Sourcefire VRT Rules Update

Date: 2012-10-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.3.1.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:24415 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules)
 * 1:24414 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules)
 * 1:24413 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules)
 * 1:24412 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules)
 * 1:24411 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Gauss download attempt (malware-other.rules)
 * 1:24410 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Gauss download attempt (malware-other.rules)
 * 1:24409 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Miniflame download attempt (malware-other.rules)
 * 1:24408 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Miniflame download attempt (malware-other.rules)
 * 1:24407 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MiniFlame variant outbound connection (malware-cnc.rules)
 * 1:24406 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MiniFlame variant outbound connection (malware-cnc.rules)
 * 1:24405 <-> DISABLED <-> MALWARE-CNC Win.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:24404 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO runtime detection (malware-backdoor.rules)
 * 1:24403 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO runtime detection (malware-backdoor.rules)
 * 1:24402 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO install time detection (malware-backdoor.rules)

Modified Rules:


 * 1:10447 <-> DISABLED <-> MALWARE-CNC 51d 1b variant outbound connection icq notification (malware-cnc.rules)
 * 1:9653 <-> DISABLED <-> MALWARE-CNC apofis 1.0 variant outbound connection php notification (malware-cnc.rules)
 * 1:8080 <-> DISABLED <-> MALWARE-CNC x2a variant outbound connection client update (malware-cnc.rules)
 * 1:7805 <-> DISABLED <-> MALWARE-CNC war trojan ver1.0 variant outbound connection ie hijacker (malware-cnc.rules)
 * 1:7762 <-> DISABLED <-> MALWARE-CNC analftp 0.1 variant outbound connection icq notification (malware-cnc.rules)
 * 1:7742 <-> DISABLED <-> MALWARE-CNC nova 1.0 variant outbound connection cgi notification client-to-server (malware-cnc.rules)
 * 1:7640 <-> DISABLED <-> MALWARE-CNC air variant outbound connection webmail notification (malware-cnc.rules)
 * 1:7639 <-> DISABLED <-> MALWARE-CNC air variant outbound connection php notification (malware-cnc.rules)
 * 1:7637 <-> DISABLED <-> MALWARE-CNC hornet 1.0 variant outbound connection icq notification (malware-cnc.rules)
 * 1:7151 <-> DISABLED <-> MALWARE-CNC Hacker-Tool sars notifier variant outbound connection net send notification (malware-cnc.rules)
 * 1:7150 <-> DISABLED <-> MALWARE-CNC Hacker-Tool sars notifier variant outbound connection irc notification (malware-cnc.rules)
 * 1:7149 <-> DISABLED <-> MALWARE-CNC Hacker-Tool sars notifier variant outbound connection php notification (malware-cnc.rules)
 * 1:7147 <-> DISABLED <-> MALWARE-CNC Hacker-Tool sars notifier variant outbound connection icq notification (malware-cnc.rules)
 * 1:7118 <-> DISABLED <-> MALWARE-CNC y3k 1.2 variant outbound connection user-agent string detected (malware-cnc.rules)
 * 1:7116 <-> ENABLED <-> MALWARE-CNC y3k 1.2 variant outbound connection icq notification (malware-cnc.rules)
 * 1:7103 <-> DISABLED <-> MALWARE-CNC gwboy 0.92 variant outbound connection (malware-cnc.rules)
 * 1:7077 <-> DISABLED <-> MALWARE-CNC minimo v0.6 variant outbound connection icq notification (malware-cnc.rules)
 * 1:7076 <-> DISABLED <-> MALWARE-CNC minimo v0.6 variant outbound connection cgi notification (malware-cnc.rules)
 * 1:7074 <-> DISABLED <-> MALWARE-CNC W32.dumaru.gen variant outbound connection cmd (malware-cnc.rules)
 * 1:7073 <-> DISABLED <-> MALWARE-CNC W32.dumaru.gen variant outbound connection notification (malware-cnc.rules)
 * 1:6474 <-> DISABLED <-> MALWARE-CNC W32.loosky.gen variant outbound connection notification (malware-cnc.rules)
 * 1:6403 <-> DISABLED <-> WEB-PHP horde help module arbitrary command execution attempt (web-php.rules)
 * 1:6395 <-> DISABLED <-> MALWARE-CNC a-311 death variant outbound connection server-to-client (malware-cnc.rules)
 * 1:6331 <-> DISABLED <-> MALWARE-CNC globalkiller1.0 variant outbound connection notification (malware-cnc.rules)
 * 1:6300 <-> DISABLED <-> MALWARE-CNC cia 1.3 variant outbound connection icq notification (malware-cnc.rules)
 * 1:6297 <-> DISABLED <-> MALWARE-CNC insurrection 1.1.0 variant outbound connection icq notification 2 (malware-cnc.rules)
 * 1:6296 <-> DISABLED <-> MALWARE-CNC insurrection 1.1.0 variant outbound connection icq notification 1 (malware-cnc.rules)
 * 1:6115 <-> DISABLED <-> MALWARE-CNC optix 1.32 variant outbound connection icq notification (malware-cnc.rules)
 * 1:6071 <-> DISABLED <-> MALWARE-CNC freak 1.0 variant outbound connection icq notification (malware-cnc.rules)
 * 1:6069 <-> DISABLED <-> MALWARE-CNC optixlite 1.0 variant outbound connection icq notification (malware-cnc.rules)
 * 1:6059 <-> DISABLED <-> MALWARE-CNC neurotickat1.3 variant outbound connection cgi notification (malware-cnc.rules)
 * 1:6058 <-> DISABLED <-> MALWARE-CNC neurotickat1.3 variant outbound connection icq notification (malware-cnc.rules)
 * 1:6043 <-> DISABLED <-> MALWARE-CNC fear 0.2 variant outbound connection cgi notification (malware-cnc.rules)
 * 1:6042 <-> DISABLED <-> MALWARE-CNC fear 0.2 variant outbound connection php notification (malware-cnc.rules)
 * 1:6039 <-> DISABLED <-> MALWARE-CNC fade 1.0 variant outbound connection notification (malware-cnc.rules)
 * 1:6029 <-> DISABLED <-> MALWARE-CNC fkwp 2.0 variant outbound connection icq notification (malware-cnc.rules)
 * 1:6023 <-> DISABLED <-> MALWARE-CNC silent spy 2.10 variant outbound connection icq notification (malware-cnc.rules)
 * 1:6020 <-> DISABLED <-> MALWARE-CNC dsk lite 1.0 variant outbound connection php notification (malware-cnc.rules)
 * 1:6019 <-> DISABLED <-> MALWARE-CNC dsk lite 1.0 variant outbound connection cgi notification (malware-cnc.rules)
 * 1:6018 <-> DISABLED <-> MALWARE-CNC dsk lite 1.0 variant outbound connection icq notification (malware-cnc.rules)
 * 1:24399 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mooochq variant outbound connection (malware-cnc.rules)
 * 1:24398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mooochq variant outbound connection (malware-cnc.rules)
 * 1:24077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upof outbound connection (malware-cnc.rules)
 * 1:24035 <-> DISABLED <-> MALWARE-CNC Downloader.Inject variant outbound connection (malware-cnc.rules)
 * 1:24016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Madon variant outbound connection - variant outbound connection (malware-cnc.rules)
 * 1:24014 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cbot variant outbound connection - inital contact (malware-cnc.rules)
 * 1:24013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cbot variant outbound connection - inital contact (malware-cnc.rules)
 * 1:24012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cbot variant outbound connection - inital contact (malware-cnc.rules)
 * 1:23976 <-> DISABLED <-> MALWARE-CNC Trojan.Genome initial variant outbound connection (malware-cnc.rules)
 * 1:23955 <-> DISABLED <-> MALWARE-CNC Xhuna.A variant outbound connection (malware-cnc.rules)
 * 1:23782 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus.kych variant outbound connection (malware-cnc.rules)
 * 1:23689 <-> DISABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules)
 * 1:23688 <-> DISABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules)
 * 1:23597 <-> DISABLED <-> MALWARE-CNC Trojan.VB.DHD variant outbound connection (malware-cnc.rules)
 * 1:23493 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound communication (malware-cnc.rules)
 * 1:23492 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound communication (malware-cnc.rules)
 * 1:23491 <-> DISABLED <-> MALWARE-CNC Trojan.Kura variant outbound connection (malware-cnc.rules)
 * 1:23449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Servstart.ax variant outbound connection (malware-cnc.rules)
 * 1:23448 <-> DISABLED <-> MALWARE-CNC Win.Worm.Psyokym variant outbound connection (malware-cnc.rules)
 * 1:23399 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Govdi.A variant outbound connection (malware-cnc.rules)
 * 1:23394 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vbvoleur.a variant outbound connection (malware-cnc.rules)
 * 1:23383 <-> DISABLED <-> MALWARE-CNC Trojan.Chaori.A variant outbound connection (malware-cnc.rules)
 * 1:23345 <-> DISABLED <-> MALWARE-CNC RunTime Win.Trojan.tchfro.A outbound connection (malware-cnc.rules)
 * 1:23343 <-> DISABLED <-> MALWARE-CNC Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:23342 <-> ENABLED <-> MALWARE-CNC Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:23339 <-> DISABLED <-> MALWARE-CNC Prier.A variant outbound connection (malware-cnc.rules)
 * 1:23337 <-> DISABLED <-> MALWARE-CNC Bluenet.A variant outbound connection (malware-cnc.rules)
 * 1:23336 <-> DISABLED <-> MALWARE-CNC Linfo.A variant outbound connection (malware-cnc.rules)
 * 1:23332 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dishigy outbound connection (malware-cnc.rules)
 * 1:23254 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Delf.CL variant outbound connection (malware-cnc.rules)
 * 1:21761 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules)
 * 1:21760 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules)
 * 1:21520 <-> DISABLED <-> MALWARE-CNC Trojan.Bayrob variant outbound connection (malware-cnc.rules)
 * 1:21496 <-> DISABLED <-> MALWARE-CNC Trojan.Saeeka variant outbound connection (malware-cnc.rules)
 * 1:21461 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkComet outbound connection - post infection (malware-cnc.rules)
 * 1:21426 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules)
 * 1:21362 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TDSS.aa runtime traffic detected (malware-cnc.rules)
 * 1:21242 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MsUpdater outbound connection (malware-cnc.rules)
 * 1:21241 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MsUpdater initial outbound connection (malware-cnc.rules)
 * 1:21240 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MsUpdater outbound connection (malware-cnc.rules)
 * 1:21218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodager.C outbound connection (malware-cnc.rules)
 * 1:21217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.Am outbound connection (malware-cnc.rules)
 * 1:21216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.Am outbound connection (malware-cnc.rules)
 * 1:21215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.Am outbound connection (malware-cnc.rules)
 * 1:21202 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scapzilla.A outbound connection (malware-cnc.rules)
 * 1:21194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wealwedst.A outbound connection (malware-cnc.rules)
 * 1:21192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syswrt.dvd outbound connection (malware-cnc.rules)
 * 1:20759 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gbot.oce outbound connection (malware-cnc.rules)
 * 1:20694 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SSonce.A variant outbound connection (malware-cnc.rules)
 * 1:20693 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blackcontrol.A variant outbound connection (malware-cnc.rules)
 * 1:20689 <-> DISABLED <-> MALWARE-CNC Trojan-Spy.Win32.Zbot.Jeib variant outbound connection (malware-cnc.rules)
 * 1:20688 <-> DISABLED <-> MALWARE-CNC Trojan-Spy.Win32.Zbot.Jeib variant outbound connection (malware-cnc.rules)
 * 1:20687 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.Win32.Genome.akhg variant outbound connection (malware-cnc.rules)
 * 1:20685 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Heloag.A variant outbound connection (malware-cnc.rules)
 * 1:20684 <-> DISABLED <-> MALWARE-CNC Cleanvaccine variant outbound connection (malware-cnc.rules)
 * 1:20683 <-> DISABLED <-> MALWARE-CNC Cleanvaccine variant outbound connection (malware-cnc.rules)
 * 1:20682 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.Win32.Agent.NMS variant outbound connection (malware-cnc.rules)
 * 1:20681 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.Win32.Agent.NMS variant outbound connection (malware-cnc.rules)
 * 1:20679 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syrutrk variant outbound connection (malware-cnc.rules)
 * 1:20678 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.Win32.Genome.aior variant outbound connection (malware-cnc.rules)
 * 1:20677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.EggDrop.acn variant outbound connection (malware-cnc.rules)
 * 1:20676 <-> DISABLED <-> MALWARE-CNC Win.Trojan.EggDrop.acn variant outbound connection (malware-cnc.rules)
 * 1:20626 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shylock.A variant outbound connection (malware-cnc.rules)
 * 1:20606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Domsingx.A variant outbound connection (malware-cnc.rules)
 * 1:20604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus.isqy variant outbound connection (malware-cnc.rules)
 * 1:20599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler.A variant outbound connection (malware-cnc.rules)
 * 1:20598 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler.A variant outbound connection (malware-cnc.rules)
 * 1:20597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler.A variant outbound connection (malware-cnc.rules)
 * 1:20596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler.A variant outbound connection (malware-cnc.rules)
 * 1:20595 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ixeshe.F variant outbound connection (malware-cnc.rules)
 * 1:20587 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larchik.A variant outbound connection (malware-cnc.rules)
 * 1:20562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PWSBanker.SHE variant outbound connection (malware-cnc.rules)
 * 1:20561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PWSBanker.SHE variant outbound connection (malware-cnc.rules)
 * 1:20525 <-> DISABLED <-> MALWARE-CNC Trojan.Duqu variant outbound connection (malware-cnc.rules)
 * 1:20512 <-> DISABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules)
 * 1:20511 <-> DISABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules)
 * 1:20447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.JAAK outbound connection (malware-cnc.rules)
 * 1:20292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FresctSpy.A outbound connection (malware-cnc.rules)
 * 1:20291 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mybios.A outbound connection (malware-cnc.rules)
 * 1:20233 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Virut outbound connection (malware-cnc.rules)
 * 1:20232 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cycbot outbound connection (malware-cnc.rules)
 * 1:20108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.Pher outbound connection (malware-cnc.rules)
 * 1:20097 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.dcir infected host at destination ip (malware-cnc.rules)
 * 1:20096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.dcir outbound connection (malware-cnc.rules)
 * 1:20087 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.FGU outbound connection (malware-cnc.rules)
 * 1:20086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload.ABY outbound connection (malware-cnc.rules)
 * 1:20083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fucobha.A outbound connection (malware-cnc.rules)
 * 1:20040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KSpyPro.A outbound connection (malware-cnc.rules)
 * 1:19960 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.aulk outbound connection (malware-cnc.rules)
 * 1:19959 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.aulk outbound connection (malware-cnc.rules)
 * 1:19958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.aulk outbound connection (malware-cnc.rules)
 * 1:19949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.asjk outbound connection (malware-cnc.rules)
 * 1:19948 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.asjk outbound connection (malware-cnc.rules)
 * 1:19924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spidern.A outbound connection (malware-cnc.rules)
 * 1:19921 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Puprlehzae.A outbound connection (malware-cnc.rules)
 * 1:19916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos.ACB outbound connection (malware-cnc.rules)
 * 1:19798 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent2.kxu outbound connection (malware-cnc.rules)
 * 1:19771 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Yoddos.A outbound connection (malware-cnc.rules)
 * 1:19770 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Yoddos.A outbound connection (malware-cnc.rules)
 * 1:19769 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Yoddos.A outbound indicator (malware-cnc.rules)
 * 1:19765 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banker.BXF outbound connection (malware-cnc.rules)
 * 1:19761 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ftpharvxqq.A outbound connection (malware-cnc.rules)
 * 1:19760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Arsinfoder.A outbound connection (malware-cnc.rules)
 * 1:19733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik.BRU outbound connection (malware-cnc.rules)
 * 1:19727 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos.DI outbound connection (malware-cnc.rules)
 * 1:19724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.dhy outbound connection (malware-cnc.rules)
 * 1:19722 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Poshtroper.A outbound connection (malware-cnc.rules)
 * 1:19706 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent.cer outbound connection (malware-cnc.rules)
 * 1:19705 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm outbound connection (malware-cnc.rules)
 * 1:19704 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm outbound connection (malware-cnc.rules)
 * 1:19702 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zboter.E outbound connection (malware-cnc.rules)
 * 1:19658 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MCnovogic.A outbound connection (malware-cnc.rules)
 * 1:19593 <-> DISABLED <-> MALWARE-CNC Worm Win.Trojan.Agent.btxm variant outbound connection IRC (malware-cnc.rules)
 * 1:19591 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Powp.pyv outbound connection (malware-cnc.rules)
 * 1:19590 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Savnut.B outbound connection (malware-cnc.rules)
 * 1:19583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bumat.rts outbound connection (malware-cnc.rules)
 * 1:19579 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Potao.A outbound connection (malware-cnc.rules)
 * 1:19404 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ozdok outbound connection (malware-cnc.rules)
 * 1:19396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Beastdoor.b outbound connection (malware-cnc.rules)
 * 1:19394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tidserv outbound connection (malware-cnc.rules)
 * 1:19371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.IC outbound connection (malware-cnc.rules)
 * 1:19370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.D outbound connection (malware-cnc.rules)
 * 1:19369 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.D outbound connection (malware-cnc.rules)
 * 1:19368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.D outbound connection (malware-cnc.rules)
 * 1:19361 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dcbavict.A outbound connection (malware-cnc.rules)
 * 1:19360 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dcbavict.A outbound connection (malware-cnc.rules)
 * 1:19359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dcbavict.A outbound connection (malware-cnc.rules)
 * 1:19353 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banker.bkhu outbound connection (malware-cnc.rules)
 * 1:19332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Clampi outbound connection (malware-cnc.rules)
 * 1:19312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.aah outbound connection (malware-cnc.rules)
 * 1:18564 <-> DISABLED <-> MALWARE-CNC RussKill botnet variant outbound connection (malware-cnc.rules)
 * 1:16669 <-> ENABLED <-> MALWARE-CNC Spyeye bot variant outbound connection (malware-cnc.rules)
 * 1:16495 <-> DISABLED <-> MALWARE-CNC Rustock botnet variant outbound connection (malware-cnc.rules)
 * 1:16493 <-> ENABLED <-> MALWARE-CNC TT-bot botnet variant outbound connection (malware-cnc.rules)
 * 1:16489 <-> ENABLED <-> MALWARE-CNC Bobax botnet variant outbound connection (malware-cnc.rules)
 * 1:16484 <-> ENABLED <-> MALWARE-CNC Koobface variant outbound connection (malware-cnc.rules)
 * 1:16358 <-> DISABLED <-> MALWARE-CNC bugsprey variant outbound connection (malware-cnc.rules)
 * 1:16275 <-> DISABLED <-> MALWARE-CNC Trickler trojan-spy.win32.pophot variant outbound connection download files (malware-cnc.rules)
 * 1:16274 <-> DISABLED <-> MALWARE-CNC Trickler trojan-spy.win32.pophot variant outbound connection connect to server (malware-cnc.rules)
 * 1:16273 <-> DISABLED <-> MALWARE-CNC Trojan-dropper.irc.tkb variant outbound connection dxcpm (malware-cnc.rules)
 * 1:16272 <-> DISABLED <-> MALWARE-CNC Trojan-dropper.irc.tkb variant outbound connection lordhack (malware-cnc.rules)
 * 1:16243 <-> DISABLED <-> MALWARE-CNC downloader-ash.gen.b variant outbound connection 3264.php (malware-cnc.rules)
 * 1:16242 <-> DISABLED <-> MALWARE-CNC downloader-ash.gen.b variant outbound connection adload (malware-cnc.rules)
 * 1:16144 <-> ENABLED <-> MALWARE-CNC Bredolab bot variant outbound connection (malware-cnc.rules)
 * 1:16139 <-> DISABLED <-> MALWARE-CNC Trojan.gen2 variant outbound connection scanner page (malware-cnc.rules)
 * 1:16113 <-> DISABLED <-> MALWARE-CNC Trojan.agent.vhb variant outbound connection request login page (malware-cnc.rules)
 * 1:16112 <-> DISABLED <-> MALWARE-CNC Trojan.agent.vhb variant outbound connection contact remote server (malware-cnc.rules)
 * 1:16110 <-> DISABLED <-> MALWARE-CNC Win.Trojan.zlob.wwv variant outbound connection childhe (malware-cnc.rules)
 * 1:16109 <-> DISABLED <-> MALWARE-CNC Win.Trojan.zlob.wwv variant outbound connection onestoponlineshop (malware-cnc.rules)
 * 1:16107 <-> DISABLED <-> MALWARE-CNC synrat 2.1 pro variant outbound connection (malware-cnc.rules)
 * 1:16106 <-> DISABLED <-> MALWARE-CNC synrat 2.1 pro variant outbound connection (malware-cnc.rules)
 * 1:16105 <-> DISABLED <-> MALWARE-CNC Trojan.zlob variant outbound connection topqualityads (malware-cnc.rules)
 * 1:16104 <-> DISABLED <-> MALWARE-CNC lost door 3.0 variant outbound connection (malware-cnc.rules)
 * 1:16103 <-> DISABLED <-> MALWARE-CNC lost door 3.0 variant outbound connection (malware-cnc.rules)
 * 1:16102 <-> DISABLED <-> MALWARE-CNC Win.Trojan.delf.phh variant outbound connection sft_ver1.1454.0.exe (malware-cnc.rules)
 * 1:16101 <-> DISABLED <-> MALWARE-CNC Win.Trojan.delf.phh variant outbound connection 57329.exe (malware-cnc.rules)
 * 1:16100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.delf.phh variant outbound connection file.exe (malware-cnc.rules)
 * 1:16098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.cekar variant outbound connection (malware-cnc.rules)
 * 1:16096 <-> DISABLED <-> MALWARE-CNC td.exe variant outbound connection download (malware-cnc.rules)
 * 1:16095 <-> DISABLED <-> MALWARE-CNC td.exe variant outbound connection getfile (malware-cnc.rules)
 * 1:16094 <-> DISABLED <-> MALWARE-CNC Win.Trojan.exchan.gen variant outbound connection (malware-cnc.rules)
 * 1:16093 <-> DISABLED <-> MALWARE-CNC bugsprey variant outbound connection (malware-cnc.rules)
 * 1:15730 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules)
 * 1:14085 <-> DISABLED <-> MALWARE-CNC infostealer.banker.c variant outbound connection collect user info (malware-cnc.rules)
 * 1:14084 <-> DISABLED <-> MALWARE-CNC infostealer.banker.c variant outbound connection download cfg.bin (malware-cnc.rules)
 * 1:14083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.agent.aarm variant outbound connection download other malware (malware-cnc.rules)
 * 1:14082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.agent.aarm variant outbound connection spread via spam (malware-cnc.rules)
 * 1:14081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.agent.aarm variant outbound connection call home (malware-cnc.rules)
 * 1:13945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.small.gy variant outbound connection update (malware-cnc.rules)
 * 1:13944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.small.gy variant outbound connection get whitelist (malware-cnc.rules)
 * 1:13942 <-> DISABLED <-> MALWARE-CNC Win.Trojan.agent.nac variant outbound connection call home (malware-cnc.rules)
 * 1:13941 <-> DISABLED <-> MALWARE-CNC Win.Trojan.agent.nac variant outbound connection click fraud (malware-cnc.rules)
 * 1:13936 <-> DISABLED <-> MALWARE-CNC Trickler dropper agent.rqg variant outbound connection call home (malware-cnc.rules)
 * 1:13935 <-> DISABLED <-> MALWARE-CNC Hijacker mediatubecodec 1.470.0 variant outbound connection download other malware (malware-cnc.rules)
 * 1:13934 <-> DISABLED <-> MALWARE-CNC Hijacker mediatubecodec 1.470.0 variant outbound connection hijack ie (malware-cnc.rules)
 * 1:13814 <-> DISABLED <-> MALWARE-CNC passhax variant outbound connection (malware-cnc.rules)
 * 1:13655 <-> DISABLED <-> MALWARE-CNC nuclear rat 2.1 variant outbound connection (malware-cnc.rules)
 * 1:13654 <-> DISABLED <-> MALWARE-CNC nuclear rat 2.1 variant outbound connection (malware-cnc.rules)
 * 1:13507 <-> DISABLED <-> MALWARE-CNC evilotus 1.3.2 variant outbound connection (malware-cnc.rules)
 * 1:13248 <-> DISABLED <-> MALWARE-CNC yuri 1.2 variant outbound connection (malware-cnc.rules)
 * 3:10161 <-> ENABLED <-> NETBIOS SMB write_andx overflow attempt (netbios.rules)
 * 3:13475 <-> ENABLED <-> DOS Microsoft Active Directory LDAP denial of service attempt (dos.rules)
 * 3:13666 <-> ENABLED <-> WEB-CLIENT Microsoft Windows GDI integer overflow attempt (web-client.rules)
 * 3:13667 <-> ENABLED <-> BAD-TRAFFIC dns cache poisoning attempt (bad-traffic.rules)
 * 3:13802 <-> ENABLED <-> WEB-CLIENT Microsoft malware protection engine denial of service attempt (web-client.rules)
 * 3:13803 <-> ENABLED <-> WEB-CLIENT RTF control word overflow attempt (web-client.rules)
 * 3:13835 <-> ENABLED <-> DOS Microsoft Active Directory LDAP cookie denial of service attempt (dos.rules)
 * 3:14252 <-> ENABLED <-> MULTIMEDIA Windows Media Player malicious playlist buffer overflow attempt (multimedia.rules)
 * 3:14253 <-> ENABLED <-> MULTIMEDIA Windows Media Player malicious playlist buffer overflow attempt (multimedia.rules)
 * 3:14254 <-> ENABLED <-> MULTIMEDIA Windows Media Player malicious playlist buffer overflow attempt (multimedia.rules)
 * 3:15125 <-> ENABLED <-> WEB-CLIENT Microsoft Word rich text file unpaired dpendgroup exploit attempt (web-client.rules)
 * 3:15449 <-> ENABLED <-> BAD-TRAFFIC Conficker A/B DNS traffic detected (bad-traffic.rules)
 * 3:15450 <-> ENABLED <-> BAD-TRAFFIC Conficker C/D DNS traffic detected (bad-traffic.rules)
 * 3:16408 <-> ENABLED <-> DOS Microsoft Windows TCP SACK invalid range denial of service attempt (dos.rules)
 * 3:16662 <-> ENABLED <-> WEB-CLIENT Microsoft Excel SxView heap overflow attempt (web-client.rules)
 * 3:17762 <-> ENABLED <-> WEB-CLIENT Microsoft Excel corrupted TABLE record clean up exploit attempt (web-client.rules)