Talos Rules 2017-05-04
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the app-detect, blacklist, browser-ie, file-executable, file-flash, file-image, file-office, file-other, file-pdf, indicator-compromise, malware-cnc, os-windows, policy-other, protocol-dns, protocol-scada, server-mail and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2976

2017-05-04 14:59:27 UTC

Snort Subscriber Rules Update

Date: 2017-05-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:42676 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb7 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42672 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb3 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42439 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Axespec outbound request (malware-cnc.rules)
 * 1:42440 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:42441 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:42442 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:42443 <-> ENABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:42444 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:42445 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:42446 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:42447 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Batlopma variant outbound connection attempt (malware-cnc.rules)
 * 1:42448 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object access memory corruption attempt (browser-ie.rules)
 * 1:42449 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object access memory corruption attempt (browser-ie.rules)
 * 1:42450 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object access memory corruption attempt (browser-ie.rules)
 * 1:42451 <-> DISABLED <-> SERVER-WEBAPP MCA Sistemas ScadaBR index.php brute force login attempt (server-webapp.rules)
 * 1:42452 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Frethog variant outbound connection attempt (malware-cnc.rules)
 * 1:42453 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Frethog variant inbound connection attempt (malware-cnc.rules)
 * 1:42454 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Frethog (blacklist.rules)
 * 1:42455 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance password.php command injection attempt (server-webapp.rules)
 * 1:42456 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance password.php command injection attempt (server-webapp.rules)
 * 1:42457 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance password.php command injection attempt (server-webapp.rules)
 * 1:42458 <-> DISABLED <-> PROTOCOL-DNS ISC BIND unexpected DNAME CNAME ordering denial of service attempt (protocol-dns.rules)
 * 1:42459 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Reader PDF embedded null JPEG image (indicator-compromise.rules)
 * 1:42460 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Reader PDF embedded null JPEG image (indicator-compromise.rules)
 * 1:42461 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance reports.php PHP file injection attempt (server-webapp.rules)
 * 1:42462 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance reports.php directory traversal attempt (server-webapp.rules)
 * 1:42463 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules)
 * 1:42464 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules)
 * 1:42465 <-> DISABLED <-> SERVER-WEBAPP triple dot directory traversal attempt (server-webapp.rules)
 * 1:42466 <-> DISABLED <-> SERVER-OTHER WinRadius long password denial of service attempt (server-other.rules)
 * 1:42467 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42468 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42469 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42470 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42471 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42472 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42473 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42474 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42475 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules)
 * 1:42476 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules)
 * 1:42477 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42478 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42479 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42480 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42481 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42482 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42483 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42484 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42485 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42486 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42487 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42488 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42490 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules)
 * 1:42491 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules)
 * 1:42492 <-> DISABLED <-> APP-DETECT Intel AMT DHCP boot request detected (app-detect.rules)
 * 1:42494 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x01 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42495 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x02 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42496 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x03 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42497 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x04 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42498 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x05 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42499 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x06 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42500 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x07 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42501 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x08 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42502 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x09 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42503 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x0a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42504 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x0b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42505 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x0c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42506 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x0d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42507 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x0e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42508 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x0f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42509 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x10 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42510 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x11 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42511 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x12 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42512 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x13 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42513 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x14 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42514 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x15 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42515 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x16 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42516 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x17 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42517 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x18 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42518 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x19 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42519 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x1a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42520 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x1b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42521 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x1c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42522 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x1d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42523 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x1e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42524 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x1f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42525 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x20 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42526 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x21 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42527 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x22 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42528 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x23 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42529 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x24 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42530 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x25 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42531 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x26 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42532 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x27 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42533 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x28 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42534 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x29 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42535 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x2a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42536 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x2b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42537 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x2c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42538 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x2d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42539 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x2e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42540 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x2f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42541 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x30 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42542 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x31 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42543 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x32 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42544 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x33 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42545 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x34 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42546 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x35 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42547 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x36 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42548 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x37 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42549 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x38 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42550 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x39 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42551 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x3a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42552 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x3b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42553 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x3c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42554 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x3d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42555 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x3e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42556 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x3f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42557 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x40 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42558 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x41 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42559 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x42 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42560 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x43 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42561 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x44 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42562 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x45 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42563 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x46 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42564 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x47 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42565 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x48 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42566 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x49 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42567 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x4a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42568 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x4b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42569 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x4c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42570 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x4d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42571 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x4e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42572 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x4f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42573 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x50 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42574 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x51 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42575 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x52 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42576 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x53 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42577 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x54 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42578 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x55 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42579 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x56 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42580 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x57 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42581 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x58 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42582 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x59 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42583 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x5a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42584 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x5b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42585 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x5c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42586 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x5d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42587 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x5e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42588 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x5f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42589 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x60 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42590 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x61 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42591 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x62 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42592 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x63 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42593 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x64 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42594 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x65 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42595 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x66 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42741 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf8 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42734 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf1 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42735 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf2 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42736 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf3 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42737 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf4 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42738 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf5 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42739 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf6 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42740 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf7 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42742 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf9 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42743 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xfa encrypted portable executable file download attempt (file-executable.rules)
 * 1:42744 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xfb encrypted portable executable file download attempt (file-executable.rules)
 * 1:42745 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xfc encrypted portable executable file download attempt (file-executable.rules)
 * 1:42746 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xfd encrypted portable executable file download attempt (file-executable.rules)
 * 1:42747 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xfe encrypted portable executable file download attempt (file-executable.rules)
 * 1:42748 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xff encrypted portable executable file download attempt (file-executable.rules)
 * 1:42596 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x67 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42597 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x68 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42598 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x69 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42599 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x6a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42600 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x6b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42601 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x6c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42602 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x6d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42603 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x6e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42604 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x6f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42605 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x70 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42606 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x71 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42607 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x72 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42608 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x73 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42609 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x74 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42610 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x75 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42611 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x76 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42612 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x77 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42613 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x78 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42614 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x79 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42615 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x7a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42616 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x7b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42617 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x7c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42618 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x7d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42619 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x7e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42620 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x7f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42621 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x80 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42622 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x81 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42623 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x82 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42624 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x83 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42625 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x84 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42626 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x85 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42627 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x86 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42628 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x87 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42629 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x88 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42630 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x89 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42631 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x8a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42632 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x8b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42633 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x8c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42634 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x8d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42635 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x8e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42636 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x8f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42637 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x90 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42638 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x91 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42639 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x92 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42640 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x93 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42641 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x94 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42642 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x95 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42643 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x96 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42644 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x97 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42645 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x98 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42646 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x99 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42647 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x9a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42648 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x9b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42649 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x9c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42650 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x9d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42651 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x9e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42652 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x9f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42653 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa0 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42654 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa1 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42655 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa2 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42656 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa3 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42657 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa4 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42658 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa5 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42659 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa6 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42660 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa7 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42661 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa8 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42662 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa9 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42663 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xaa encrypted portable executable file download attempt (file-executable.rules)
 * 1:42664 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xab encrypted portable executable file download attempt (file-executable.rules)
 * 1:42665 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xac encrypted portable executable file download attempt (file-executable.rules)
 * 1:42666 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xad encrypted portable executable file download attempt (file-executable.rules)
 * 1:42667 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xae encrypted portable executable file download attempt (file-executable.rules)
 * 1:42668 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xaf encrypted portable executable file download attempt (file-executable.rules)
 * 1:42669 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb0 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42670 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb1 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42671 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb2 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42675 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb6 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42733 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf0 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42731 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xee encrypted portable executable file download attempt (file-executable.rules)
 * 1:42727 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xea encrypted portable executable file download attempt (file-executable.rules)
 * 1:42729 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xec encrypted portable executable file download attempt (file-executable.rules)
 * 1:42728 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xeb encrypted portable executable file download attempt (file-executable.rules)
 * 1:42726 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe9 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42730 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xed encrypted portable executable file download attempt (file-executable.rules)
 * 1:42718 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe1 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42723 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe6 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42687 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc2 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42720 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe3 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42715 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xde encrypted portable executable file download attempt (file-executable.rules)
 * 1:42682 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xbd encrypted portable executable file download attempt (file-executable.rules)
 * 1:42684 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xbf encrypted portable executable file download attempt (file-executable.rules)
 * 1:42701 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd0 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42710 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd9 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42689 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc4 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42711 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xda encrypted portable executable file download attempt (file-executable.rules)
 * 1:42695 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xca encrypted portable executable file download attempt (file-executable.rules)
 * 1:42721 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe4 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42691 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc6 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42700 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xcf encrypted portable executable file download attempt (file-executable.rules)
 * 1:42725 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe8 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42686 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc1 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42712 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xdb encrypted portable executable file download attempt (file-executable.rules)
 * 1:42678 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb9 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42673 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb4 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42681 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xbc encrypted portable executable file download attempt (file-executable.rules)
 * 1:42685 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc0 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42713 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xdc encrypted portable executable file download attempt (file-executable.rules)
 * 1:42703 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd2 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42688 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc3 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42679 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xba encrypted portable executable file download attempt (file-executable.rules)
 * 1:42693 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc8 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42724 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe7 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42697 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xcc encrypted portable executable file download attempt (file-executable.rules)
 * 1:42716 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xdf encrypted portable executable file download attempt (file-executable.rules)
 * 1:42722 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe5 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42683 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xbe encrypted portable executable file download attempt (file-executable.rules)
 * 1:42705 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd4 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42694 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc9 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42677 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb8 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42699 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xce encrypted portable executable file download attempt (file-executable.rules)
 * 1:42702 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd1 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42674 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb5 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42714 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xdd encrypted portable executable file download attempt (file-executable.rules)
 * 1:42719 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe2 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42707 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd6 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42680 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xbb encrypted portable executable file download attempt (file-executable.rules)
 * 1:42709 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd8 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42696 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xcb encrypted portable executable file download attempt (file-executable.rules)
 * 1:42704 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd3 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42706 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd5 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42698 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xcd encrypted portable executable file download attempt (file-executable.rules)
 * 1:42690 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc5 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42717 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe0 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42692 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc7 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42708 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd7 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42732 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xef encrypted portable executable file download attempt (file-executable.rules)
 * 3:42493 <-> ENABLED <-> SERVER-OTHER Cisco CVR100W VPN Router SSDP uuid stack buffer overflow attempt (server-other.rules)
 * 3:42489 <-> ENABLED <-> SERVER-OTHER Cisco Aironet Mobility Express PnP agent directory traversal attempt (server-other.rules)
 * 3:42438 <-> ENABLED <-> SERVER-MAIL IBM Domino BMP parsing integer overflow attempt (server-mail.rules)
 * 3:42436 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0330 attack attempt (server-webapp.rules)
 * 3:42437 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0331 attack attempt (server-webapp.rules)
 * 3:42434 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0328 attack attempt (server-webapp.rules)
 * 3:42435 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0330 attack attempt (server-webapp.rules)
 * 3:42432 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0328 attack attempt (server-webapp.rules)
 * 3:42433 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0328 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:17388 <-> DISABLED <-> FILE-IMAGE OpenOffice EMF file EMR record parsing integer overflow attempt (file-image.rules)
 * 1:36972 <-> DISABLED <-> FILE-OTHER Windows Media Player MCL to HTML information disclosure attempt (file-other.rules)
 * 1:35601 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection use-after-free attempt (file-flash.rules)
 * 1:35602 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection use-after-free attempt (file-flash.rules)
 * 1:35600 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection use-after-free attempt (file-flash.rules)
 * 1:35599 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection use-after-free attempt (file-flash.rules)
 * 1:34082 <-> DISABLED <-> FILE-OTHER Microsoft emf small header overwrite attempt (file-other.rules)
 * 1:34083 <-> DISABLED <-> FILE-OTHER Microsoft emf small header overwrite attempt (file-other.rules)
 * 1:31029 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules)
 * 1:31030 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules)
 * 1:31028 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules)
 * 1:30340 <-> DISABLED <-> SERVER-WEBAPP Cisco 675 web administration denial of service attempt (server-webapp.rules)
 * 1:31027 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules)
 * 1:41152 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Forms Data Format embedded javascript attempt (file-pdf.rules)
 * 1:39361 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string - Win.Trojan.Batlopma (blacklist.rules)
 * 1:36973 <-> DISABLED <-> FILE-OTHER Windows Media Player MCL to HTML information disclosure attempt (file-other.rules)
 * 1:25770 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object access memory corruption attempt (browser-ie.rules)
 * 1:25528 <-> DISABLED <-> SERVER-WEBAPP Moveable Type unauthenticated remote command execution attempt (server-webapp.rules)
 * 1:23092 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules)
 * 1:17413 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:41153 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Forms Data Format embedded javascript attempt (file-pdf.rules)
 * 1:23095 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules)
 * 1:18654 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe format string attempt (protocol-scada.rules)
 * 1:23094 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules)

2983

2017-05-04 14:59:27 UTC

Snort Subscriber Rules Update

Date: 2017-05-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:42671 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb2 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42670 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb1 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42669 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb0 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42668 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xaf encrypted portable executable file download attempt (file-executable.rules)
 * 1:42667 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xae encrypted portable executable file download attempt (file-executable.rules)
 * 1:42666 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xad encrypted portable executable file download attempt (file-executable.rules)
 * 1:42665 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xac encrypted portable executable file download attempt (file-executable.rules)
 * 1:42664 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xab encrypted portable executable file download attempt (file-executable.rules)
 * 1:42663 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xaa encrypted portable executable file download attempt (file-executable.rules)
 * 1:42662 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa9 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42661 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa8 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42660 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa7 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42659 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa6 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42658 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa5 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42657 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa4 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42656 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa3 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42655 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa2 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42654 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa1 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42653 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa0 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42652 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x9f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42650 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x9d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42651 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x9e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42648 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x9b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42649 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x9c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42646 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x99 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42647 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x9a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42644 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x97 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42645 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x98 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42642 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x95 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42643 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x96 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42640 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x93 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42641 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x94 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42638 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x91 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42639 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x92 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42637 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x90 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42636 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x8f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42634 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x8d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42635 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x8e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42632 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x8b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42633 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x8c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42630 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x89 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42631 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x8a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42628 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x87 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42629 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x88 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42626 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x85 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42627 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x86 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42624 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x83 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42625 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x84 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42622 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x81 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42623 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x82 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42620 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x7f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42621 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x80 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42618 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x7d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42619 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x7e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42616 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x7b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42617 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x7c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42614 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x79 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42615 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x7a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42612 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x77 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42613 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x78 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42610 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x75 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42611 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x76 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42608 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x73 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42609 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x74 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42606 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x71 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42607 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x72 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42602 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x6d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42605 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x70 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42604 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x6f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42603 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x6e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42600 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x6b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42601 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x6c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42598 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x69 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42599 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x6a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42596 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x67 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42597 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x68 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42594 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x65 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42595 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x66 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42592 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x63 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42593 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x64 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42590 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x61 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42591 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x62 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42588 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x5f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42589 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x60 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42586 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x5d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42587 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x5e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42584 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x5b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42585 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x5c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42582 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x59 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42583 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x5a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42580 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x57 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42581 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x58 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42578 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x55 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42579 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x56 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42576 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x53 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42577 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x54 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42574 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x51 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42575 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x52 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42572 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x4f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42573 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x50 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42570 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x4d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42571 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x4e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42569 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x4c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42568 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x4b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42567 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x4a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42565 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x48 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42566 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x49 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42563 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x46 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42564 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x47 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42561 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x44 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42562 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x45 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42559 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x42 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42560 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x43 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42557 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x40 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42558 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x41 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42555 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x3e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42556 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x3f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42553 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x3c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42554 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x3d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42551 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x3a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42552 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x3b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42549 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x38 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42550 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x39 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42547 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x36 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42548 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x37 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42545 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x34 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42546 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x35 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42543 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x32 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42544 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x33 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42541 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x30 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42542 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x31 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42539 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x2e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42540 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x2f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42537 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x2c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42538 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x2d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42535 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x2a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42536 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x2b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42533 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x28 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42534 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x29 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42531 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x26 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42532 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x27 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42529 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x24 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42530 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x25 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42527 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x22 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42528 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x23 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42525 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x20 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42526 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x21 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42523 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x1e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42524 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x1f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42521 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x1c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42522 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x1d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42519 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x1a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42520 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x1b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42517 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x18 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42518 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x19 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42515 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x16 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42516 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x17 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42513 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x14 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42514 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x15 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42511 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x12 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42512 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x13 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42509 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x10 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42510 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x11 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42507 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x0e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42508 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x0f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42505 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x0c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42506 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x0d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42503 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x0a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42504 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x0b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42501 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x08 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42502 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x09 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42500 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x07 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42499 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x06 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42498 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x05 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42496 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x03 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42497 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x04 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42494 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x01 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42495 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x02 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42492 <-> DISABLED <-> APP-DETECT Intel AMT DHCP boot request detected (app-detect.rules)
 * 1:42491 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules)
 * 1:42490 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules)
 * 1:42487 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42488 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42485 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42486 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42483 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42484 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42481 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42482 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42479 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42480 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42478 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42476 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules)
 * 1:42477 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42474 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42475 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules)
 * 1:42472 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42473 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42470 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42471 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42468 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42469 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42466 <-> DISABLED <-> SERVER-OTHER WinRadius long password denial of service attempt (server-other.rules)
 * 1:42467 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42464 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules)
 * 1:42465 <-> DISABLED <-> SERVER-WEBAPP triple dot directory traversal attempt (server-webapp.rules)
 * 1:42463 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules)
 * 1:42462 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance reports.php directory traversal attempt (server-webapp.rules)
 * 1:42460 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Reader PDF embedded null JPEG image (indicator-compromise.rules)
 * 1:42461 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance reports.php PHP file injection attempt (server-webapp.rules)
 * 1:42458 <-> DISABLED <-> PROTOCOL-DNS ISC BIND unexpected DNAME CNAME ordering denial of service attempt (protocol-dns.rules)
 * 1:42459 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Reader PDF embedded null JPEG image (indicator-compromise.rules)
 * 1:42456 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance password.php command injection attempt (server-webapp.rules)
 * 1:42457 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance password.php command injection attempt (server-webapp.rules)
 * 1:42455 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance password.php command injection attempt (server-webapp.rules)
 * 1:42454 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Frethog (blacklist.rules)
 * 1:42453 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Frethog variant inbound connection attempt (malware-cnc.rules)
 * 1:42451 <-> DISABLED <-> SERVER-WEBAPP MCA Sistemas ScadaBR index.php brute force login attempt (server-webapp.rules)
 * 1:42452 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Frethog variant outbound connection attempt (malware-cnc.rules)
 * 1:42449 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object access memory corruption attempt (browser-ie.rules)
 * 1:42450 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object access memory corruption attempt (browser-ie.rules)
 * 1:42447 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Batlopma variant outbound connection attempt (malware-cnc.rules)
 * 1:42448 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object access memory corruption attempt (browser-ie.rules)
 * 1:42445 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:42446 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:42443 <-> ENABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:42444 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:42441 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:42442 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:42439 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Axespec outbound request (malware-cnc.rules)
 * 1:42440 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:42748 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xff encrypted portable executable file download attempt (file-executable.rules)
 * 1:42747 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xfe encrypted portable executable file download attempt (file-executable.rules)
 * 1:42746 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xfd encrypted portable executable file download attempt (file-executable.rules)
 * 1:42745 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xfc encrypted portable executable file download attempt (file-executable.rules)
 * 1:42744 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xfb encrypted portable executable file download attempt (file-executable.rules)
 * 1:42743 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xfa encrypted portable executable file download attempt (file-executable.rules)
 * 1:42742 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf9 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42741 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf8 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42740 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf7 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42739 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf6 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42738 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf5 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42737 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf4 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42736 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf3 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42735 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf2 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42734 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf1 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42733 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf0 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42732 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xef encrypted portable executable file download attempt (file-executable.rules)
 * 1:42731 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xee encrypted portable executable file download attempt (file-executable.rules)
 * 1:42730 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xed encrypted portable executable file download attempt (file-executable.rules)
 * 1:42729 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xec encrypted portable executable file download attempt (file-executable.rules)
 * 1:42728 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xeb encrypted portable executable file download attempt (file-executable.rules)
 * 1:42727 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xea encrypted portable executable file download attempt (file-executable.rules)
 * 1:42726 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe9 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42725 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe8 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42724 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe7 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42723 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe6 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42722 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe5 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42721 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe4 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42720 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe3 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42719 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe2 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42718 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe1 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42717 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe0 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42716 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xdf encrypted portable executable file download attempt (file-executable.rules)
 * 1:42715 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xde encrypted portable executable file download attempt (file-executable.rules)
 * 1:42714 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xdd encrypted portable executable file download attempt (file-executable.rules)
 * 1:42713 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xdc encrypted portable executable file download attempt (file-executable.rules)
 * 1:42712 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xdb encrypted portable executable file download attempt (file-executable.rules)
 * 1:42711 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xda encrypted portable executable file download attempt (file-executable.rules)
 * 1:42710 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd9 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42709 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd8 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42708 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd7 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42707 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd6 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42706 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd5 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42705 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd4 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42704 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd3 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42703 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd2 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42702 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd1 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42701 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd0 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42700 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xcf encrypted portable executable file download attempt (file-executable.rules)
 * 1:42699 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xce encrypted portable executable file download attempt (file-executable.rules)
 * 1:42698 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xcd encrypted portable executable file download attempt (file-executable.rules)
 * 1:42697 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xcc encrypted portable executable file download attempt (file-executable.rules)
 * 1:42696 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xcb encrypted portable executable file download attempt (file-executable.rules)
 * 1:42695 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xca encrypted portable executable file download attempt (file-executable.rules)
 * 1:42694 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc9 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42693 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc8 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42692 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc7 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42691 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc6 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42690 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc5 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42689 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc4 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42688 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc3 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42687 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc2 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42686 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc1 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42685 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc0 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42684 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xbf encrypted portable executable file download attempt (file-executable.rules)
 * 1:42683 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xbe encrypted portable executable file download attempt (file-executable.rules)
 * 1:42682 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xbd encrypted portable executable file download attempt (file-executable.rules)
 * 1:42681 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xbc encrypted portable executable file download attempt (file-executable.rules)
 * 1:42680 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xbb encrypted portable executable file download attempt (file-executable.rules)
 * 1:42679 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xba encrypted portable executable file download attempt (file-executable.rules)
 * 1:42678 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb9 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42677 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb8 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42676 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb7 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42675 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb6 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42674 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb5 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42672 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb3 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42673 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb4 encrypted portable executable file download attempt (file-executable.rules)
 * 3:42493 <-> ENABLED <-> SERVER-OTHER Cisco CVR100W VPN Router SSDP uuid stack buffer overflow attempt (server-other.rules)
 * 3:42489 <-> ENABLED <-> SERVER-OTHER Cisco Aironet Mobility Express PnP agent directory traversal attempt (server-other.rules)
 * 3:42438 <-> ENABLED <-> SERVER-MAIL IBM Domino BMP parsing integer overflow attempt (server-mail.rules)
 * 3:42437 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0331 attack attempt (server-webapp.rules)
 * 3:42436 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0330 attack attempt (server-webapp.rules)
 * 3:42435 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0330 attack attempt (server-webapp.rules)
 * 3:42434 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0328 attack attempt (server-webapp.rules)
 * 3:42433 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0328 attack attempt (server-webapp.rules)
 * 3:42432 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0328 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:17388 <-> DISABLED <-> FILE-IMAGE OpenOffice EMF file EMR record parsing integer overflow attempt (file-image.rules)
 * 1:41152 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Forms Data Format embedded javascript attempt (file-pdf.rules)
 * 1:36973 <-> DISABLED <-> FILE-OTHER Windows Media Player MCL to HTML information disclosure attempt (file-other.rules)
 * 1:39361 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string - Win.Trojan.Batlopma (blacklist.rules)
 * 1:25770 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object access memory corruption attempt (browser-ie.rules)
 * 1:25528 <-> DISABLED <-> SERVER-WEBAPP Moveable Type unauthenticated remote command execution attempt (server-webapp.rules)
 * 1:23092 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules)
 * 1:41153 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Forms Data Format embedded javascript attempt (file-pdf.rules)
 * 1:36972 <-> DISABLED <-> FILE-OTHER Windows Media Player MCL to HTML information disclosure attempt (file-other.rules)
 * 1:35601 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection use-after-free attempt (file-flash.rules)
 * 1:35602 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection use-after-free attempt (file-flash.rules)
 * 1:35599 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection use-after-free attempt (file-flash.rules)
 * 1:35600 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection use-after-free attempt (file-flash.rules)
 * 1:34083 <-> DISABLED <-> FILE-OTHER Microsoft emf small header overwrite attempt (file-other.rules)
 * 1:34082 <-> DISABLED <-> FILE-OTHER Microsoft emf small header overwrite attempt (file-other.rules)
 * 1:31030 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules)
 * 1:31029 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules)
 * 1:31028 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules)
 * 1:31027 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules)
 * 1:30340 <-> DISABLED <-> SERVER-WEBAPP Cisco 675 web administration denial of service attempt (server-webapp.rules)
 * 1:23095 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules)
 * 1:23094 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules)
 * 1:18654 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe format string attempt (protocol-scada.rules)
 * 1:17413 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)

2990

2017-05-04 14:59:27 UTC

Snort Subscriber Rules Update

Date: 2017-05-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:42748 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xff encrypted portable executable file download attempt (file-executable.rules)
 * 1:42747 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xfe encrypted portable executable file download attempt (file-executable.rules)
 * 1:42746 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xfd encrypted portable executable file download attempt (file-executable.rules)
 * 1:42745 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xfc encrypted portable executable file download attempt (file-executable.rules)
 * 1:42744 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xfb encrypted portable executable file download attempt (file-executable.rules)
 * 1:42743 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xfa encrypted portable executable file download attempt (file-executable.rules)
 * 1:42742 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf9 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42741 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf8 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42740 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf7 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42739 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf6 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42738 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf5 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42737 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf4 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42736 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf3 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42735 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf2 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42734 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf1 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42733 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf0 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42732 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xef encrypted portable executable file download attempt (file-executable.rules)
 * 1:42731 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xee encrypted portable executable file download attempt (file-executable.rules)
 * 1:42730 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xed encrypted portable executable file download attempt (file-executable.rules)
 * 1:42729 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xec encrypted portable executable file download attempt (file-executable.rules)
 * 1:42728 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xeb encrypted portable executable file download attempt (file-executable.rules)
 * 1:42727 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xea encrypted portable executable file download attempt (file-executable.rules)
 * 1:42726 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe9 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42725 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe8 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42724 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe7 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42723 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe6 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42722 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe5 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42721 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe4 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42720 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe3 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42719 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe2 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42718 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe1 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42717 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe0 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42716 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xdf encrypted portable executable file download attempt (file-executable.rules)
 * 1:42715 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xde encrypted portable executable file download attempt (file-executable.rules)
 * 1:42714 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xdd encrypted portable executable file download attempt (file-executable.rules)
 * 1:42713 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xdc encrypted portable executable file download attempt (file-executable.rules)
 * 1:42712 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xdb encrypted portable executable file download attempt (file-executable.rules)
 * 1:42711 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xda encrypted portable executable file download attempt (file-executable.rules)
 * 1:42710 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd9 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42709 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd8 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42708 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd7 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42707 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd6 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42706 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd5 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42705 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd4 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42704 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd3 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42703 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd2 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42702 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd1 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42701 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd0 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42700 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xcf encrypted portable executable file download attempt (file-executable.rules)
 * 1:42699 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xce encrypted portable executable file download attempt (file-executable.rules)
 * 1:42698 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xcd encrypted portable executable file download attempt (file-executable.rules)
 * 1:42697 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xcc encrypted portable executable file download attempt (file-executable.rules)
 * 1:42696 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xcb encrypted portable executable file download attempt (file-executable.rules)
 * 1:42695 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xca encrypted portable executable file download attempt (file-executable.rules)
 * 1:42694 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc9 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42693 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc8 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42692 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc7 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42691 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc6 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42690 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc5 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42689 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc4 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42688 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc3 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42687 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc2 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42686 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc1 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42685 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc0 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42684 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xbf encrypted portable executable file download attempt (file-executable.rules)
 * 1:42683 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xbe encrypted portable executable file download attempt (file-executable.rules)
 * 1:42682 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xbd encrypted portable executable file download attempt (file-executable.rules)
 * 1:42681 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xbc encrypted portable executable file download attempt (file-executable.rules)
 * 1:42680 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xbb encrypted portable executable file download attempt (file-executable.rules)
 * 1:42679 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xba encrypted portable executable file download attempt (file-executable.rules)
 * 1:42678 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb9 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42677 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb8 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42676 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb7 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42675 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb6 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42674 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb5 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42673 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb4 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42672 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb3 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42671 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb2 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42670 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb1 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42669 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb0 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42668 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xaf encrypted portable executable file download attempt (file-executable.rules)
 * 1:42667 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xae encrypted portable executable file download attempt (file-executable.rules)
 * 1:42666 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xad encrypted portable executable file download attempt (file-executable.rules)
 * 1:42665 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xac encrypted portable executable file download attempt (file-executable.rules)
 * 1:42664 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xab encrypted portable executable file download attempt (file-executable.rules)
 * 1:42663 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xaa encrypted portable executable file download attempt (file-executable.rules)
 * 1:42662 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa9 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42661 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa8 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42660 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa7 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42659 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa6 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42658 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa5 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42657 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa4 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42656 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa3 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42655 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa2 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42654 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa1 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42653 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa0 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42652 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x9f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42651 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x9e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42650 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x9d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42649 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x9c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42648 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x9b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42647 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x9a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42646 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x99 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42645 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x98 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42644 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x97 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42643 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x96 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42642 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x95 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42641 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x94 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42640 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x93 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42639 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x92 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42638 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x91 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42637 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x90 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42636 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x8f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42635 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x8e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42634 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x8d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42633 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x8c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42632 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x8b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42631 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x8a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42630 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x89 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42629 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x88 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42628 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x87 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42627 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x86 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42626 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x85 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42625 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x84 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42624 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x83 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42623 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x82 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42622 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x81 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42621 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x80 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42620 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x7f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42619 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x7e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42618 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x7d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42617 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x7c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42616 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x7b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42615 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x7a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42614 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x79 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42613 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x78 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42612 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x77 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42611 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x76 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42610 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x75 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42609 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x74 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42608 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x73 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42607 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x72 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42606 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x71 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42605 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x70 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42604 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x6f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42603 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x6e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42602 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x6d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42601 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x6c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42600 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x6b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42599 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x6a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42598 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x69 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42597 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x68 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42596 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x67 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42595 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x66 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42594 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x65 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42593 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x64 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42592 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x63 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42591 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x62 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42590 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x61 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42589 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x60 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42588 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x5f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42587 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x5e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42586 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x5d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42585 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x5c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42584 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x5b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42583 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x5a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42582 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x59 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42581 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x58 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42580 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x57 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42579 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x56 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42578 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x55 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42577 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x54 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42576 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x53 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42575 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x52 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42574 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x51 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42573 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x50 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42572 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x4f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42571 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x4e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42570 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x4d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42569 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x4c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42568 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x4b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42567 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x4a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42566 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x49 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42565 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x48 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42564 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x47 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42563 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x46 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42562 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x45 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42561 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x44 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42560 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x43 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42559 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x42 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42558 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x41 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42557 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x40 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42556 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x3f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42555 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x3e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42554 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x3d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42553 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x3c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42552 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x3b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42551 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x3a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42550 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x39 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42549 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x38 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42548 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x37 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42547 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x36 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42546 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x35 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42545 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x34 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42544 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x33 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42543 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x32 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42542 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x31 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42541 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x30 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42540 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x2f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42539 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x2e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42538 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x2d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42537 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x2c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42536 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x2b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42535 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x2a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42534 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x29 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42533 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x28 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42532 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x27 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42531 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x26 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42530 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x25 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42529 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x24 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42528 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x23 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42527 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x22 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42526 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x21 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42525 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x20 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42524 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x1f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42523 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x1e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42522 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x1d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42521 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x1c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42520 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x1b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42519 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x1a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42518 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x19 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42517 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x18 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42516 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x17 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42515 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x16 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42514 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x15 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42513 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x14 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42512 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x13 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42511 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x12 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42510 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x11 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42509 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x10 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42508 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x0f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42507 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x0e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42506 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x0d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42505 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x0c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42504 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x0b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42503 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x0a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42502 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x09 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42501 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x08 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42500 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x07 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42499 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x06 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42498 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x05 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42497 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x04 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42496 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x03 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42495 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x02 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42494 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x01 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42492 <-> DISABLED <-> APP-DETECT Intel AMT DHCP boot request detected (app-detect.rules)
 * 1:42491 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules)
 * 1:42490 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules)
 * 1:42488 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42487 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42486 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42485 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42484 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42483 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42482 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42481 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42480 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42479 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42478 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42477 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42476 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules)
 * 1:42475 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules)
 * 1:42474 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42473 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42472 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42471 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42470 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42469 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42468 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42467 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42466 <-> DISABLED <-> SERVER-OTHER WinRadius long password denial of service attempt (server-other.rules)
 * 1:42465 <-> DISABLED <-> SERVER-WEBAPP triple dot directory traversal attempt (server-webapp.rules)
 * 1:42464 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules)
 * 1:42463 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules)
 * 1:42462 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance reports.php directory traversal attempt (server-webapp.rules)
 * 1:42461 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance reports.php PHP file injection attempt (server-webapp.rules)
 * 1:42460 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Reader PDF embedded null JPEG image (indicator-compromise.rules)
 * 1:42459 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Reader PDF embedded null JPEG image (indicator-compromise.rules)
 * 1:42458 <-> DISABLED <-> PROTOCOL-DNS ISC BIND unexpected DNAME CNAME ordering denial of service attempt (protocol-dns.rules)
 * 1:42457 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance password.php command injection attempt (server-webapp.rules)
 * 1:42456 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance password.php command injection attempt (server-webapp.rules)
 * 1:42455 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance password.php command injection attempt (server-webapp.rules)
 * 1:42454 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Frethog (blacklist.rules)
 * 1:42453 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Frethog variant inbound connection attempt (malware-cnc.rules)
 * 1:42452 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Frethog variant outbound connection attempt (malware-cnc.rules)
 * 1:42451 <-> DISABLED <-> SERVER-WEBAPP MCA Sistemas ScadaBR index.php brute force login attempt (server-webapp.rules)
 * 1:42450 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object access memory corruption attempt (browser-ie.rules)
 * 1:42449 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object access memory corruption attempt (browser-ie.rules)
 * 1:42448 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object access memory corruption attempt (browser-ie.rules)
 * 1:42447 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Batlopma variant outbound connection attempt (malware-cnc.rules)
 * 1:42446 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:42445 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:42444 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:42443 <-> ENABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:42442 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:42441 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:42440 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:42439 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Axespec outbound request (malware-cnc.rules)
 * 3:42432 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0328 attack attempt (server-webapp.rules)
 * 3:42433 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0328 attack attempt (server-webapp.rules)
 * 3:42434 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0328 attack attempt (server-webapp.rules)
 * 3:42435 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0330 attack attempt (server-webapp.rules)
 * 3:42436 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0330 attack attempt (server-webapp.rules)
 * 3:42437 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0331 attack attempt (server-webapp.rules)
 * 3:42438 <-> ENABLED <-> SERVER-MAIL IBM Domino BMP parsing integer overflow attempt (server-mail.rules)
 * 3:42489 <-> ENABLED <-> SERVER-OTHER Cisco Aironet Mobility Express PnP agent directory traversal attempt (server-other.rules)
 * 3:42493 <-> ENABLED <-> SERVER-OTHER Cisco CVR100W VPN Router SSDP uuid stack buffer overflow attempt (server-other.rules)

Modified Rules:


 * 1:17413 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:41152 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Forms Data Format embedded javascript attempt (file-pdf.rules)
 * 1:36973 <-> DISABLED <-> FILE-OTHER Windows Media Player MCL to HTML information disclosure attempt (file-other.rules)
 * 1:39361 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string - Win.Trojan.Batlopma (blacklist.rules)
 * 1:25770 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object access memory corruption attempt (browser-ie.rules)
 * 1:25528 <-> DISABLED <-> SERVER-WEBAPP Moveable Type unauthenticated remote command execution attempt (server-webapp.rules)
 * 1:23092 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules)
 * 1:23095 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules)
 * 1:17388 <-> DISABLED <-> FILE-IMAGE OpenOffice EMF file EMR record parsing integer overflow attempt (file-image.rules)
 * 1:30340 <-> DISABLED <-> SERVER-WEBAPP Cisco 675 web administration denial of service attempt (server-webapp.rules)
 * 1:31027 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules)
 * 1:31028 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules)
 * 1:31029 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules)
 * 1:31030 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules)
 * 1:34082 <-> DISABLED <-> FILE-OTHER Microsoft emf small header overwrite attempt (file-other.rules)
 * 1:34083 <-> DISABLED <-> FILE-OTHER Microsoft emf small header overwrite attempt (file-other.rules)
 * 1:35599 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection use-after-free attempt (file-flash.rules)
 * 1:35600 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection use-after-free attempt (file-flash.rules)
 * 1:35601 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection use-after-free attempt (file-flash.rules)
 * 1:35602 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection use-after-free attempt (file-flash.rules)
 * 1:36972 <-> DISABLED <-> FILE-OTHER Windows Media Player MCL to HTML information disclosure attempt (file-other.rules)
 * 1:41153 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Forms Data Format embedded javascript attempt (file-pdf.rules)
 * 1:23094 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules)
 * 1:18654 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe format string attempt (protocol-scada.rules)