Talos has added and modified multiple rules in the browser-ie, exploit-kit, file-office, file-other, file-pdf, malware-cnc, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:39751 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTreeNode use after free attempt (browser-ie.rules) * 1:39772 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules) * 1:39769 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Alfa download attempt (malware-other.rules) * 1:39748 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTreeNode use after free attempt (browser-ie.rules) * 1:39774 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qarallax initial outbound connection (malware-cnc.rules) * 1:39753 <-> ENABLED <-> FILE-PDF Adobe Reader malformed ICC profile memory corruption attempt (file-pdf.rules) * 1:39763 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:39754 <-> DISABLED <-> EXPLOIT-KIT Sundown exploit kit landing page detected (exploit-kit.rules) * 1:39770 <-> DISABLED <-> SERVER-WEBAPP GoAhead Embedded Web Server directory traversal attempt (server-webapp.rules) * 1:39766 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Ogimant outbound connection detected (malware-other.rules) * 1:39773 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules) * 1:39744 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules) * 1:39765 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails ActionPack inline content rendering code injection attempt (server-webapp.rules) * 1:39749 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTreeNode use after free attempt (browser-ie.rules) * 1:39767 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Alfa outbound connection (malware-cnc.rules) * 1:39755 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Retefe variant malicious certificate installation page (malware-other.rules) * 1:39746 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Apocalypse download attempt (malware-other.rules) * 1:39752 <-> ENABLED <-> FILE-PDF Adobe Reader malformed ICC profile memory corruption attempt (file-pdf.rules) * 1:39750 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTreeNode use after free attempt (browser-ie.rules) * 1:39768 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Alfa download attempt (malware-other.rules) * 1:39771 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules) * 1:39764 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:39756 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Retefe variant malicious certificate installation page (malware-other.rules) * 1:39745 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.FakeRean outbound connection detection (malware-other.rules) * 1:39747 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Apocalypse download attempt (malware-other.rules) * 3:39757 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0148 attack attempt (file-office.rules) * 3:39761 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0151 attack attempt (file-office.rules) * 3:39759 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0148 attack attempt (file-office.rules) * 3:39762 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0151 attack attempt (file-office.rules) * 3:39758 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0148 attack attempt (file-office.rules) * 3:39760 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0148 attack attempt (file-office.rules)
* 1:38258 <-> ENABLED <-> MALWARE-CNC Win/Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:39086 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules) * 1:23492 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules) * 1:22048 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeus P2P outbound connection (malware-cnc.rules) * 1:39578 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant inbound connection (malware-cnc.rules) * 1:39730 <-> ENABLED <-> MALWARE-CNC Win.Adware.Xiazai outbound connection (malware-cnc.rules) * 1:35750 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IsSpace initial outbound connection (malware-cnc.rules) * 1:35733 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Potao outbound connection (malware-cnc.rules) * 1:34624 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Crypaura variant outbound connection (malware-cnc.rules) * 1:34608 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Punkey variant outbound connection (malware-cnc.rules) * 1:34489 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nalodew variant outbound connection (malware-cnc.rules) * 1:34461 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Mumblehard variant outbound connection (malware-cnc.rules) * 1:34362 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mantal variant outbound connection (malware-cnc.rules) * 1:34329 <-> DISABLED <-> MALWARE-CNC Cryptolocker variant inbound connection (malware-cnc.rules) * 1:34001 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules) * 1:34003 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules) * 1:34004 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34005 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34006 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34007 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34009 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34008 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34011 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34010 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34012 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34013 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ayuther variant outbound connection (malware-cnc.rules) * 1:34026 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules) * 1:34025 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules) * 1:34029 <-> ENABLED <-> MALWARE-CNC Win.Worm.Tuscas variant outbound connection (malware-cnc.rules) * 1:34030 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34031 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34032 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34034 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34033 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34035 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34036 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34038 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34037 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34045 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Eitenckay initial outbound connection (malware-cnc.rules) * 1:34049 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.EvilBunny variant outbound connection (malware-cnc.rules) * 1:34050 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Nepigon variant outbound connection (malware-cnc.rules) * 1:34115 <-> ENABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules) * 1:34117 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Zupdax variant outbound connection (malware-cnc.rules) * 1:34116 <-> ENABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules) * 1:34128 <-> ENABLED <-> MALWARE-CNC Win.Trojan.WIntruder outbound connection (malware-cnc.rules) * 1:34132 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Erotimpact variant outbound connection (malware-cnc.rules) * 1:34155 <-> ENABLED <-> MALWARE-CNC MacOS.Backdoor.Xslcmd outbound connection (malware-cnc.rules) * 1:34140 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbound connection (malware-cnc.rules) * 1:34219 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nanocore variant outbound connection (malware-cnc.rules) * 1:34246 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AAEH variant outbound connection (malware-cnc.rules) * 1:34261 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:34322 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Farfli outbound connection (malware-cnc.rules) * 1:34262 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:34263 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:34286 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mudrop variant outbound connection (malware-cnc.rules) * 1:34296 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules) * 1:34297 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules) * 1:34319 <-> ENABLED <-> MALWARE-CNC Win.Worm.Klogwjds variant outbound connection (malware-cnc.rules) * 1:35031 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Konus outbound connection (malware-cnc.rules) * 1:34366 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Beebone outbound connection (malware-cnc.rules) * 1:34347 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cheprobnk variant outbound connection (malware-cnc.rules) * 1:34346 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Backspace outbound connection (malware-cnc.rules) * 1:33997 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules) * 1:34459 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pvzin variant outbound connection (malware-cnc.rules) * 1:39581 <-> ENABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus initial outbound connection (malware-cnc.rules) * 1:34460 <-> ENABLED <-> MALWARE-CNC Win.Worm.Mozibe variant outbound connection (malware-cnc.rules) * 1:35127 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer local file information disclosure attempt (browser-ie.rules) * 1:34462 <-> ENABLED <-> MALWARE-CNC Linux.Downloader.Mumblehard variant outbound connection (malware-cnc.rules) * 1:34469 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules) * 1:34470 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules) * 1:34476 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kriptovor variant outbound connection (malware-cnc.rules) * 1:34567 <-> ENABLED <-> MALWARE-CNC MacOS.Trojan.MacVX outbound connection (malware-cnc.rules) * 1:34491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MalPutty variant outbound connection (malware-cnc.rules) * 1:34572 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zinnemls variant outbound connection (malware-cnc.rules) * 1:34609 <-> ENABLED <-> MALWARE-CNC Trojan.NitLove variant outbound connection (malware-cnc.rules) * 1:34869 <-> ENABLED <-> MALWARE-CNC Win.Trojan.XTalker outbound connection (malware-cnc.rules) * 1:33996 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules) * 1:34872 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Compfolder variant outbound connection (malware-cnc.rules) * 1:35050 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Elise variant outbound connection (malware-cnc.rules) * 1:34965 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker outbound connection (malware-cnc.rules) * 1:35128 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer local file information disclosure attempt (browser-ie.rules) * 1:35254 <-> ENABLED <-> MALWARE-CNC Win.trojan.Seaduke outbound connection (malware-cnc.rules) * 1:35312 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif outbound connection (malware-cnc.rules) * 1:34327 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bedepshel variant outbound connection (malware-cnc.rules) * 1:34818 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emdivi outbound connection (malware-cnc.rules) * 1:39576 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39573 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:38644 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:36471 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Kemoge outbound connection (malware-cnc.rules) * 1:35967 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox CreateFileW arbitrary file delete attempt (browser-ie.rules) * 1:35968 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox CreateFileW arbitrary file delete attempt (browser-ie.rules) * 1:38068 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:38018 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex outbound connection (malware-cnc.rules) * 1:38514 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules) * 1:38070 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:39052 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Adialer variant outbound connection (malware-cnc.rules) * 1:39084 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules) * 1:37227 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:35794 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:37323 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Direvex variant outbound connection (malware-cnc.rules) * 1:38886 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bayrob variant outbound connection (malware-cnc.rules) * 1:38069 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:38607 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qakbot variant outbound connection (malware-cnc.rules) * 1:38643 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:35387 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Andromeda initial outbound connection (malware-cnc.rules) * 1:38588 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules) * 1:38586 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules) * 1:38257 <-> ENABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38646 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:36522 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banker.NWT variant outbound connection (malware-cnc.rules) * 1:37226 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:36765 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Stupeval variant outbound connection (malware-cnc.rules) * 1:38255 <-> ENABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:37637 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:36639 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tavex outbound connection (malware-cnc.rules) * 1:38256 <-> ENABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:36732 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sefnit variant outbound connection (malware-cnc.rules) * 1:36294 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Nisinul variant outbound connection (malware-cnc.rules) * 1:36807 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nodslit variant outbound connection (malware-cnc.rules) * 1:39064 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sinrin initial JS dropper outbound connection (malware-cnc.rules) * 1:37228 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:37457 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sovfo variant outbound connection (malware-cnc.rules) * 1:36054 <-> ENABLED <-> MALWARE-CNC Ios.Backdoor.SYNful inbound connection (malware-cnc.rules) * 1:37036 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ModPOS outbound connection (malware-cnc.rules) * 1:37047 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vonterra outbound connection (malware-cnc.rules) * 1:39085 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules) * 1:38116 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Keranger outbound connection (malware-cnc.rules) * 1:37317 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Radamant inbound connection (malware-cnc.rules) * 1:38515 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules) * 1:38645 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:37636 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:37052 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:37297 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules) * 1:38585 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules) * 1:37213 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:35386 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bedep initial outbound connection (malware-cnc.rules) * 1:38647 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:37296 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules) * 1:37214 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:38516 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules) * 1:35749 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IsSpace outbound connection (malware-cnc.rules) * 1:37215 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:38557 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (malware-cnc.rules) * 1:37212 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:37225 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:38067 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:39705 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeus variant inbound connection (malware-cnc.rules) * 1:39465 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Unlock92 outbound connection (malware-cnc.rules) * 1:39574 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39575 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39117 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:39580 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39577 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39579 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39735 <-> DISABLED <-> FILE-OTHER VideoCharge buffer overflow SEH attempt (file-other.rules) * 1:39736 <-> DISABLED <-> FILE-OTHER VideoCharge buffer overflow SEH attempt (file-other.rules) * 1:39738 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trans variant outbound connection (malware-cnc.rules) * 1:36106 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant outbound connection (malware-cnc.rules) * 1:23493 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules) * 1:23606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy.A outbound connection (malware-cnc.rules) * 1:23607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy.A outbound connection (malware-cnc.rules) * 1:23780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Begfanit.A outbound connection (malware-cnc.rules) * 1:24224 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules) * 1:24341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules) * 1:24349 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules) * 1:24350 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules) * 1:24381 <-> ENABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules) * 1:24382 <-> ENABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules) * 1:24383 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dipwit outbound connection (malware-cnc.rules) * 1:24384 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules) * 1:24385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules) * 1:25627 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Reventon variant outbound connection (malware-cnc.rules) * 1:25807 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Urausy Botnet variant outbound connection (malware-cnc.rules) * 1:26911 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules) * 1:26912 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules) * 1:27022 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules) * 1:27023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules) * 1:27150 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:27152 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:27201 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Neurevt variant outbound connection (malware-cnc.rules) * 1:27545 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Janicab outbound connection (malware-cnc.rules) * 1:27546 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Janicab outbound connection (malware-cnc.rules) * 1:27547 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Janicab outbound connection (malware-cnc.rules) * 1:27867 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dropper outbound connection (malware-cnc.rules) * 1:28072 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Omexo outbound connection (malware-cnc.rules) * 1:28096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spynet variant connection (malware-cnc.rules) * 1:28141 <-> ENABLED <-> MALWARE-CNC Win.Trojan.banker outbound connection (malware-cnc.rules) * 1:28143 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Medfos outbound connection (malware-cnc.rules) * 1:28209 <-> ENABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules) * 1:28210 <-> ENABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules) * 1:28211 <-> ENABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules) * 1:28234 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hdslogger outbound connection (malware-cnc.rules) * 1:28239 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tuxido outbound connection (malware-cnc.rules) * 1:28807 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules) * 1:28809 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dofoil inbound connection (malware-cnc.rules) * 1:29031 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banload variant inbound connection (malware-cnc.rules) * 1:29149 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Janicab outbound connection (malware-cnc.rules) * 1:29155 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vwealer outbound connection (malware-cnc.rules) * 1:29289 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kmnokay outbound connection (malware-cnc.rules) * 1:29302 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Diswenshow outbound connection (malware-cnc.rules) * 1:29307 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Fraxytime outbound connection (malware-cnc.rules) * 1:29325 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Horsamaz outbound connection (malware-cnc.rules) * 1:29331 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using modem (malware-cnc.rules) * 1:29332 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using lan (malware-cnc.rules) * 1:29333 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using proxy server (malware-cnc.rules) * 1:29334 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using other (malware-cnc.rules) * 1:29340 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Plusau outbound connection (malware-cnc.rules) * 1:29353 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeagle outbound connection (malware-cnc.rules) * 1:29440 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Chewbacca outbound connection (malware-cnc.rules) * 1:29615 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Keylogger outbound connection (malware-cnc.rules) * 1:29616 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Keylogger inbound connection (malware-cnc.rules) * 1:29644 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sdconsent outbound connection (malware-cnc.rules) * 1:29670 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Caphaw outbound connection (malware-cnc.rules) * 1:29924 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Farfli outbound connection (malware-cnc.rules) * 1:29980 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Fucom outbound connection (malware-cnc.rules) * 1:30063 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zbot outbound connection (malware-cnc.rules) * 1:30064 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zbot outbound connection (malware-cnc.rules) * 1:30334 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ProjectHook initial outbound connection (malware-cnc.rules) * 1:30482 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zbot/Bublik inbound connection (malware-cnc.rules) * 1:30551 <-> ENABLED <-> MALWARE-CNC Malicious BitCoiner Miner download - Win.Trojan.Minerd (malware-cnc.rules) * 1:30552 <-> ENABLED <-> MALWARE-CNC Malicious BitCoiner Miner download - Win.Trojan.Systema (malware-cnc.rules) * 1:30752 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tesyong outbound connection (malware-cnc.rules) * 1:30804 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules) * 1:30805 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules) * 1:30806 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules) * 1:30807 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules) * 1:30808 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules) * 1:30809 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules) * 1:30810 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules) * 1:30811 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules) * 1:30812 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules) * 1:30882 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules) * 1:30883 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules) * 1:30923 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sefnit outbound connection (malware-cnc.rules) * 1:30924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor inbound connection (malware-cnc.rules) * 1:30926 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor outbound secure-connection (malware-cnc.rules) * 1:30978 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules) * 1:30984 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vonriamt outbound connection (malware-cnc.rules) * 1:31014 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptowall variant outbound connection (malware-cnc.rules) * 1:31081 <-> ENABLED <-> MALWARE-CNC Win.Trojan.WinSpy variant outbound connection (malware-cnc.rules) * 1:31123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gigade variant inbound connection (malware-cnc.rules) * 1:31124 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pyrtomsop outbound connection (malware-cnc.rules) * 1:31136 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess inbound connection (malware-cnc.rules) * 1:31168 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Guise outbound connection (malware-cnc.rules) * 1:31224 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptor outbound connection (malware-cnc.rules) * 1:31236 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hidead outbound connection (malware-cnc.rules) * 1:31290 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vextstl outbound connection (malware-cnc.rules) * 1:31293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbound connection (malware-cnc.rules) * 1:31319 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zediv outbound connection (malware-cnc.rules) * 1:31459 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jaktinier outbound connection (malware-cnc.rules) * 1:31548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant inbound connection (malware-cnc.rules) * 1:31693 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Korplug Poisoned Hurricane Malware outbound connection (malware-cnc.rules) * 1:31706 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Korgapam outbound connection (malware-cnc.rules) * 1:31718 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Critroni outbound connection (malware-cnc.rules) * 1:31744 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Eratoma outbound connection (malware-cnc.rules) * 1:31748 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qulkonwi outbound connection (malware-cnc.rules) * 1:31753 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Elpapok outbound connection (malware-cnc.rules) * 1:31768 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ecsudown outbound connection (malware-cnc.rules) * 1:31813 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Expiro outbound connection (malware-cnc.rules) * 1:31832 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pfinet outbound connection (malware-cnc.rules) * 1:31833 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Chkbot outbound connection (malware-cnc.rules) * 1:31883 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Waterspout outbound connection (malware-cnc.rules) * 1:31925 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Jynxkit outbound connection (malware-cnc.rules) * 1:31944 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tavdig outbound connection (malware-cnc.rules) * 1:32065 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Asprox inbound connection (malware-cnc.rules) * 1:32126 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Lizarbot outbound connection (malware-cnc.rules) * 1:32163 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer GetUpdatedLayout partial table declaration use-after-free attempt (browser-ie.rules) * 1:32164 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer GetUpdatedLayout partial table declaration use-after-free attempt (browser-ie.rules) * 1:32188 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackEnergy3 outbound connection (malware-cnc.rules) * 1:32189 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackEnergy2 outbound connection (malware-cnc.rules) * 1:32198 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mujormel outbound connection (malware-cnc.rules) * 1:32311 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rehtesyk outbound connection (malware-cnc.rules) * 1:32792 <-> ENABLED <-> MALWARE-CNC Win.Virus.Ransomlock inbound connection (malware-cnc.rules) * 1:32908 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules) * 1:32909 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules) * 1:32910 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules) * 1:33145 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33165 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Poweliks outbound connection (malware-cnc.rules) * 1:33646 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:33647 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:33648 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:33650 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tinba outbound connection (malware-cnc.rules) * 1:33678 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FannyWorm outbound connection (malware-cnc.rules) * 1:33704 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33745 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33746 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33747 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33748 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33749 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33750 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33751 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33752 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33753 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33754 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33755 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33756 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.CTB-Locker outbound connection (malware-cnc.rules) * 1:33757 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.CTB-Locker outbound connection (malware-cnc.rules) * 1:33859 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33860 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33861 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33862 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33863 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33864 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33865 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33866 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33867 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33868 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33880 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Casper outbound connection (malware-cnc.rules) * 1:33893 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:33931 <-> ENABLED <-> MALWARE-CNC Win.Worm.Goldrv variant outbound connection (malware-cnc.rules) * 1:33933 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Penget variant outbound connection (malware-cnc.rules) * 1:33966 <-> ENABLED <-> MALWARE-CNC Win.Worm.Mafusc variant outbound connection (malware-cnc.rules) * 1:34002 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2982.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:39747 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Apocalypse download attempt (malware-other.rules) * 1:39756 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Retefe variant malicious certificate installation page (malware-other.rules) * 1:39745 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.FakeRean outbound connection detection (malware-other.rules) * 1:39764 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:39771 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules) * 1:39768 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Alfa download attempt (malware-other.rules) * 1:39750 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTreeNode use after free attempt (browser-ie.rules) * 1:39752 <-> ENABLED <-> FILE-PDF Adobe Reader malformed ICC profile memory corruption attempt (file-pdf.rules) * 1:39746 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Apocalypse download attempt (malware-other.rules) * 1:39755 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Retefe variant malicious certificate installation page (malware-other.rules) * 1:39767 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Alfa outbound connection (malware-cnc.rules) * 1:39749 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTreeNode use after free attempt (browser-ie.rules) * 1:39765 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails ActionPack inline content rendering code injection attempt (server-webapp.rules) * 1:39744 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules) * 1:39773 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules) * 1:39766 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Ogimant outbound connection detected (malware-other.rules) * 1:39770 <-> DISABLED <-> SERVER-WEBAPP GoAhead Embedded Web Server directory traversal attempt (server-webapp.rules) * 1:39754 <-> DISABLED <-> EXPLOIT-KIT Sundown exploit kit landing page detected (exploit-kit.rules) * 1:39763 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:39753 <-> ENABLED <-> FILE-PDF Adobe Reader malformed ICC profile memory corruption attempt (file-pdf.rules) * 1:39774 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qarallax initial outbound connection (malware-cnc.rules) * 1:39748 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTreeNode use after free attempt (browser-ie.rules) * 1:39769 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Alfa download attempt (malware-other.rules) * 1:39772 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules) * 1:39751 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTreeNode use after free attempt (browser-ie.rules) * 3:39759 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0148 attack attempt (file-office.rules) * 3:39758 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0148 attack attempt (file-office.rules) * 3:39761 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0151 attack attempt (file-office.rules) * 3:39757 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0148 attack attempt (file-office.rules) * 3:39760 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0148 attack attempt (file-office.rules) * 3:39762 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0151 attack attempt (file-office.rules)
* 1:37226 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:37227 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:35968 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox CreateFileW arbitrary file delete attempt (browser-ie.rules) * 1:22048 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeus P2P outbound connection (malware-cnc.rules) * 1:23492 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules) * 1:23493 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules) * 1:23606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy.A outbound connection (malware-cnc.rules) * 1:23607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy.A outbound connection (malware-cnc.rules) * 1:23780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Begfanit.A outbound connection (malware-cnc.rules) * 1:24224 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules) * 1:24341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules) * 1:24349 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules) * 1:24350 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules) * 1:24381 <-> ENABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules) * 1:24382 <-> ENABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules) * 1:24383 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dipwit outbound connection (malware-cnc.rules) * 1:24384 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules) * 1:24385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules) * 1:25627 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Reventon variant outbound connection (malware-cnc.rules) * 1:25807 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Urausy Botnet variant outbound connection (malware-cnc.rules) * 1:26911 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules) * 1:26912 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules) * 1:27022 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules) * 1:27023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules) * 1:27150 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:27152 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:27201 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Neurevt variant outbound connection (malware-cnc.rules) * 1:27545 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Janicab outbound connection (malware-cnc.rules) * 1:27546 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Janicab outbound connection (malware-cnc.rules) * 1:27547 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Janicab outbound connection (malware-cnc.rules) * 1:27867 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dropper outbound connection (malware-cnc.rules) * 1:28072 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Omexo outbound connection (malware-cnc.rules) * 1:28096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spynet variant connection (malware-cnc.rules) * 1:28141 <-> ENABLED <-> MALWARE-CNC Win.Trojan.banker outbound connection (malware-cnc.rules) * 1:28143 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Medfos outbound connection (malware-cnc.rules) * 1:28209 <-> ENABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules) * 1:28210 <-> ENABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules) * 1:28211 <-> ENABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules) * 1:28234 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hdslogger outbound connection (malware-cnc.rules) * 1:28239 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tuxido outbound connection (malware-cnc.rules) * 1:28807 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules) * 1:28809 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dofoil inbound connection (malware-cnc.rules) * 1:29031 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banload variant inbound connection (malware-cnc.rules) * 1:29149 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Janicab outbound connection (malware-cnc.rules) * 1:29155 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vwealer outbound connection (malware-cnc.rules) * 1:29289 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kmnokay outbound connection (malware-cnc.rules) * 1:29302 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Diswenshow outbound connection (malware-cnc.rules) * 1:29307 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Fraxytime outbound connection (malware-cnc.rules) * 1:29325 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Horsamaz outbound connection (malware-cnc.rules) * 1:29331 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using modem (malware-cnc.rules) * 1:29332 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using lan (malware-cnc.rules) * 1:29333 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using proxy server (malware-cnc.rules) * 1:29334 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using other (malware-cnc.rules) * 1:29340 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Plusau outbound connection (malware-cnc.rules) * 1:29353 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeagle outbound connection (malware-cnc.rules) * 1:29440 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Chewbacca outbound connection (malware-cnc.rules) * 1:29615 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Keylogger outbound connection (malware-cnc.rules) * 1:29616 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Keylogger inbound connection (malware-cnc.rules) * 1:29644 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sdconsent outbound connection (malware-cnc.rules) * 1:29670 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Caphaw outbound connection (malware-cnc.rules) * 1:29924 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Farfli outbound connection (malware-cnc.rules) * 1:29980 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Fucom outbound connection (malware-cnc.rules) * 1:30063 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zbot outbound connection (malware-cnc.rules) * 1:30064 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zbot outbound connection (malware-cnc.rules) * 1:30334 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ProjectHook initial outbound connection (malware-cnc.rules) * 1:30482 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zbot/Bublik inbound connection (malware-cnc.rules) * 1:30551 <-> ENABLED <-> MALWARE-CNC Malicious BitCoiner Miner download - Win.Trojan.Minerd (malware-cnc.rules) * 1:30552 <-> ENABLED <-> MALWARE-CNC Malicious BitCoiner Miner download - Win.Trojan.Systema (malware-cnc.rules) * 1:30752 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tesyong outbound connection (malware-cnc.rules) * 1:30804 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules) * 1:30805 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules) * 1:30806 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules) * 1:30807 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules) * 1:30808 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules) * 1:30809 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules) * 1:30810 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules) * 1:30811 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules) * 1:30812 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules) * 1:30882 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules) * 1:30883 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules) * 1:30923 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sefnit outbound connection (malware-cnc.rules) * 1:30924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor inbound connection (malware-cnc.rules) * 1:30926 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor outbound secure-connection (malware-cnc.rules) * 1:30978 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules) * 1:30984 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vonriamt outbound connection (malware-cnc.rules) * 1:31014 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptowall variant outbound connection (malware-cnc.rules) * 1:31081 <-> ENABLED <-> MALWARE-CNC Win.Trojan.WinSpy variant outbound connection (malware-cnc.rules) * 1:31123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gigade variant inbound connection (malware-cnc.rules) * 1:31124 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pyrtomsop outbound connection (malware-cnc.rules) * 1:31136 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess inbound connection (malware-cnc.rules) * 1:31168 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Guise outbound connection (malware-cnc.rules) * 1:31224 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptor outbound connection (malware-cnc.rules) * 1:31236 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hidead outbound connection (malware-cnc.rules) * 1:31290 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vextstl outbound connection (malware-cnc.rules) * 1:31293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbound connection (malware-cnc.rules) * 1:31319 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zediv outbound connection (malware-cnc.rules) * 1:31459 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jaktinier outbound connection (malware-cnc.rules) * 1:31548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant inbound connection (malware-cnc.rules) * 1:31693 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Korplug Poisoned Hurricane Malware outbound connection (malware-cnc.rules) * 1:31706 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Korgapam outbound connection (malware-cnc.rules) * 1:31718 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Critroni outbound connection (malware-cnc.rules) * 1:31744 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Eratoma outbound connection (malware-cnc.rules) * 1:31748 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qulkonwi outbound connection (malware-cnc.rules) * 1:31753 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Elpapok outbound connection (malware-cnc.rules) * 1:31768 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ecsudown outbound connection (malware-cnc.rules) * 1:31813 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Expiro outbound connection (malware-cnc.rules) * 1:31832 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pfinet outbound connection (malware-cnc.rules) * 1:31833 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Chkbot outbound connection (malware-cnc.rules) * 1:31883 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Waterspout outbound connection (malware-cnc.rules) * 1:31925 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Jynxkit outbound connection (malware-cnc.rules) * 1:31944 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tavdig outbound connection (malware-cnc.rules) * 1:32065 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Asprox inbound connection (malware-cnc.rules) * 1:32126 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Lizarbot outbound connection (malware-cnc.rules) * 1:32163 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer GetUpdatedLayout partial table declaration use-after-free attempt (browser-ie.rules) * 1:32164 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer GetUpdatedLayout partial table declaration use-after-free attempt (browser-ie.rules) * 1:32188 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackEnergy3 outbound connection (malware-cnc.rules) * 1:32189 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackEnergy2 outbound connection (malware-cnc.rules) * 1:32198 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mujormel outbound connection (malware-cnc.rules) * 1:32311 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rehtesyk outbound connection (malware-cnc.rules) * 1:32792 <-> ENABLED <-> MALWARE-CNC Win.Virus.Ransomlock inbound connection (malware-cnc.rules) * 1:32908 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules) * 1:32909 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules) * 1:32910 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules) * 1:33145 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33165 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Poweliks outbound connection (malware-cnc.rules) * 1:33646 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:33647 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:33648 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:33650 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tinba outbound connection (malware-cnc.rules) * 1:33678 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FannyWorm outbound connection (malware-cnc.rules) * 1:33704 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33745 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33746 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33747 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33748 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33749 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33750 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33751 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33752 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33753 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33754 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33755 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33756 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.CTB-Locker outbound connection (malware-cnc.rules) * 1:33757 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.CTB-Locker outbound connection (malware-cnc.rules) * 1:33859 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33860 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33861 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33862 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33863 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33864 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33865 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33866 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33867 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33868 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33880 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Casper outbound connection (malware-cnc.rules) * 1:33893 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:33931 <-> ENABLED <-> MALWARE-CNC Win.Worm.Goldrv variant outbound connection (malware-cnc.rules) * 1:33933 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Penget variant outbound connection (malware-cnc.rules) * 1:33966 <-> ENABLED <-> MALWARE-CNC Win.Worm.Mafusc variant outbound connection (malware-cnc.rules) * 1:33996 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules) * 1:33997 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules) * 1:34001 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules) * 1:34002 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules) * 1:34003 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules) * 1:34004 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34005 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34006 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34007 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34008 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34009 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34010 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34011 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34012 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34013 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ayuther variant outbound connection (malware-cnc.rules) * 1:34025 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules) * 1:34026 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules) * 1:34029 <-> ENABLED <-> MALWARE-CNC Win.Worm.Tuscas variant outbound connection (malware-cnc.rules) * 1:34030 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34031 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34032 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34033 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34034 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34035 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34036 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34037 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34038 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34045 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Eitenckay initial outbound connection (malware-cnc.rules) * 1:34049 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.EvilBunny variant outbound connection (malware-cnc.rules) * 1:34050 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Nepigon variant outbound connection (malware-cnc.rules) * 1:34115 <-> ENABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules) * 1:34116 <-> ENABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules) * 1:34117 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Zupdax variant outbound connection (malware-cnc.rules) * 1:34128 <-> ENABLED <-> MALWARE-CNC Win.Trojan.WIntruder outbound connection (malware-cnc.rules) * 1:34132 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Erotimpact variant outbound connection (malware-cnc.rules) * 1:34140 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbound connection (malware-cnc.rules) * 1:34155 <-> ENABLED <-> MALWARE-CNC MacOS.Backdoor.Xslcmd outbound connection (malware-cnc.rules) * 1:34219 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nanocore variant outbound connection (malware-cnc.rules) * 1:34246 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AAEH variant outbound connection (malware-cnc.rules) * 1:34261 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:34262 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:34263 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:34286 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mudrop variant outbound connection (malware-cnc.rules) * 1:34296 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules) * 1:34297 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules) * 1:34319 <-> ENABLED <-> MALWARE-CNC Win.Worm.Klogwjds variant outbound connection (malware-cnc.rules) * 1:34322 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Farfli outbound connection (malware-cnc.rules) * 1:34327 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bedepshel variant outbound connection (malware-cnc.rules) * 1:34329 <-> DISABLED <-> MALWARE-CNC Cryptolocker variant inbound connection (malware-cnc.rules) * 1:34346 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Backspace outbound connection (malware-cnc.rules) * 1:34347 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cheprobnk variant outbound connection (malware-cnc.rules) * 1:34362 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mantal variant outbound connection (malware-cnc.rules) * 1:34366 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Beebone outbound connection (malware-cnc.rules) * 1:34459 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pvzin variant outbound connection (malware-cnc.rules) * 1:34460 <-> ENABLED <-> MALWARE-CNC Win.Worm.Mozibe variant outbound connection (malware-cnc.rules) * 1:34461 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Mumblehard variant outbound connection (malware-cnc.rules) * 1:34462 <-> ENABLED <-> MALWARE-CNC Linux.Downloader.Mumblehard variant outbound connection (malware-cnc.rules) * 1:34469 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules) * 1:34470 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules) * 1:34476 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kriptovor variant outbound connection (malware-cnc.rules) * 1:34489 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nalodew variant outbound connection (malware-cnc.rules) * 1:34491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MalPutty variant outbound connection (malware-cnc.rules) * 1:34567 <-> ENABLED <-> MALWARE-CNC MacOS.Trojan.MacVX outbound connection (malware-cnc.rules) * 1:34572 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zinnemls variant outbound connection (malware-cnc.rules) * 1:34608 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Punkey variant outbound connection (malware-cnc.rules) * 1:34609 <-> ENABLED <-> MALWARE-CNC Trojan.NitLove variant outbound connection (malware-cnc.rules) * 1:34624 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Crypaura variant outbound connection (malware-cnc.rules) * 1:34818 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emdivi outbound connection (malware-cnc.rules) * 1:34869 <-> ENABLED <-> MALWARE-CNC Win.Trojan.XTalker outbound connection (malware-cnc.rules) * 1:34872 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Compfolder variant outbound connection (malware-cnc.rules) * 1:34965 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker outbound connection (malware-cnc.rules) * 1:35031 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Konus outbound connection (malware-cnc.rules) * 1:35050 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Elise variant outbound connection (malware-cnc.rules) * 1:35127 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer local file information disclosure attempt (browser-ie.rules) * 1:35128 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer local file information disclosure attempt (browser-ie.rules) * 1:35254 <-> ENABLED <-> MALWARE-CNC Win.trojan.Seaduke outbound connection (malware-cnc.rules) * 1:35794 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:35750 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IsSpace initial outbound connection (malware-cnc.rules) * 1:35967 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox CreateFileW arbitrary file delete attempt (browser-ie.rules) * 1:35312 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif outbound connection (malware-cnc.rules) * 1:39738 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trans variant outbound connection (malware-cnc.rules) * 1:39736 <-> DISABLED <-> FILE-OTHER VideoCharge buffer overflow SEH attempt (file-other.rules) * 1:39735 <-> DISABLED <-> FILE-OTHER VideoCharge buffer overflow SEH attempt (file-other.rules) * 1:39730 <-> ENABLED <-> MALWARE-CNC Win.Adware.Xiazai outbound connection (malware-cnc.rules) * 1:39705 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeus variant inbound connection (malware-cnc.rules) * 1:39581 <-> ENABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus initial outbound connection (malware-cnc.rules) * 1:39580 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39578 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant inbound connection (malware-cnc.rules) * 1:39579 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39577 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39576 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39575 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39574 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39573 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39465 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Unlock92 outbound connection (malware-cnc.rules) * 1:39117 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:39086 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules) * 1:39084 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules) * 1:39085 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules) * 1:39064 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sinrin initial JS dropper outbound connection (malware-cnc.rules) * 1:39052 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Adialer variant outbound connection (malware-cnc.rules) * 1:38886 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bayrob variant outbound connection (malware-cnc.rules) * 1:38647 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:38646 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:38645 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:38644 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:38643 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:38588 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules) * 1:38607 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qakbot variant outbound connection (malware-cnc.rules) * 1:38586 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules) * 1:38585 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules) * 1:38557 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (malware-cnc.rules) * 1:38516 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules) * 1:38515 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules) * 1:38514 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules) * 1:38258 <-> ENABLED <-> MALWARE-CNC Win/Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38257 <-> ENABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38256 <-> ENABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38255 <-> ENABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38116 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Keranger outbound connection (malware-cnc.rules) * 1:38070 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:38069 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:38068 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:36106 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant outbound connection (malware-cnc.rules) * 1:35387 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Andromeda initial outbound connection (malware-cnc.rules) * 1:35749 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IsSpace outbound connection (malware-cnc.rules) * 1:38067 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:35733 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Potao outbound connection (malware-cnc.rules) * 1:36294 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Nisinul variant outbound connection (malware-cnc.rules) * 1:38018 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex outbound connection (malware-cnc.rules) * 1:36522 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banker.NWT variant outbound connection (malware-cnc.rules) * 1:36639 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tavex outbound connection (malware-cnc.rules) * 1:36732 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sefnit variant outbound connection (malware-cnc.rules) * 1:37637 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:36765 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Stupeval variant outbound connection (malware-cnc.rules) * 1:36807 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nodslit variant outbound connection (malware-cnc.rules) * 1:37036 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ModPOS outbound connection (malware-cnc.rules) * 1:37047 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vonterra outbound connection (malware-cnc.rules) * 1:37636 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:37052 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:37213 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:37212 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:37214 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:35386 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bedep initial outbound connection (malware-cnc.rules) * 1:37457 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sovfo variant outbound connection (malware-cnc.rules) * 1:37215 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:37225 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:36054 <-> ENABLED <-> MALWARE-CNC Ios.Backdoor.SYNful inbound connection (malware-cnc.rules) * 1:37323 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Direvex variant outbound connection (malware-cnc.rules) * 1:36471 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Kemoge outbound connection (malware-cnc.rules) * 1:37317 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Radamant inbound connection (malware-cnc.rules) * 1:37296 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules) * 1:37228 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:37297 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:39774 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qarallax initial outbound connection (malware-cnc.rules) * 1:39773 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules) * 1:39772 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules) * 1:39771 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules) * 1:39770 <-> DISABLED <-> SERVER-WEBAPP GoAhead Embedded Web Server directory traversal attempt (server-webapp.rules) * 1:39769 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Alfa download attempt (malware-other.rules) * 1:39768 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Alfa download attempt (malware-other.rules) * 1:39767 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Alfa outbound connection (malware-cnc.rules) * 1:39766 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Ogimant outbound connection detected (malware-other.rules) * 1:39765 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails ActionPack inline content rendering code injection attempt (server-webapp.rules) * 1:39764 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:39763 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:39756 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Retefe variant malicious certificate installation page (malware-other.rules) * 1:39755 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Retefe variant malicious certificate installation page (malware-other.rules) * 1:39754 <-> DISABLED <-> EXPLOIT-KIT Sundown exploit kit landing page detected (exploit-kit.rules) * 1:39753 <-> ENABLED <-> FILE-PDF Adobe Reader malformed ICC profile memory corruption attempt (file-pdf.rules) * 1:39752 <-> ENABLED <-> FILE-PDF Adobe Reader malformed ICC profile memory corruption attempt (file-pdf.rules) * 1:39751 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTreeNode use after free attempt (browser-ie.rules) * 1:39750 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTreeNode use after free attempt (browser-ie.rules) * 1:39749 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTreeNode use after free attempt (browser-ie.rules) * 1:39748 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTreeNode use after free attempt (browser-ie.rules) * 1:39747 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Apocalypse download attempt (malware-other.rules) * 1:39746 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Apocalypse download attempt (malware-other.rules) * 1:39745 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.FakeRean outbound connection detection (malware-other.rules) * 1:39744 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules) * 3:39757 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0148 attack attempt (file-office.rules) * 3:39758 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0148 attack attempt (file-office.rules) * 3:39759 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0148 attack attempt (file-office.rules) * 3:39760 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0148 attack attempt (file-office.rules) * 3:39761 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0151 attack attempt (file-office.rules) * 3:39762 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0151 attack attempt (file-office.rules)
* 1:39738 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trans variant outbound connection (malware-cnc.rules) * 1:39736 <-> DISABLED <-> FILE-OTHER VideoCharge buffer overflow SEH attempt (file-other.rules) * 1:39735 <-> DISABLED <-> FILE-OTHER VideoCharge buffer overflow SEH attempt (file-other.rules) * 1:39730 <-> ENABLED <-> MALWARE-CNC Win.Adware.Xiazai outbound connection (malware-cnc.rules) * 1:39705 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeus variant inbound connection (malware-cnc.rules) * 1:39581 <-> ENABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus initial outbound connection (malware-cnc.rules) * 1:39580 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39579 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39578 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant inbound connection (malware-cnc.rules) * 1:39577 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39576 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39575 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39574 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39573 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39465 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Unlock92 outbound connection (malware-cnc.rules) * 1:39117 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:39086 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules) * 1:39085 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules) * 1:39084 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules) * 1:39064 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sinrin initial JS dropper outbound connection (malware-cnc.rules) * 1:39052 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Adialer variant outbound connection (malware-cnc.rules) * 1:38886 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bayrob variant outbound connection (malware-cnc.rules) * 1:38647 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:38646 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:38645 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:38644 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:38643 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:38607 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qakbot variant outbound connection (malware-cnc.rules) * 1:38588 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules) * 1:38586 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules) * 1:38585 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules) * 1:38557 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (malware-cnc.rules) * 1:38516 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules) * 1:38515 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules) * 1:38514 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules) * 1:38258 <-> ENABLED <-> MALWARE-CNC Win/Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38257 <-> ENABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38256 <-> ENABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38255 <-> ENABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38116 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Keranger outbound connection (malware-cnc.rules) * 1:38070 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:38069 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:38068 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:38067 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:38018 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex outbound connection (malware-cnc.rules) * 1:37637 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:37636 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:37457 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sovfo variant outbound connection (malware-cnc.rules) * 1:37323 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Direvex variant outbound connection (malware-cnc.rules) * 1:37317 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Radamant inbound connection (malware-cnc.rules) * 1:37297 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules) * 1:37296 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules) * 1:37228 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:37227 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:37226 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:37225 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:37215 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:37214 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:37213 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:37212 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:37052 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:37047 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vonterra outbound connection (malware-cnc.rules) * 1:37036 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ModPOS outbound connection (malware-cnc.rules) * 1:36807 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nodslit variant outbound connection (malware-cnc.rules) * 1:36765 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Stupeval variant outbound connection (malware-cnc.rules) * 1:36732 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sefnit variant outbound connection (malware-cnc.rules) * 1:36639 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tavex outbound connection (malware-cnc.rules) * 1:36522 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banker.NWT variant outbound connection (malware-cnc.rules) * 1:36471 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Kemoge outbound connection (malware-cnc.rules) * 1:36294 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Nisinul variant outbound connection (malware-cnc.rules) * 1:36106 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant outbound connection (malware-cnc.rules) * 1:36054 <-> ENABLED <-> MALWARE-CNC Ios.Backdoor.SYNful inbound connection (malware-cnc.rules) * 1:35968 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox CreateFileW arbitrary file delete attempt (browser-ie.rules) * 1:35967 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox CreateFileW arbitrary file delete attempt (browser-ie.rules) * 1:35794 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:35750 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IsSpace initial outbound connection (malware-cnc.rules) * 1:35749 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IsSpace outbound connection (malware-cnc.rules) * 1:35733 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Potao outbound connection (malware-cnc.rules) * 1:35387 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Andromeda initial outbound connection (malware-cnc.rules) * 1:35386 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bedep initial outbound connection (malware-cnc.rules) * 1:35312 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif outbound connection (malware-cnc.rules) * 1:35254 <-> ENABLED <-> MALWARE-CNC Win.trojan.Seaduke outbound connection (malware-cnc.rules) * 1:35128 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer local file information disclosure attempt (browser-ie.rules) * 1:35127 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer local file information disclosure attempt (browser-ie.rules) * 1:35050 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Elise variant outbound connection (malware-cnc.rules) * 1:35031 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Konus outbound connection (malware-cnc.rules) * 1:34965 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker outbound connection (malware-cnc.rules) * 1:34872 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Compfolder variant outbound connection (malware-cnc.rules) * 1:34869 <-> ENABLED <-> MALWARE-CNC Win.Trojan.XTalker outbound connection (malware-cnc.rules) * 1:34818 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emdivi outbound connection (malware-cnc.rules) * 1:34624 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Crypaura variant outbound connection (malware-cnc.rules) * 1:34609 <-> ENABLED <-> MALWARE-CNC Trojan.NitLove variant outbound connection (malware-cnc.rules) * 1:34608 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Punkey variant outbound connection (malware-cnc.rules) * 1:34572 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zinnemls variant outbound connection (malware-cnc.rules) * 1:34567 <-> ENABLED <-> MALWARE-CNC MacOS.Trojan.MacVX outbound connection (malware-cnc.rules) * 1:34491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MalPutty variant outbound connection (malware-cnc.rules) * 1:34489 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nalodew variant outbound connection (malware-cnc.rules) * 1:34476 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kriptovor variant outbound connection (malware-cnc.rules) * 1:34470 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules) * 1:34469 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules) * 1:34462 <-> ENABLED <-> MALWARE-CNC Linux.Downloader.Mumblehard variant outbound connection (malware-cnc.rules) * 1:34461 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Mumblehard variant outbound connection (malware-cnc.rules) * 1:34460 <-> ENABLED <-> MALWARE-CNC Win.Worm.Mozibe variant outbound connection (malware-cnc.rules) * 1:34459 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pvzin variant outbound connection (malware-cnc.rules) * 1:34366 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Beebone outbound connection (malware-cnc.rules) * 1:34362 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mantal variant outbound connection (malware-cnc.rules) * 1:34347 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cheprobnk variant outbound connection (malware-cnc.rules) * 1:34346 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Backspace outbound connection (malware-cnc.rules) * 1:34329 <-> DISABLED <-> MALWARE-CNC Cryptolocker variant inbound connection (malware-cnc.rules) * 1:34327 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bedepshel variant outbound connection (malware-cnc.rules) * 1:34322 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Farfli outbound connection (malware-cnc.rules) * 1:34319 <-> ENABLED <-> MALWARE-CNC Win.Worm.Klogwjds variant outbound connection (malware-cnc.rules) * 1:34297 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules) * 1:34296 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules) * 1:34286 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mudrop variant outbound connection (malware-cnc.rules) * 1:34263 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:34262 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:34261 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:34246 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AAEH variant outbound connection (malware-cnc.rules) * 1:34219 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nanocore variant outbound connection (malware-cnc.rules) * 1:34155 <-> ENABLED <-> MALWARE-CNC MacOS.Backdoor.Xslcmd outbound connection (malware-cnc.rules) * 1:34140 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbound connection (malware-cnc.rules) * 1:34132 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Erotimpact variant outbound connection (malware-cnc.rules) * 1:34128 <-> ENABLED <-> MALWARE-CNC Win.Trojan.WIntruder outbound connection (malware-cnc.rules) * 1:34117 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Zupdax variant outbound connection (malware-cnc.rules) * 1:34116 <-> ENABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules) * 1:34115 <-> ENABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules) * 1:34050 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Nepigon variant outbound connection (malware-cnc.rules) * 1:34049 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.EvilBunny variant outbound connection (malware-cnc.rules) * 1:34045 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Eitenckay initial outbound connection (malware-cnc.rules) * 1:34038 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34037 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34036 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34035 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34034 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34033 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34032 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34031 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34030 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34029 <-> ENABLED <-> MALWARE-CNC Win.Worm.Tuscas variant outbound connection (malware-cnc.rules) * 1:34026 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules) * 1:34025 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules) * 1:34013 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ayuther variant outbound connection (malware-cnc.rules) * 1:34012 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34011 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34010 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34009 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34008 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34007 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34006 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34005 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34004 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34003 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules) * 1:34002 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules) * 1:34001 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules) * 1:33997 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules) * 1:33996 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules) * 1:33966 <-> ENABLED <-> MALWARE-CNC Win.Worm.Mafusc variant outbound connection (malware-cnc.rules) * 1:33933 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Penget variant outbound connection (malware-cnc.rules) * 1:33931 <-> ENABLED <-> MALWARE-CNC Win.Worm.Goldrv variant outbound connection (malware-cnc.rules) * 1:33893 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:33880 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Casper outbound connection (malware-cnc.rules) * 1:33868 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33867 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33866 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33865 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33864 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33863 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33862 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33861 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33860 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33859 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33757 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.CTB-Locker outbound connection (malware-cnc.rules) * 1:33756 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.CTB-Locker outbound connection (malware-cnc.rules) * 1:33755 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33754 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33753 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33752 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33751 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33750 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33749 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33748 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33747 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33746 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33745 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33704 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33678 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FannyWorm outbound connection (malware-cnc.rules) * 1:33650 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tinba outbound connection (malware-cnc.rules) * 1:33648 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:33647 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:33646 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:33165 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Poweliks outbound connection (malware-cnc.rules) * 1:33145 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:32910 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules) * 1:32909 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules) * 1:32908 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules) * 1:32792 <-> ENABLED <-> MALWARE-CNC Win.Virus.Ransomlock inbound connection (malware-cnc.rules) * 1:32311 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rehtesyk outbound connection (malware-cnc.rules) * 1:32198 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mujormel outbound connection (malware-cnc.rules) * 1:32189 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackEnergy2 outbound connection (malware-cnc.rules) * 1:32188 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackEnergy3 outbound connection (malware-cnc.rules) * 1:32164 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer GetUpdatedLayout partial table declaration use-after-free attempt (browser-ie.rules) * 1:32163 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer GetUpdatedLayout partial table declaration use-after-free attempt (browser-ie.rules) * 1:32126 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Lizarbot outbound connection (malware-cnc.rules) * 1:32065 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Asprox inbound connection (malware-cnc.rules) * 1:31944 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tavdig outbound connection (malware-cnc.rules) * 1:31925 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Jynxkit outbound connection (malware-cnc.rules) * 1:31883 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Waterspout outbound connection (malware-cnc.rules) * 1:31833 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Chkbot outbound connection (malware-cnc.rules) * 1:31832 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pfinet outbound connection (malware-cnc.rules) * 1:31813 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Expiro outbound connection (malware-cnc.rules) * 1:31768 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ecsudown outbound connection (malware-cnc.rules) * 1:31753 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Elpapok outbound connection (malware-cnc.rules) * 1:31748 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qulkonwi outbound connection (malware-cnc.rules) * 1:31744 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Eratoma outbound connection (malware-cnc.rules) * 1:31718 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Critroni outbound connection (malware-cnc.rules) * 1:31706 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Korgapam outbound connection (malware-cnc.rules) * 1:31693 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Korplug Poisoned Hurricane Malware outbound connection (malware-cnc.rules) * 1:31548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant inbound connection (malware-cnc.rules) * 1:31459 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jaktinier outbound connection (malware-cnc.rules) * 1:31319 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zediv outbound connection (malware-cnc.rules) * 1:31293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbound connection (malware-cnc.rules) * 1:31290 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vextstl outbound connection (malware-cnc.rules) * 1:31236 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hidead outbound connection (malware-cnc.rules) * 1:31224 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptor outbound connection (malware-cnc.rules) * 1:31168 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Guise outbound connection (malware-cnc.rules) * 1:31136 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess inbound connection (malware-cnc.rules) * 1:31124 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pyrtomsop outbound connection (malware-cnc.rules) * 1:31123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gigade variant inbound connection (malware-cnc.rules) * 1:31081 <-> ENABLED <-> MALWARE-CNC Win.Trojan.WinSpy variant outbound connection (malware-cnc.rules) * 1:31014 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptowall variant outbound connection (malware-cnc.rules) * 1:30984 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vonriamt outbound connection (malware-cnc.rules) * 1:30978 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules) * 1:30926 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor outbound secure-connection (malware-cnc.rules) * 1:30924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor inbound connection (malware-cnc.rules) * 1:30923 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sefnit outbound connection (malware-cnc.rules) * 1:30883 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules) * 1:30882 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules) * 1:30812 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules) * 1:30811 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules) * 1:30810 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules) * 1:30809 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules) * 1:30808 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules) * 1:30807 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules) * 1:30806 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules) * 1:30805 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules) * 1:30804 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules) * 1:30752 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tesyong outbound connection (malware-cnc.rules) * 1:30552 <-> ENABLED <-> MALWARE-CNC Malicious BitCoiner Miner download - Win.Trojan.Systema (malware-cnc.rules) * 1:30551 <-> ENABLED <-> MALWARE-CNC Malicious BitCoiner Miner download - Win.Trojan.Minerd (malware-cnc.rules) * 1:30482 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zbot/Bublik inbound connection (malware-cnc.rules) * 1:30334 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ProjectHook initial outbound connection (malware-cnc.rules) * 1:30064 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zbot outbound connection (malware-cnc.rules) * 1:30063 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zbot outbound connection (malware-cnc.rules) * 1:29980 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Fucom outbound connection (malware-cnc.rules) * 1:29924 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Farfli outbound connection (malware-cnc.rules) * 1:29670 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Caphaw outbound connection (malware-cnc.rules) * 1:29644 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sdconsent outbound connection (malware-cnc.rules) * 1:29616 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Keylogger inbound connection (malware-cnc.rules) * 1:29615 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Keylogger outbound connection (malware-cnc.rules) * 1:29440 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Chewbacca outbound connection (malware-cnc.rules) * 1:29353 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeagle outbound connection (malware-cnc.rules) * 1:29340 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Plusau outbound connection (malware-cnc.rules) * 1:29334 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using other (malware-cnc.rules) * 1:29333 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using proxy server (malware-cnc.rules) * 1:29332 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using lan (malware-cnc.rules) * 1:29331 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using modem (malware-cnc.rules) * 1:29325 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Horsamaz outbound connection (malware-cnc.rules) * 1:29307 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Fraxytime outbound connection (malware-cnc.rules) * 1:29302 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Diswenshow outbound connection (malware-cnc.rules) * 1:29289 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kmnokay outbound connection (malware-cnc.rules) * 1:29155 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vwealer outbound connection (malware-cnc.rules) * 1:29149 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Janicab outbound connection (malware-cnc.rules) * 1:29031 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banload variant inbound connection (malware-cnc.rules) * 1:28809 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dofoil inbound connection (malware-cnc.rules) * 1:28807 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules) * 1:28239 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tuxido outbound connection (malware-cnc.rules) * 1:28234 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hdslogger outbound connection (malware-cnc.rules) * 1:28211 <-> ENABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules) * 1:28210 <-> ENABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules) * 1:28209 <-> ENABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules) * 1:28143 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Medfos outbound connection (malware-cnc.rules) * 1:28141 <-> ENABLED <-> MALWARE-CNC Win.Trojan.banker outbound connection (malware-cnc.rules) * 1:28096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spynet variant connection (malware-cnc.rules) * 1:28072 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Omexo outbound connection (malware-cnc.rules) * 1:27867 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dropper outbound connection (malware-cnc.rules) * 1:27547 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Janicab outbound connection (malware-cnc.rules) * 1:27546 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Janicab outbound connection (malware-cnc.rules) * 1:27545 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Janicab outbound connection (malware-cnc.rules) * 1:27201 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Neurevt variant outbound connection (malware-cnc.rules) * 1:27152 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:27150 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:27023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules) * 1:27022 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules) * 1:26912 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules) * 1:26911 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules) * 1:25807 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Urausy Botnet variant outbound connection (malware-cnc.rules) * 1:25627 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Reventon variant outbound connection (malware-cnc.rules) * 1:24385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules) * 1:24384 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules) * 1:24383 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dipwit outbound connection (malware-cnc.rules) * 1:24382 <-> ENABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules) * 1:24381 <-> ENABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules) * 1:24350 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules) * 1:24349 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules) * 1:24341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules) * 1:24224 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules) * 1:23780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Begfanit.A outbound connection (malware-cnc.rules) * 1:23607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy.A outbound connection (malware-cnc.rules) * 1:23606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy.A outbound connection (malware-cnc.rules) * 1:23493 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules) * 1:23492 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules) * 1:22048 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeus P2P outbound connection (malware-cnc.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
