITE anomaly denial of service attempt (protocol-voip.rules)

Modified Rules:


 * 1:33982 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detected (exploit-kit.rules)
 * 1:33983 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit obfuscated file download (exploit-kit.rules)
 * 1:33981 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit flash file download (exploit-kit.rules)
 * 1:33658 <-> DISABLED <-> SERVER-WEBAPP Dell ScriptLogic Asset Manager SQL injection attempt (server-webapp.rules)
 * 1:33659 <-> DISABLED <-> SERVER-WEBAPP Dell ScriptLogic Asset Manager SQL injection attempt (server-webapp.rules)
 * 1:33472 <-> DISABLED <-> FILE-FLASH Adobe Flash Player arbitrary code execution attempt (file-flash.rules)
 * 1:33657 <-> DISABLED <-> SERVER-WEBAPP Dell ScriptLogic Asset Manager SQL injection attempt (server-webapp.rules)
 * 1:32804 <-> ENABLED <-> EXPLOIT-KIT known malicious javascript packer detected (exploit-kit.rules)
 * 1:33471 <-> DISABLED <-> FILE-FLASH Adobe Flash Player arbitrary code execution attempt (file-flash.rules)
 * 1:31729 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Password Manager MetadataServlet SQL injection attempt (server-webapp.rules)
 * 1:32639 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit jar file requested on defined port (exploit-kit.rules)
 * 1:31046 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound URL structure (exploit-kit.rules)
 * 1:31728 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central LinkViewFetchServlet SQL injection attempt (server-webapp.rules)
 * 1:29031 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banload variant inbound communication attempt (malware-cnc.rules)
 * 1:29300 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Graftor variant inbound connection (malware-cnc.rules)
 * 1:28809 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dofoil inbound connection attempt (malware-cnc.rules)
 * 1:28803 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Injector inbound connection (malware-cnc.rules)
 * 1:16195 <-> DISABLED <-> SERVER-WEBAPP HTTP request content-length heap buffer overflow attempt (server-webapp.rules)
 * 1:27013 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant inbound connection (malware-cnc.rules)

2015-04-02 14:43:44 UTC

Sourcefire VRT Rules Update

Date: 2015-04-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2972.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:34021 <-> ENABLED <-> FILE-FLASH Adobe Flash Player mp4 trex tag heap corruption attempt (file-flash.rules)
 * 1:34020 <-> ENABLED <-> FILE-FLASH Adobe Flash Player mp4 trex tag heap corruption attempt (file-flash.rules)
 * 1:34019 <-> DISABLED <-> INDICATOR-SHELLCODE percent encoded heapspray detected (indicator-shellcode.rules)
 * 1:34018 <-> DISABLED <-> INDICATOR-SHELLCODE percent encoded heapspray detected (indicator-shellcode.rules)
 * 1:34017 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess webeye.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:34016 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess webeye.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:34015 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess webeye.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:34014 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess webeye.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:34013 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ayuther variant outbound connection attempt (malware-cnc.rules)
 * 1:34012 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules)
 * 1:34011 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules)
 * 1:34010 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules)
 * 1:34009 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules)
 * 1:34008 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules)
 * 1:34007 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules)
 * 1:34006 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules)
 * 1:34005 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules)
 * 1:34004 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules)
 * 1:34003 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection attempt (malware-cnc.rules)
 * 1:34002 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection attempt (malware-cnc.rules)
 * 1:34001 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection attempt (malware-cnc.rules)
 * 1:34000 <-> DISABLED <-> SERVER-WEBAPP Berta Content Management System PHP code execution attempt (server-webapp.rules)
 * 1:33999 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed mp4 tag memory corruption attempt (file-flash.rules)
 * 1:33998 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed mp4 tag memory corruption attempt (file-flash.rules)
 * 1:33997 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection attempt (malware-cnc.rules)
 * 1:33996 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection attempt (malware-cnc.rules)
 * 1:33995 <-> ENABLED <-> BLACKLIST DNS request for known malware domain getb.tmpbr.net - Win.Trojan.Pwexes (blacklist.rules)
 * 1:33994 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Beshida outbound connection (malware-cnc.rules)
 * 1:33993 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules)
 * 1:33992 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules)
 * 1:33991 <-> ENABLED <-> BLACKLIST DNS request for known malware domain insidiouspool.com - Win.Trojan.Insidious (blacklist.rules)
 * 1:33990 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules)
 * 1:33989 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules)
 * 1:33988 <-> ENABLED <-> BLACKLIST DNS request for known malware domain getb.tmpbr.net - Win.Trojan.Trioptid (blacklist.rules)
 * 1:33987 <-> DISABLED <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt (server-other.rules)
 * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:33985 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.ChinaZ outbound connection (malware-cnc.rules)
 * 1:33984 <-> DISABLED <-> SERVER-WEBAPP D-Link DNS-345 Network Storage System system_mgr.cgi command injection attempt (server-webapp.rules)
 * 3:34022 <-> ENABLED <-> PROTOCOL-VOIP Cisco Unity Connection malformed contact header denial of service attempt (protocol-voip.rules)
 * 3:34023 <-> ENABLED <-> PROTOCOL-VOIP Unity Conversation Manager record-route INVITE anomaly denial of service attempt (protocol-voip.rules)

Modified Rules:


 * 1:33983 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit obfuscated file download (exploit-kit.rules)
 * 1:33981 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit flash file download (exploit-kit.rules)
 * 1:33982 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detected (exploit-kit.rules)
 * 1:33658 <-> DISABLED <-> SERVER-WEBAPP Dell ScriptLogic Asset Manager SQL injection attempt (server-webapp.rules)
 * 1:33659 <-> DISABLED <-> SERVER-WEBAPP Dell ScriptLogic Asset Manager SQL injection attempt (server-webapp.rules)
 * 1:33472 <-> DISABLED <-> FILE-FLASH Adobe Flash Player arbitrary code execution attempt (file-flash.rules)
 * 1:33657 <-> DISABLED <-> SERVER-WEBAPP Dell ScriptLogic Asset Manager SQL injection attempt (server-webapp.rules)
 * 1:32804 <-> ENABLED <-> EXPLOIT-KIT known malicious javascript packer detected (exploit-kit.rules)
 * 1:33471 <-> DISABLED <-> FILE-FLASH Adobe Flash Player arbitrary code execution attempt (file-flash.rules)
 * 1:31729 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Password Manager MetadataServlet SQL injection attempt (server-webapp.rules)
 * 1:32639 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit jar file requested on defined port (exploit-kit.rules)
 * 1:31046 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound URL structure (exploit-kit.rules)
 * 1:31728 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central LinkViewFetchServlet SQL injection attempt (server-webapp.rules)
 * 1:29031 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banload variant inbound communication attempt (malware-cnc.rules)
 * 1:29300 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Graftor variant inbound connection (malware-cnc.rules)
 * 1:28809 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dofoil inbound connection attempt (malware-cnc.rules)
 * 1:28803 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Injector inbound connection (malware-cnc.rules)
 * 1:27013 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant inbound connection (malware-cnc.rules)
 * 1:16195 <-> DISABLED <-> SERVER-WEBAPP HTTP request content-length heap buffer overflow attempt (server-webapp.rules)