Talos has added and modified multiple rules in the blacklist, browser-ie, file-office, malware-backdoor, malware-cnc, malware-other, malware-tools and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:44359 <-> ENABLED <-> SERVER-WEBAPP Trend Micro OfficeScan proxy_controller.php command injection attempt (server-webapp.rules) * 1:44362 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Sality (blacklist.rules) * 1:44361 <-> ENABLED <-> SERVER-WEBAPP Trend Micro OfficeScan proxy_controller.php command injection attempt (server-webapp.rules) * 1:44358 <-> DISABLED <-> PUA-ADWARE DealPly Adware variant outbound connection (pua-adware.rules) * 1:44363 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF hex encoded WRAsembly ASLR bypass download attempt (file-office.rules) * 1:44364 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF hex encoded WRAssembly ASLR bypass download attempt (file-office.rules) * 1:44360 <-> ENABLED <-> SERVER-WEBAPP Trend Micro OfficeScan proxy_controller.php command injection attempt (server-webapp.rules)
* 1:7679 <-> DISABLED <-> MALWARE-BACKDOOR cool remote control 1.12 runtime detection - upload file (malware-backdoor.rules) * 1:9659 <-> DISABLED <-> MALWARE-BACKDOOR bersek 1.0 runtime detection - file manage (malware-backdoor.rules) * 1:9661 <-> DISABLED <-> MALWARE-BACKDOOR bersek 1.0 runtime detection - show processes (malware-backdoor.rules) * 1:9663 <-> DISABLED <-> MALWARE-BACKDOOR bersek 1.0 runtime detection - start remote shell (malware-backdoor.rules) * 1:9665 <-> DISABLED <-> MALWARE-BACKDOOR crossbow 1.12 runtime detection - init connection (malware-backdoor.rules) * 1:9666 <-> DISABLED <-> MALWARE-BACKDOOR superra runtime detection - success init connection (malware-backdoor.rules) * 1:9667 <-> DISABLED <-> MALWARE-BACKDOOR superra runtime detection - issue remote control command (malware-backdoor.rules) * 1:9827 <-> DISABLED <-> MALWARE-OTHER Keylogger paq keylog runtime detection - smtp (malware-other.rules) * 1:9828 <-> DISABLED <-> MALWARE-OTHER Keylogger paq keylog runtime detection - ftp (malware-other.rules) * 1:9829 <-> DISABLED <-> MALWARE-OTHER Trackware relevantknowledge runtime detection (malware-other.rules) * 1:9830 <-> DISABLED <-> MALWARE-OTHER Keylogger supreme spy runtime detection (malware-other.rules) * 1:9832 <-> DISABLED <-> MALWARE-BACKDOOR ieva 1.0 runtime detection - send message (malware-backdoor.rules) * 1:9833 <-> DISABLED <-> MALWARE-BACKDOOR ieva 1.0 runtime detection - fake delete harddisk message (malware-backdoor.rules) * 1:9834 <-> DISABLED <-> MALWARE-BACKDOOR ieva 1.0 runtime detection - black screen (malware-backdoor.rules) * 1:9835 <-> DISABLED <-> MALWARE-BACKDOOR ieva 1.0 runtime detection - swap mouse (malware-backdoor.rules) * 1:9836 <-> DISABLED <-> MALWARE-BACKDOOR ieva 1.0 runtime detection - crazy mouse (malware-backdoor.rules) * 1:9838 <-> DISABLED <-> MALWARE-BACKDOOR sun shadow 1.70 runtime detection - init connection (malware-backdoor.rules) * 1:9839 <-> DISABLED <-> MALWARE-BACKDOOR sun shadow 1.70 runtime detection - keep alive (malware-backdoor.rules) * 1:10078 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10079 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10080 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10081 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10082 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10083 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10088 <-> DISABLED <-> MALWARE-OTHER Keylogger beyond Keylogger runtime detection - log sent by smtp (malware-other.rules) * 1:10089 <-> DISABLED <-> MALWARE-OTHER Keylogger beyond Keylogger runtime detection - log sent by ftp (malware-other.rules) * 1:10091 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool spylply.a runtime detection (malware-tools.rules) * 1:10092 <-> DISABLED <-> MALWARE-OTHER Trackware russian searchbar runtime detection (malware-other.rules) * 1:10095 <-> DISABLED <-> MALWARE-OTHER Trackware bydou runtime detection (malware-other.rules) * 1:10096 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - keylog (malware-other.rules) * 1:10098 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - get system info (malware-other.rules) * 1:10100 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - open website (malware-other.rules) * 1:10101 <-> DISABLED <-> MALWARE-BACKDOOR crossfires trojan 3.0 runtime detection - delete file (malware-backdoor.rules) * 1:10102 <-> DISABLED <-> MALWARE-BACKDOOR crossfires trojan 3.0 runtime detection - chat with victim (malware-backdoor.rules) * 1:10105 <-> DISABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection - retrieve pc info (malware-backdoor.rules) * 1:10107 <-> DISABLED <-> MALWARE-BACKDOOR icmp cmd 1.0 runtime detection - pslist (malware-backdoor.rules) * 1:10108 <-> DISABLED <-> MALWARE-BACKDOOR icmp cmd 1.0 runtime detection - pskill (malware-backdoor.rules) * 1:10109 <-> DISABLED <-> MALWARE-BACKDOOR k-msnrat 1.0.0 runtime detection - init connection (malware-backdoor.rules) * 1:10112 <-> DISABLED <-> MALWARE-BACKDOOR rix3 1.0 runtime detection - init connection (malware-backdoor.rules) * 1:10165 <-> DISABLED <-> MALWARE-OTHER Keylogger mybr Keylogger runtime detection (malware-other.rules) * 1:10166 <-> DISABLED <-> MALWARE-OTHER Trackware baigoo runtime detection (malware-other.rules) * 1:10168 <-> DISABLED <-> MALWARE-BACKDOOR one runtime detection (malware-backdoor.rules) * 1:10169 <-> DISABLED <-> MALWARE-BACKDOOR matrix 1.03 by mtronic runtime detection - init connection (malware-backdoor.rules) * 1:10181 <-> DISABLED <-> MALWARE-OTHER Keylogger systemsleuth runtime detection (malware-other.rules) * 1:10183 <-> DISABLED <-> MALWARE-OTHER Keylogger activity Keylogger runtime detection (malware-other.rules) * 1:10184 <-> DISABLED <-> MALWARE-BACKDOOR wow 23 runtime detection (malware-backdoor.rules) * 1:10185 <-> DISABLED <-> MALWARE-BACKDOOR x-door runtime detection (malware-backdoor.rules) * 1:10196 <-> DISABLED <-> MALWARE-BACKDOOR Wordpress backdoor feed.php code execution (malware-backdoor.rules) * 1:10197 <-> DISABLED <-> MALWARE-BACKDOOR Wordpress backdoor theme.php code execution (malware-backdoor.rules) * 1:10435 <-> DISABLED <-> MALWARE-OTHER Trackware admedia runtime detection (malware-other.rules) * 1:10436 <-> DISABLED <-> MALWARE-OTHER Keylogger keyspy runtime detection (malware-other.rules) * 1:10440 <-> DISABLED <-> MALWARE-OTHER Keylogger pc black box runtime detection (malware-other.rules) * 1:10441 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool statwin runtime detection (malware-tools.rules) * 1:10442 <-> DISABLED <-> MALWARE-BACKDOOR nirvana 2.0 runtime detection - explore c drive (malware-backdoor.rules) * 1:10443 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - sniff info (malware-backdoor.rules) * 1:10444 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - open ftp serice (malware-backdoor.rules) * 1:10445 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - get password (malware-backdoor.rules) * 1:10446 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - get server info (malware-backdoor.rules) * 1:10447 <-> DISABLED <-> MALWARE-CNC 51d 1b variant outbound connection icq notification (malware-cnc.rules) * 1:10448 <-> DISABLED <-> MALWARE-BACKDOOR acessor 2.0 runtime detection - init connection (malware-backdoor.rules) * 1:10454 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - init connection (malware-backdoor.rules) * 1:10449 <-> DISABLED <-> MALWARE-BACKDOOR acid shivers runtime detection - init telnet connection (malware-backdoor.rules) * 1:10451 <-> DISABLED <-> MALWARE-BACKDOOR only 1 rat runtime detection - control command (malware-backdoor.rules) * 1:10456 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (malware-backdoor.rules) * 1:10457 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - start keylogger (malware-backdoor.rules) * 1:10458 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 or illusion runtime detection - open file manager (malware-backdoor.rules) * 1:10459 <-> DISABLED <-> MALWARE-BACKDOOR wineggdrop shell pro runtime detection - init connection (malware-backdoor.rules) * 1:10461 <-> DISABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - get system info (malware-backdoor.rules) * 1:10463 <-> DISABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - explorer (malware-backdoor.rules) * 1:11307 <-> DISABLED <-> MALWARE-OTHER Keylogger computer monitor Keylogger runtime detection (malware-other.rules) * 1:11309 <-> DISABLED <-> MALWARE-OTHER Keylogger sskc v2.0 runtime detection (malware-other.rules) * 1:11311 <-> DISABLED <-> MALWARE-OTHER Keylogger pcsentinelsoftware Keylogger runtime detection - upload infor (malware-other.rules) * 1:11312 <-> DISABLED <-> MALWARE-OTHER Trackware uplink runtime detection (malware-other.rules) * 1:11314 <-> DISABLED <-> MALWARE-BACKDOOR shadownet remote spy 2.0 runtime detection (malware-backdoor.rules) * 1:11316 <-> DISABLED <-> MALWARE-BACKDOOR lurker 1.1 runtime detection - init connection (malware-backdoor.rules) * 1:11317 <-> DISABLED <-> MALWARE-BACKDOOR abremote pro 3.1 runtime detection - init connection (malware-backdoor.rules) * 1:11318 <-> DISABLED <-> MALWARE-BACKDOOR boer runtime detection - init connection (malware-backdoor.rules) * 1:11319 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - init connection request (malware-backdoor.rules) * 1:11320 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - reverse mode init connection request (malware-backdoor.rules) * 1:11321 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - udp broadcast (malware-backdoor.rules) * 1:11323 <-> DISABLED <-> MALWARE-BACKDOOR sohoanywhere runtime detection (malware-backdoor.rules) * 1:12166 <-> DISABLED <-> MALWARE-CNC lithium 1.02 variant outbound connection (malware-cnc.rules) * 1:13953 <-> DISABLED <-> MALWARE-CNC Asprox trojan initial query (malware-cnc.rules) * 1:15295 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankpatch configuration download (malware-cnc.rules) * 1:15296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankpatch malicious file download (malware-cnc.rules) * 1:15297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankpatch report home (malware-cnc.rules) * 1:16098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.cekar variant outbound connection (malware-cnc.rules) * 1:16140 <-> DISABLED <-> MALWARE-CNC torpig-mebroot command and control checkin (malware-cnc.rules) * 1:16439 <-> DISABLED <-> MALWARE-CNC Possible Zeus User-Agent - _TEST_ (malware-cnc.rules) * 1:16440 <-> DISABLED <-> MALWARE-CNC Possible Zeus User-Agent - ie (malware-cnc.rules) * 1:16441 <-> DISABLED <-> MALWARE-CNC Possible Zeus User-Agent - Download (malware-cnc.rules) * 1:16442 <-> DISABLED <-> MALWARE-CNC Possible Zeus User-Agent - Mozilla (malware-cnc.rules) * 1:16483 <-> DISABLED <-> MALWARE-CNC Koobface worm submission of collected data to C&C server (malware-cnc.rules) * 1:16558 <-> DISABLED <-> MALWARE-CNC SdBot IRC Win.Trojan.server to client communication (malware-cnc.rules) * 1:16804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot.E - initial load (malware-cnc.rules) * 1:17058 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.JS.Agent.ewh Javascript download (malware-cnc.rules) * 1:18562 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.LivePcCare variant outbound connection (malware-cnc.rules) * 1:18577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.agum variant outbound connection (malware-cnc.rules) * 1:18707 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.ControlCenter variant outbound connection (malware-cnc.rules) * 1:18708 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.AntivirusSoft variant outbound connection (malware-cnc.rules) * 1:18709 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.aufm variant outbound connection (malware-cnc.rules) * 1:18711 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.SecurityCentral variant outbound connection (malware-cnc.rules) * 1:18712 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.XJRAntivirus variant outbound connection (malware-cnc.rules) * 1:18716 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.H variant outbound connection (malware-cnc.rules) * 1:18717 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.QO variant outbound connection (malware-cnc.rules) * 1:18718 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.AdvancedDefender variant outbound connection (malware-cnc.rules) * 1:18724 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.ZeroClean variant outbound connection (malware-cnc.rules) * 1:18739 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Koobface.D variant outbound connection (malware-cnc.rules) * 1:18978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pasta.aoq variant outbound connection (malware-cnc.rules) * 1:18979 <-> DISABLED <-> MALWARE-CNC Worm.Win32.AutoRun.fmo variant outbound connection (malware-cnc.rules) * 1:19042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.ACQE variant outbound connection (malware-cnc.rules) * 1:19045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos.XQ variant outbound connection (malware-cnc.rules) * 1:19048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkness variant outbound connection (malware-cnc.rules) * 1:19050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra.fxe variant outbound connection (malware-cnc.rules) * 1:19062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakePlus variant outbound connection (malware-cnc.rules) * 1:19135 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Buterat Checkin (malware-backdoor.rules) * 1:19340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeav TREAntivirus variant outbound connection (malware-cnc.rules) * 1:19341 <-> DISABLED <-> MALWARE-CNC Worm MSIL.AiO.a variant outbound connection (malware-cnc.rules) * 1:19342 <-> DISABLED <-> MALWARE-CNC Adware Professional variant outbound connection (malware-cnc.rules) * 1:19343 <-> DISABLED <-> MALWARE-CNC Adware Pro variant outbound connection (malware-cnc.rules) * 1:19344 <-> DISABLED <-> MALWARE-CNC AntiMalware Pro variant outbound connection (malware-cnc.rules) * 1:19345 <-> DISABLED <-> MALWARE-CNC REAnti variant outbound connection (malware-cnc.rules) * 1:19346 <-> DISABLED <-> MALWARE-CNC Additional Guard variant outbound connection (malware-cnc.rules) * 1:19352 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small.D variant outbound connection (malware-cnc.rules) * 1:19354 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Agent.bhxn variant outbound connection (malware-backdoor.rules) * 1:19362 <-> DISABLED <-> MALWARE-OTHER generic IRC botnet connection (malware-other.rules) * 1:19366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HXWAN.A variant outbound connection (malware-cnc.rules) * 1:19367 <-> DISABLED <-> MALWARE-CNC Win.Worm.Vaubeg.A variant outbound connection (malware-cnc.rules) * 1:19368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.D variant outbound connection (malware-cnc.rules) * 1:19369 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.D variant outbound connection (malware-cnc.rules) * 1:19370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.D variant outbound connection (malware-cnc.rules) * 1:19551 <-> DISABLED <-> MALWARE-OTHER self-signed SSL certificate with default Internet Widgits Pty Ltd organization name (malware-other.rules) * 1:19554 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeav Antivirus Xp Pro variant outbound connection (malware-cnc.rules) * 1:19555 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small variant outbound connection (malware-cnc.rules) * 1:19556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Homa variant outbound connection (malware-cnc.rules) * 1:19557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shark.ag variant outbound connection (malware-cnc.rules) * 1:19724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:19725 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poison variant outbound connection (malware-cnc.rules) * 1:19726 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poison variant outbound connection (malware-cnc.rules) * 1:19727 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos.DI variant outbound connection (malware-cnc.rules) * 1:19957 <-> DISABLED <-> MALWARE-CNC Arabian-Attacker 1.1.0 variant outbound connection (malware-cnc.rules) * 1:19964 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:19979 <-> DISABLED <-> MALWARE-CNC IRCBot runtime traffic detected (malware-cnc.rules) * 1:19980 <-> DISABLED <-> MALWARE-CNC IRCBot runtime traffic detected (malware-cnc.rules) * 1:19981 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micstus.A runtime traffic detected (malware-cnc.rules) * 1:20008 <-> DISABLED <-> MALWARE-CNC Malware PDFMarca.A runtime traffic detected (malware-cnc.rules) * 1:20010 <-> DISABLED <-> MALWARE-CNC Win32/Babmote.A runtime TCP traffic detected (malware-cnc.rules) * 1:20035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Coinbit.A runtime traffic detected (malware-cnc.rules) * 1:20036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Agent.ndau runtime traffic detected (malware-cnc.rules) * 1:20037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cve runtime traffic detected (malware-cnc.rules) * 1:20038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cve runtime traffic detected (malware-cnc.rules) * 1:20057 <-> DISABLED <-> MALWARE-CNC BitCoin Miner IP query (malware-cnc.rules) * 1:20064 <-> DISABLED <-> MALWARE-CNC Malware Win.Trojan.Clemag.A variant outbound connection (malware-cnc.rules) * 1:20066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 SensLiceld.A runtime traffic detected (malware-cnc.rules) * 1:20067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Zatvex.A runtime traffic detected (malware-cnc.rules) * 1:20068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jetilms.A runtime activity detected (malware-cnc.rules) * 1:20069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.alhq runtime traffic detected (malware-cnc.rules) * 1:20205 <-> DISABLED <-> MALWARE-CNC Win32/Poison beaconing request (malware-cnc.rules) * 1:20233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut variant outbound connection (malware-cnc.rules) * 1:20234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ceckno.cmz runtime traffic detected (malware-cnc.rules) * 1:20435 <-> DISABLED <-> MALWARE-CNC TrojanSpy Win.Trojan.Zbot.Svr runtime traffic detected (malware-cnc.rules) * 1:20447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.JAAK variant outbound connection (malware-cnc.rules) * 1:20606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Domsingx.A variant outbound connection (malware-cnc.rules) * 1:20626 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shylock.A variant outbound connection (malware-cnc.rules) * 1:20627 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shylock.A C&C server response (malware-cnc.rules) * 1:20836 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy.A runtime traffic detected (malware-cnc.rules) * 1:20838 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smokebot.A runtime traffic detected (malware-cnc.rules) * 1:20844 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.smxy runtime traffic detected (malware-cnc.rules) * 1:20877 <-> DISABLED <-> MALWARE-CNC RunTime Worm.Win32.Warezov.gs variant outbound connection (malware-cnc.rules) * 1:20890 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.adbp runtime traffic detected (malware-cnc.rules) * 1:20891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.adbp runtime traffic detected (malware-cnc.rules) * 1:20892 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Skopvel.A runtime traffic detected (malware-cnc.rules) * 1:21028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Usinec connect to server (malware-cnc.rules) * 1:21058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AutoIt.pm runtime traffic detected (malware-cnc.rules) * 1:21087 <-> DISABLED <-> MALWARE-CNC Bindow.Worm runtime traffic detected (malware-cnc.rules) * 1:7763 <-> DISABLED <-> MALWARE-BACKDOOR nt remote controller 2000 runtime detection - services client-to-server (malware-backdoor.rules) * 1:9336 <-> DISABLED <-> MALWARE-OTHER netsky.t smtp propagation detection (malware-other.rules) * 1:9362 <-> DISABLED <-> MALWARE-OTHER mimail.m smtp propagation detection (malware-other.rules) * 1:8462 <-> DISABLED <-> MALWARE-OTHER Trackware duduaccelerator runtime detection - trace info downloaded (malware-other.rules) * 1:9384 <-> DISABLED <-> MALWARE-OTHER beglur.a smtp propagation detection (malware-other.rules) * 1:7692 <-> DISABLED <-> MALWARE-BACKDOOR exception 1.0 runtime detection - notification (malware-backdoor.rules) * 1:8544 <-> DISABLED <-> MALWARE-OTHER Keylogger nicespy runtime detection - smtp (malware-other.rules) * 1:7747 <-> DISABLED <-> MALWARE-BACKDOOR bobo 1.0 runtime detection - initial connection (malware-backdoor.rules) * 1:7842 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool davps runtime detection (malware-tools.rules) * 1:9337 <-> DISABLED <-> MALWARE-OTHER netsky.x smtp propagation detection (malware-other.rules) * 1:7689 <-> DISABLED <-> MALWARE-BACKDOOR evade runtime detection - initial connection (malware-backdoor.rules) * 1:9394 <-> DISABLED <-> MALWARE-OTHER bagle.n smtp propagation detection (malware-other.rules) * 1:9330 <-> DISABLED <-> MALWARE-OTHER mydoom.e smtp propagation detection (malware-other.rules) * 1:7671 <-> DISABLED <-> MALWARE-BACKDOOR digital upload runtime detection - chat (malware-backdoor.rules) * 1:9358 <-> DISABLED <-> MALWARE-OTHER fizzer smtp propagation detection (malware-other.rules) * 1:9393 <-> DISABLED <-> MALWARE-OTHER bagle.k smtp propagation detection (malware-other.rules) * 1:7804 <-> DISABLED <-> MALWARE-BACKDOOR war trojan ver1.0 runtime detection - disable ctrl+alt+del (malware-backdoor.rules) * 1:9386 <-> DISABLED <-> MALWARE-OTHER bagle.f smtp propagation detection (malware-other.rules) * 1:9371 <-> DISABLED <-> MALWARE-OTHER bagle.e smtp propagation detection (malware-other.rules) * 1:7814 <-> DISABLED <-> MALWARE-BACKDOOR darkmoon initial connection detection - stc (malware-backdoor.rules) * 1:8461 <-> DISABLED <-> MALWARE-OTHER Trackware duduaccelerator runtime detection - send userinfo (malware-other.rules) * 1:7765 <-> DISABLED <-> MALWARE-BACKDOOR nt remote controller 2000 runtime detection - sysinfo server-to-client (malware-backdoor.rules) * 1:9359 <-> DISABLED <-> MALWARE-OTHER zafi.b smtp propagation detection (malware-other.rules) * 1:7727 <-> DISABLED <-> MALWARE-BACKDOOR reversable ver1.0 runtime detection - execute command (malware-backdoor.rules) * 1:9390 <-> DISABLED <-> MALWARE-OTHER deborm.d netshare propagation detection (malware-other.rules) * 1:9332 <-> DISABLED <-> MALWARE-OTHER mimail.a smtp propagation detection (malware-other.rules) * 1:9348 <-> DISABLED <-> MALWARE-OTHER morbex smtp propagation detection (malware-other.rules) * 1:7719 <-> DISABLED <-> MALWARE-BACKDOOR dameware mini remote control runtime detection - initial connection (malware-backdoor.rules) * 1:7720 <-> DISABLED <-> MALWARE-BACKDOOR desktop scout runtime detection (malware-backdoor.rules) * 1:7732 <-> DISABLED <-> MALWARE-BACKDOOR outbreak_0.2.7 runtime detection - ring client-to-server (malware-backdoor.rules) * 1:9353 <-> DISABLED <-> MALWARE-OTHER deborm.x netshare propagation detection (malware-other.rules) * 1:9408 <-> DISABLED <-> MALWARE-OTHER lacrow smtp propagation detection (malware-other.rules) * 1:7775 <-> DISABLED <-> MALWARE-BACKDOOR messiah 4.0 runtime detection - screen capture (malware-backdoor.rules) * 1:9388 <-> DISABLED <-> MALWARE-OTHER mimail.g smtp propagation detection (malware-other.rules) * 1:9343 <-> DISABLED <-> MALWARE-OTHER kadra smtp propagation detection (malware-other.rules) * 1:9396 <-> DISABLED <-> MALWARE-OTHER deborm.t netshare propagation detection (malware-other.rules) * 1:9363 <-> DISABLED <-> MALWARE-OTHER klez.d web propagation detection (malware-other.rules) * 1:7683 <-> DISABLED <-> MALWARE-BACKDOOR acid head 1.00 runtime detection (malware-backdoor.rules) * 1:7792 <-> DISABLED <-> MALWARE-BACKDOOR remote anything 5.11.22 runtime detection - chat with victim (malware-backdoor.rules) * 1:9350 <-> DISABLED <-> MALWARE-OTHER mimail.k smtp propagation detection (malware-other.rules) * 1:9414 <-> DISABLED <-> MALWARE-OTHER lovelorn.a smtp propagation detection (malware-other.rules) * 1:7749 <-> DISABLED <-> MALWARE-BACKDOOR bobo 1.0 runtime detection - send message (malware-backdoor.rules) * 1:7796 <-> DISABLED <-> MALWARE-BACKDOOR incommand 1.7 runtime detection - init connection (malware-backdoor.rules) * 1:9412 <-> DISABLED <-> MALWARE-OTHER sinmsn.b msn propagation detection (malware-other.rules) * 1:9389 <-> DISABLED <-> MALWARE-OTHER bagle.i smtp propagation detection (malware-other.rules) * 1:7801 <-> DISABLED <-> MALWARE-BACKDOOR portal of doom runtime detection - udp cts (malware-backdoor.rules) * 1:7688 <-> DISABLED <-> MALWARE-BACKDOOR illusion runtime detection - file browser server-to-client (malware-backdoor.rules) * 1:8542 <-> DISABLED <-> MALWARE-OTHER Trackware deluxecommunications runtime detection - collect info (malware-other.rules) * 1:9377 <-> DISABLED <-> MALWARE-OTHER mydoom.g smtp propagation detection (malware-other.rules) * 1:7721 <-> DISABLED <-> MALWARE-BACKDOOR prorat 1.9 initial connection detection (malware-backdoor.rules) * 1:7762 <-> DISABLED <-> MALWARE-CNC analftp 0.1 variant outbound connection icq notification (malware-cnc.rules) * 1:8549 <-> DISABLED <-> MALWARE-BACKDOOR zxshell runtime detection - setting information retrieve (malware-backdoor.rules) * 1:7798 <-> DISABLED <-> MALWARE-BACKDOOR incommand 1.7 runtime detection - file manage 1 (malware-backdoor.rules) * 1:7818 <-> DISABLED <-> MALWARE-BACKDOOR infector v1.0 runtime detection - init conn (malware-backdoor.rules) * 1:7681 <-> DISABLED <-> MALWARE-BACKDOOR cool remote control 1.12 runtime detection - download file (malware-backdoor.rules) * 1:7722 <-> DISABLED <-> MALWARE-CNC prorat 1.9 cgi notification detection (malware-cnc.rules) * 1:7670 <-> DISABLED <-> MALWARE-BACKDOOR digital upload runtime detection - initial connection (malware-backdoor.rules) * 1:7857 <-> DISABLED <-> MALWARE-OTHER Keylogger EliteKeylogger runtime detection (malware-other.rules) * 1:9411 <-> DISABLED <-> MALWARE-OTHER mimail.f smtp propagation detection (malware-other.rules) * 1:9351 <-> DISABLED <-> MALWARE-OTHER lovgate.a netshare propagation detection (malware-other.rules) * 1:9380 <-> DISABLED <-> MALWARE-OTHER jitux msn messenger propagation detection (malware-other.rules) * 1:7805 <-> DISABLED <-> MALWARE-CNC war trojan ver1.0 variant outbound connection ie hijacker (malware-cnc.rules) * 1:9367 <-> DISABLED <-> MALWARE-OTHER anset.b smtp propagation detection (malware-other.rules) * 1:9352 <-> DISABLED <-> MALWARE-OTHER lovgate.a smtp propagation detection (malware-other.rules) * 1:8074 <-> DISABLED <-> MALWARE-BACKDOOR mithril runtime detection - init connection (malware-backdoor.rules) * 1:9378 <-> DISABLED <-> MALWARE-OTHER netsky.q smtp propagation detection (malware-other.rules) * 1:7778 <-> DISABLED <-> MALWARE-BACKDOOR elfrat runtime detection - initial connection (malware-backdoor.rules) * 1:9338 <-> DISABLED <-> MALWARE-OTHER mydoom.i smtp propagation detection (malware-other.rules) * 1:9391 <-> DISABLED <-> MALWARE-OTHER mimail.i smtp propagation detection (malware-other.rules) * 1:7755 <-> DISABLED <-> MALWARE-BACKDOOR buschtrommel 1.22 runtime detection - spy function (malware-backdoor.rules) * 1:7856 <-> DISABLED <-> MALWARE-OTHER Trackware winsysba-a runtime detection - track surfing activity (malware-other.rules) * 1:7729 <-> DISABLED <-> MALWARE-BACKDOOR radmin runtime detection - server-to-client (malware-backdoor.rules) * 1:7791 <-> DISABLED <-> MALWARE-BACKDOOR remote anything 5.11.22 runtime detection - victim response (malware-backdoor.rules) * 1:7806 <-> DISABLED <-> MALWARE-BACKDOOR fatal wound 1.0 runtime detection - initial connection (malware-backdoor.rules) * 1:9417 <-> DISABLED <-> MALWARE-OTHER bagle.a smtp propagation detection (malware-other.rules) * 1:9335 <-> DISABLED <-> MALWARE-OTHER netsky.b smtp propagation detection (malware-other.rules) * 1:7807 <-> DISABLED <-> MALWARE-BACKDOOR fatal wound 1.0 runtime detection - execute file (malware-backdoor.rules) * 1:7717 <-> DISABLED <-> MALWARE-BACKDOOR snake trojan runtime detection (malware-backdoor.rules) * 1:7759 <-> DISABLED <-> MALWARE-BACKDOOR glacier runtime detection - screen capture (malware-backdoor.rules) * 1:9415 <-> DISABLED <-> MALWARE-OTHER plexus.a smtp propagation detection (malware-other.rules) * 1:7836 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool nettracker runtime detection - report send through email (malware-tools.rules) * 1:9354 <-> DISABLED <-> MALWARE-OTHER deborm.y netshare propagation detection (malware-other.rules) * 1:7745 <-> DISABLED <-> MALWARE-BACKDOOR phoenix 2.1 runtime detection (malware-backdoor.rules) * 1:9357 <-> DISABLED <-> MALWARE-OTHER deborm.r netshare propagation detection (malware-other.rules) * 1:7730 <-> DISABLED <-> MALWARE-BACKDOOR outbreak_0.2.7 runtime detection - reverse connection (malware-backdoor.rules) * 1:9360 <-> DISABLED <-> MALWARE-OTHER cult.b smtp propagation detection (malware-other.rules) * 1:8080 <-> DISABLED <-> MALWARE-CNC x2a variant outbound connection client update (malware-cnc.rules) * 1:9387 <-> DISABLED <-> MALWARE-OTHER klez.j web propagation detection (malware-other.rules) * 1:7760 <-> DISABLED <-> MALWARE-BACKDOOR netthief runtime detection (malware-backdoor.rules) * 1:7743 <-> DISABLED <-> MALWARE-BACKDOOR nova 1.0 runtime detection - cgi notification server-to-client (malware-backdoor.rules) * 1:9368 <-> DISABLED <-> MALWARE-OTHER agist.a smtp propagation detection (malware-other.rules) * 1:8079 <-> DISABLED <-> MALWARE-BACKDOOR x2a runtime detection - init connection (malware-backdoor.rules) * 1:7777 <-> DISABLED <-> MALWARE-BACKDOOR messiah 4.0 runtime detection - get drives (malware-backdoor.rules) * 1:8548 <-> DISABLED <-> MALWARE-BACKDOOR zzmm 2.0 runtime detection - init connection (malware-backdoor.rules) * 1:9328 <-> DISABLED <-> MALWARE-OTHER zhangpo smtp propagation detection (malware-other.rules) * 1:9383 <-> DISABLED <-> MALWARE-OTHER netsky.y smtp propagation detection (malware-other.rules) * 1:9395 <-> DISABLED <-> MALWARE-OTHER deborm.j netshare propagation detection (malware-other.rules) * 1:9347 <-> DISABLED <-> MALWARE-OTHER klez.b netshare propagation detection (malware-other.rules) * 1:9369 <-> DISABLED <-> MALWARE-OTHER atak.a smtp propagation detection (malware-other.rules) * 1:9406 <-> DISABLED <-> MALWARE-OTHER lovgate.e smtp propagation detection (malware-other.rules) * 1:9373 <-> DISABLED <-> MALWARE-OTHER clepa smtp propagation detection (malware-other.rules) * 1:7704 <-> DISABLED <-> MALWARE-CNC roach 1.0 server installation notification - email (malware-cnc.rules) * 1:9379 <-> DISABLED <-> MALWARE-OTHER netsky.s smtp propagation detection (malware-other.rules) * 1:7783 <-> DISABLED <-> MALWARE-BACKDOOR netdevil runtime detection - file manager (malware-backdoor.rules) * 1:9356 <-> DISABLED <-> MALWARE-OTHER deborm.q netshare propagation detection (malware-other.rules) * 1:9326 <-> DISABLED <-> MALWARE-OTHER netsky.p smtp propagation detection (malware-other.rules) * 1:8362 <-> DISABLED <-> MALWARE-BACKDOOR black curse 4.0 runtime detection - normal init connection (malware-backdoor.rules) * 1:7739 <-> DISABLED <-> MALWARE-BACKDOOR alexmessomalex runtime detection - grab (malware-backdoor.rules) * 1:9339 <-> DISABLED <-> MALWARE-OTHER klez.g web propagation detection (malware-other.rules) * 1:9327 <-> DISABLED <-> MALWARE-OTHER netsky.af smtp propagation detection (malware-other.rules) * 1:7803 <-> DISABLED <-> MALWARE-BACKDOOR war trojan ver1.0 runtime detection - send messages (malware-backdoor.rules) * 1:7800 <-> DISABLED <-> MALWARE-BACKDOOR incommand 1.7 runtime detection - file manage 2 (malware-backdoor.rules) * 1:8361 <-> DISABLED <-> MALWARE-BACKDOOR black curse 4.0 runtime detection - inverse init connection (malware-backdoor.rules) * 1:7752 <-> DISABLED <-> MALWARE-BACKDOOR buschtrommel 1.22 runtime detection - initial connection (malware-backdoor.rules) * 1:9409 <-> DISABLED <-> MALWARE-OTHER atak.b smtp propagation detection (malware-other.rules) * 1:7733 <-> DISABLED <-> MALWARE-BACKDOOR outbreak_0.2.7 runtime detection - initial connection (malware-backdoor.rules) * 1:9349 <-> DISABLED <-> MALWARE-OTHER plemood smtp propagation detection (malware-other.rules) * 1:9374 <-> DISABLED <-> MALWARE-OTHER creepy.b smtp propagation detection (malware-other.rules) * 1:9366 <-> DISABLED <-> MALWARE-OTHER mimail.s smtp propagation detection (malware-other.rules) * 1:9402 <-> DISABLED <-> MALWARE-OTHER welchia tftp propagation detection (malware-other.rules) * 1:8076 <-> DISABLED <-> MALWARE-BACKDOOR mithril runtime detection - get system information (malware-backdoor.rules) * 1:9398 <-> DISABLED <-> MALWARE-OTHER totilix.a smtp propagation detection (malware-other.rules) * 1:8543 <-> DISABLED <-> MALWARE-OTHER Trackware deluxecommunications runtime detection - display popup ads (malware-other.rules) * 1:7835 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool nettracker runtime detection - report browsing (malware-tools.rules) * 1:7672 <-> DISABLED <-> MALWARE-BACKDOOR remoter runtime detection - initial connection (malware-backdoor.rules) * 1:9392 <-> DISABLED <-> MALWARE-OTHER bagle.j smtp propagation detection (malware-other.rules) * 1:9341 <-> DISABLED <-> MALWARE-OTHER sasser open ftp command shell (malware-other.rules) * 1:7707 <-> DISABLED <-> MALWARE-BACKDOOR omniquad instant remote control runtime detection - file transfer setup (malware-backdoor.rules) * 1:7738 <-> DISABLED <-> MALWARE-BACKDOOR alexmessomalex runtime detection - initial connection (malware-backdoor.rules) * 1:9413 <-> DISABLED <-> MALWARE-OTHER ganda smtp propagation detection (malware-other.rules) * 1:9333 <-> DISABLED <-> MALWARE-OTHER mimail.e smtp propagation detection (malware-other.rules) * 1:9399 <-> DISABLED <-> MALWARE-OTHER hanged smtp propagation detection (malware-other.rules) * 1:9364 <-> DISABLED <-> MALWARE-OTHER klez.e web propagation detection (malware-other.rules) * 1:7767 <-> DISABLED <-> MALWARE-BACKDOOR nt remote controller 2000 runtime detection - foldermonitor server-to-client (malware-backdoor.rules) * 1:9345 <-> DISABLED <-> MALWARE-OTHER kipis.a smtp propagation detection (malware-other.rules) * 1:7691 <-> DISABLED <-> MALWARE-BACKDOOR evade runtime detection - file manager (malware-backdoor.rules) * 1:8466 <-> DISABLED <-> MALWARE-OTHER Keylogger netobserve runtime detection - email notification (malware-other.rules) * 1:7686 <-> DISABLED <-> MALWARE-BACKDOOR illusion runtime detection - get remote info server-to-client (malware-backdoor.rules) * 1:9401 <-> DISABLED <-> MALWARE-OTHER gokar http propagation detection (malware-other.rules) * 1:9403 <-> DISABLED <-> MALWARE-OTHER netsky.aa smtp propagation detection (malware-other.rules) * 1:9410 <-> DISABLED <-> MALWARE-OTHER netsky.z smtp propagation detection (malware-other.rules) * 1:7677 <-> DISABLED <-> MALWARE-BACKDOOR cool remote control or crackdown runtime detection - initial connection (malware-backdoor.rules) * 1:8463 <-> DISABLED <-> MALWARE-OTHER Trackware duduaccelerator runtime detection - trace login info (malware-other.rules) * 1:7809 <-> DISABLED <-> MALWARE-BACKDOOR fatal wound 1.0 runtime detection - upload (malware-backdoor.rules) * 1:9416 <-> DISABLED <-> MALWARE-OTHER bagle.at smtp propagation detection (malware-other.rules) * 1:7706 <-> DISABLED <-> MALWARE-BACKDOOR omniquad instant remote control runtime detection - initial connection (malware-backdoor.rules) * 1:9334 <-> DISABLED <-> MALWARE-OTHER lovgate.c smtp propagation detection (malware-other.rules) * 1:9375 <-> DISABLED <-> MALWARE-OTHER duksten.c smtp propagation detection (malware-other.rules) * 1:7703 <-> DISABLED <-> MALWARE-BACKDOOR roach 1.0 runtime detection - remote control actions (malware-backdoor.rules) * 1:7771 <-> DISABLED <-> MALWARE-BACKDOOR messiah 4.0 runtime detection - get server info (malware-backdoor.rules) * 1:9346 <-> DISABLED <-> MALWARE-OTHER klez.b web propagation detection (malware-other.rules) * 1:7710 <-> DISABLED <-> MALWARE-BACKDOOR fear1.5/aciddrop1.0 runtime detection - initial connection (malware-backdoor.rules) * 1:9381 <-> DISABLED <-> MALWARE-OTHER lara smtp propagation detection (malware-other.rules) * 1:7667 <-> DISABLED <-> MALWARE-BACKDOOR screen control 1.0 runtime detection - capture on port 2208 (malware-backdoor.rules) * 1:7701 <-> DISABLED <-> MALWARE-BACKDOOR brain wiper runtime detection - chat (malware-backdoor.rules) * 1:9397 <-> DISABLED <-> MALWARE-OTHER neysid smtp propagation detection (malware-other.rules) * 1:9400 <-> DISABLED <-> MALWARE-OTHER abotus smtp propagation detection (malware-other.rules) * 1:7684 <-> DISABLED <-> MALWARE-BACKDOOR hrat 1.0 runtime detection (malware-backdoor.rules) * 1:9382 <-> DISABLED <-> MALWARE-OTHER fearso.c smtp propagation detection (malware-other.rules) * 1:7822 <-> DISABLED <-> MALWARE-BACKDOOR xbkdr runtime detection (malware-backdoor.rules) * 1:8467 <-> DISABLED <-> MALWARE-OTHER Keylogger netobserve runtime detection - remote login response (malware-other.rules) * 1:7773 <-> DISABLED <-> MALWARE-BACKDOOR messiah 4.0 runtime detection - enable keylogger (malware-backdoor.rules) * 1:7724 <-> DISABLED <-> MALWARE-BACKDOOR reversable ver1.0 runtime detection - initial connection - flowbit set (malware-backdoor.rules) * 1:9331 <-> DISABLED <-> MALWARE-OTHER mydoom.m smtp propagation detection (malware-other.rules) * 1:9370 <-> DISABLED <-> MALWARE-OTHER bagle.b smtp propagation detection (malware-other.rules) * 1:7785 <-> DISABLED <-> MALWARE-BACKDOOR forced control uploader runtime detection - connection with password (malware-backdoor.rules) * 1:7675 <-> DISABLED <-> MALWARE-BACKDOOR remote havoc runtime detection (malware-backdoor.rules) * 1:9407 <-> DISABLED <-> MALWARE-OTHER lovgate.b netshare propagation detection (malware-other.rules) * 1:9365 <-> DISABLED <-> MALWARE-OTHER cult.c smtp propagation detection (malware-other.rules) * 1:9404 <-> DISABLED <-> MALWARE-OTHER netsky.ac smtp propagation detection (malware-other.rules) * 1:7812 <-> DISABLED <-> MALWARE-BACKDOOR abacab runtime detection - banner (malware-backdoor.rules) * 1:7847 <-> DISABLED <-> MALWARE-OTHER Keylogger clogger 1.0 runtime detection - send log through email (malware-other.rules) * 1:9376 <-> DISABLED <-> MALWARE-OTHER fishlet.a smtp propagation detection (malware-other.rules) * 1:9342 <-> DISABLED <-> MALWARE-OTHER paroc.a smtp propagation detection (malware-other.rules) * 1:9340 <-> DISABLED <-> MALWARE-OTHER klez.i web propagation detection (malware-other.rules) * 1:9344 <-> DISABLED <-> MALWARE-OTHER kindal smtp propagation detection (malware-other.rules) * 1:7837 <-> DISABLED <-> MALWARE-OTHER Keylogger spyoutside runtime detection - email delivery (malware-other.rules) * 1:7699 <-> DISABLED <-> MALWARE-BACKDOOR brain wiper runtime detection - launch application (malware-backdoor.rules) * 1:7816 <-> DISABLED <-> MALWARE-BACKDOOR darkmoon reverse connection detection - cts (malware-backdoor.rules) * 1:8078 <-> DISABLED <-> MALWARE-BACKDOOR mithril runtime detection - get process list (malware-backdoor.rules) * 1:9355 <-> DISABLED <-> MALWARE-OTHER deborm.u netshare propagation detection (malware-other.rules) * 1:7758 <-> DISABLED <-> MALWARE-BACKDOOR glacier runtime detection - initial connection and directory browse (malware-backdoor.rules) * 1:9372 <-> DISABLED <-> MALWARE-OTHER blebla.a smtp propagation detection (malware-other.rules) * 1:9385 <-> DISABLED <-> MALWARE-OTHER collo.a smtp propagation detection (malware-other.rules) * 1:7793 <-> DISABLED <-> MALWARE-BACKDOOR remote anything 5.11.22 runtime detection - chat with attacker (malware-backdoor.rules) * 1:9361 <-> DISABLED <-> MALWARE-OTHER mimail.l smtp propagation detection (malware-other.rules) * 1:7802 <-> DISABLED <-> MALWARE-BACKDOOR portal of doom runtime detection - udp stc (malware-backdoor.rules) * 1:9426 <-> DISABLED <-> MALWARE-OTHER mydoom.ap attachment (malware-other.rules) * 1:9425 <-> DISABLED <-> MALWARE-OTHER netsky attachment (malware-other.rules) * 1:21122 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bandok.zp runtime traffic detected (malware-cnc.rules) * 1:21123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flymux.A runtime traffic detected (malware-cnc.rules) * 1:21124 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Opachki.A runtime traffic detected (malware-cnc.rules) * 1:21125 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alureon.DG runtime traffic detected (malware-cnc.rules) * 1:21126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koutodoor.C runtime traffic detected (malware-cnc.rules) * 1:21127 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Setfic.A runtime traffic detected (malware-cnc.rules) * 1:21128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dromedan.A runtime traffic detected (malware-cnc.rules) * 1:21142 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot.PKJ runtime traffic detected (malware-cnc.rules) * 1:21143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot.PKJ runtime traffic detected (malware-cnc.rules) * 1:21144 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot.PKJ runtime traffic detected (malware-cnc.rules) * 1:21145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neraweq.A runtime traffic detected (malware-cnc.rules) * 1:21218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodager.C variant outbound connection (malware-cnc.rules) * 1:21249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBasddsa.A runtime traffic detected (malware-cnc.rules) * 1:21250 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBasddsa.A runtime traffic detected (malware-cnc.rules) * 1:21273 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tusha variant runtime traffic detected (malware-cnc.rules) * 1:21274 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tusha variant runtime traffic detected (malware-cnc.rules) * 1:21277 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shexie.A runtime traffic detected (malware-cnc.rules) * 1:21294 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancodor.be runtime traffic detected (malware-cnc.rules) * 1:21303 <-> DISABLED <-> MALWARE-CNC Win32 Initor.ag runtime traffic detected (malware-cnc.rules) * 1:21359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.jju runtime traffic detected (malware-cnc.rules) * 1:21360 <-> DISABLED <-> MALWARE-CNC Win32 Agent.dbzx runtime traffic detected (malware-cnc.rules) * 1:21361 <-> DISABLED <-> MALWARE-CNC Worm.Win32.TDownland.ca runtime traffic detected (malware-cnc.rules) * 1:21362 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TDSS.aa runtime traffic detected (malware-cnc.rules) * 1:21364 <-> DISABLED <-> MALWARE-CNC DOQ.gen.y RUNTIME traffic detected (malware-cnc.rules) * 1:21365 <-> DISABLED <-> MALWARE-CNC DOQ.gen.y RUNTIME traffic detected (malware-cnc.rules) * 1:21366 <-> DISABLED <-> MALWARE-CNC DOQ.gen.y INSTALL traffic detected (malware-cnc.rules) * 1:21367 <-> DISABLED <-> MALWARE-CNC Win32 VB.abcl runtime traffic detected (malware-cnc.rules) * 1:21368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wallop.de runtime traffic detected (malware-cnc.rules) * 1:21369 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wallop.de runtime traffic detected (malware-cnc.rules) * 1:21372 <-> DISABLED <-> MALWARE-CNC Malware Defense runtime traffic detected (malware-cnc.rules) * 1:21373 <-> DISABLED <-> MALWARE-CNC Malware Defense runtime traffic detected (malware-cnc.rules) * 1:21374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bifrose.EF runtime traffic detected (malware-cnc.rules) * 1:21376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Microjoin activity detected (malware-cnc.rules) * 1:21379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Genome.Amqj runtime traffic detected (malware-cnc.rules) * 1:21381 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dialer.ngb runtime traffic detected (malware-cnc.rules) * 1:21382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuqel.Q host setting3.yeahost.com runtime traffic detected (malware-cnc.rules) * 1:21383 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuqel.Q host 9999mb.com runtime traffic detected (malware-cnc.rules) * 1:21384 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuqel.Q host freewebs.com runtime traffic detected (malware-cnc.rules) * 1:21386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wadolin.A runtime traffic detected (malware-cnc.rules) * 1:21390 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agobot.dl runtime traffic detected (malware-cnc.rules) * 1:21391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.dcac runtime traffic detected (malware-cnc.rules) * 1:21416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankpatch authentication string detected (malware-cnc.rules) * 1:21444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TDSS variant outbound connection (malware-cnc.rules) * 1:21464 <-> DISABLED <-> MALWARE-CNC Downloader-CEW.b runtime traffic detected (malware-cnc.rules) * 1:21466 <-> DISABLED <-> MALWARE-CNC Autorun.BDS runtime traffic detected (malware-cnc.rules) * 1:21473 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GameThief variant outbound connection (malware-cnc.rules) * 1:21477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Noobot variant outbound connection (malware-cnc.rules) * 1:21496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saeeka variant outbound connection (malware-cnc.rules) * 1:21497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saeeka variant outbound connection (malware-cnc.rules) * 1:21511 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vaxpy variant outbound connection (malware-cnc.rules) * 1:21520 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayrob variant outbound connection (malware-cnc.rules) * 1:21521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayrob update connection (malware-cnc.rules) * 1:21527 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader registration connection detection (malware-cnc.rules) * 1:21528 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader keep-alive connection detection (malware-cnc.rules) * 1:21769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LogonInvader.a variant outbound connection (malware-cnc.rules) * 1:21846 <-> DISABLED <-> MALWARE-CNC TDS Sutra - request in.cgi (malware-cnc.rules) * 1:21848 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - page redirecting to a SutraTDS (malware-other.rules) * 1:21849 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - HTTP header redirecting to a SutraTDS (malware-other.rules) * 1:21968 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Rebhip.A variant outbound connection type A (malware-backdoor.rules) * 1:21969 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Rebhip.A variant outbound connection type B (malware-backdoor.rules) * 1:21978 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nervos variant outbound connection (malware-backdoor.rules) * 1:21979 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nervos variant inbound connection (malware-backdoor.rules) * 1:21997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:21998 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:22000 <-> DISABLED <-> MALWARE-CNC Win.Worm.amna variant outbound connection (malware-cnc.rules) * 1:22001 <-> DISABLED <-> MALWARE-CNC Win.Worm.amna variant outbound connection (malware-cnc.rules) * 1:22953 <-> DISABLED <-> MALWARE-TOOLS Hulk denial of service attempt (malware-tools.rules) * 1:23051 <-> DISABLED <-> MALWARE-CNC Dybalom.A runtime traffic detected (malware-cnc.rules) * 1:23176 <-> DISABLED <-> MALWARE-CNC Donbot.A runtime traffic detected (malware-cnc.rules) * 1:23234 <-> DISABLED <-> MALWARE-CNC Frethog.MK runtime traffic detected (malware-cnc.rules) * 1:23235 <-> DISABLED <-> MALWARE-CNC PBin.A runtime traffic detected (malware-cnc.rules) * 1:23252 <-> DISABLED <-> MALWARE-CNC MacOS.MacKontrol variant outbound connection (malware-cnc.rules) * 1:23255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duojeen variant outbound connection (malware-cnc.rules) * 1:23257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duojeen variant outbound connection (malware-cnc.rules) * 1:23306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stealer connect to server (malware-cnc.rules) * 1:23308 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Bucriv variant outbound connection (malware-cnc.rules) * 1:23317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper initial variant outbound connection (malware-cnc.rules) * 1:23333 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker initial C&C checkin (malware-cnc.rules) * 1:23336 <-> DISABLED <-> MALWARE-CNC Linfo.A variant outbound connection (malware-cnc.rules) * 1:23339 <-> DISABLED <-> MALWARE-CNC Prier.A variant outbound connection (malware-cnc.rules) * 1:23343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:23399 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Govdi.A variant outbound connection (malware-cnc.rules) * 1:23468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules) * 1:23377 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sasfis variant outbound connection (malware-cnc.rules) * 1:23378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sasfis variant outbound connection (malware-cnc.rules) * 1:23379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Leepload variant outbound connection (malware-cnc.rules) * 1:23380 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ventana initial variant outbound connection (malware-cnc.rules) * 1:23381 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Thoper.C runtime detection (malware-backdoor.rules) * 1:23387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:23389 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Java.Arratomref variant outbound connection (malware-cnc.rules) * 1:23390 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Java.Arratomref variant outbound connection (malware-cnc.rules) * 1:23446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax.A variant outbound connection (malware-cnc.rules) * 1:23447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax.A variant outbound connection (malware-cnc.rules) * 1:23449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Servstart.ax variant outbound connection (malware-cnc.rules) * 1:23448 <-> DISABLED <-> MALWARE-CNC Win.Worm.Psyokym variant outbound connection (malware-cnc.rules) * 1:23494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Onitab.A outbound connection (malware-cnc.rules) * 1:23495 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kugdifod.A variant outbound connection (malware-cnc.rules) * 1:23593 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler variant outbound connection (malware-cnc.rules) * 1:23344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Harvso.A variant outbound connection (malware-cnc.rules) * 1:23483 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Georbot file download (malware-backdoor.rules) * 1:23469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules) * 1:23594 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Papras variant outbound connection (malware-cnc.rules) * 1:23340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nitol.B variant outbound connection (malware-cnc.rules) * 1:9424 <-> DISABLED <-> MALWARE-OTHER /winnt/explorer.exe unicode klez infection (malware-other.rules) * 1:9648 <-> DISABLED <-> MALWARE-OTHER Keylogger emailspypro runtime detection (malware-other.rules) * 1:9647 <-> DISABLED <-> MALWARE-OTHER Keylogger system surveillance pro runtime detection (malware-other.rules) * 1:9655 <-> DISABLED <-> MALWARE-BACKDOOR apofis 1.0 runtime detection - remote controlling (malware-backdoor.rules) * 1:9657 <-> DISABLED <-> MALWARE-BACKDOOR bersek 1.0 runtime detection - init connection (malware-backdoor.rules) * 1:7669 <-> DISABLED <-> MALWARE-BACKDOOR screen control 1.0 runtime detection - capture on port 2213 (malware-backdoor.rules) * 1:9650 <-> DISABLED <-> MALWARE-OTHER Keylogger ghost Keylogger runtime detection (malware-other.rules) * 1:9653 <-> DISABLED <-> MALWARE-CNC apofis 1.0 variant outbound connection php notification (malware-cnc.rules) * 1:10453 <-> DISABLED <-> MALWARE-BACKDOOR zalivator 1.4.2 pro runtime detection - smtp notification (malware-backdoor.rules) * 1:23597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.DHD variant outbound connection (malware-cnc.rules) * 1:23598 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Slagent outgoing connection (malware-cnc.rules) * 1:23599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Slagent outgoing connection (malware-cnc.rules) * 1:23606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy.A outbound connection (malware-cnc.rules) * 1:23607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy.A outbound connection (malware-cnc.rules) * 1:23634 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kegotip variant outbound connection (malware-cnc.rules) * 1:23782 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus.kych variant outbound connection (malware-cnc.rules) * 1:23787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locotout variant outbound connection (malware-cnc.rules) * 1:23788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locotout variant outbound connection (malware-cnc.rules) * 1:23794 <-> DISABLED <-> MALWARE-CNC known command and control traffic (malware-cnc.rules) * 1:23876 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scirib variant outbound connection (malware-cnc.rules) * 1:23877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dtfanri variant outbound connection (malware-cnc.rules) * 1:23935 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zakahic variant outbound connection (malware-cnc.rules) * 1:23936 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zakahic variant outbound connection (malware-cnc.rules) * 1:23941 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Aharm variant outbound connection (malware-cnc.rules) * 1:23948 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sicisono variant outbound connection (malware-cnc.rules) * 1:23949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TKcik variant outbound connection (malware-cnc.rules) * 1:23952 <-> DISABLED <-> MALWARE-TOOLS Tors Hammer slow post flood attempt (malware-tools.rules) * 1:23953 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comfoo variant outbound connection (malware-cnc.rules) * 1:23955 <-> DISABLED <-> MALWARE-CNC Xhuna.A variant outbound connection (malware-cnc.rules) * 1:23963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Runagry variant outbound connection (malware-cnc.rules) * 1:23971 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kabwak variant outbound connection (malware-cnc.rules) * 1:23973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vampols variant inbound connection (malware-cnc.rules) * 1:23976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Genome initial variant outbound connection (malware-cnc.rules) * 1:23977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Genome runtime update to cnc-server (malware-cnc.rules) * 1:24011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransomer variant outbound connection (malware-cnc.rules) * 1:24012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cbot variant outbound connection - inital contact (malware-cnc.rules) * 1:24013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cbot variant outbound connection - inital contact (malware-cnc.rules) * 1:24014 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cbot variant outbound connection - inital contact (malware-cnc.rules) * 1:24016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Madon variant outbound connection - variant outbound connection (malware-cnc.rules) * 1:24035 <-> DISABLED <-> MALWARE-CNC Downloader.Inject variant outbound connection (malware-cnc.rules) * 1:24082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules) * 1:24092 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Clisbot variant outbound connection (malware-cnc.rules) * 1:24107 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a BMP file (malware-other.rules) * 1:24123 <-> DISABLED <-> MALWARE-BACKDOOR Virus.Win32.Xpaj.A variant outbound connection (malware-backdoor.rules) * 1:24173 <-> DISABLED <-> MALWARE-BACKDOOR Trojan-Downloader.Win32.Doneltart.A runtime detection (malware-backdoor.rules) * 1:24174 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lataa variant outbound connection (malware-cnc.rules) * 1:24175 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lataa variant outbound connection (malware-cnc.rules) * 1:24191 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Raven variant outbound connection (malware-cnc.rules) * 1:24271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Bancos variant outbound connection (malware-cnc.rules) * 1:24288 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flexty variant outbound connection (malware-cnc.rules) * 1:6029 <-> DISABLED <-> MALWARE-CNC fkwp 2.0 variant outbound connection icq notification (malware-cnc.rules) * 1:24307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Workir variant outbound connection (malware-cnc.rules) * 1:24308 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Workir variant outbound connection (malware-cnc.rules) * 1:24334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (malware-cnc.rules) * 1:24345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drexonin variant outbound connection (malware-cnc.rules) * 1:24346 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:24347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Bloropac variant outbound connection (malware-cnc.rules) * 1:24368 <-> DISABLED <-> MALWARE-CNC Lizamoon sql injection campaign phone-home (malware-cnc.rules) * 1:24369 <-> DISABLED <-> MALWARE-CNC Lizamoon sql injection campaign ur.php response detected (malware-cnc.rules) * 1:24373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Agent variant outbound connection (malware-cnc.rules) * 1:24374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Agent variant outbound connection (malware-cnc.rules) * 1:24376 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.Delf.KDV runtime detection (malware-backdoor.rules) * 1:24377 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.FakeAV.FakeAlert runtime detection (malware-backdoor.rules) * 1:24383 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dipwit outbound connection (malware-cnc.rules) * 1:24384 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules) * 1:24385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules) * 1:24398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mooochq variant outbound connection (malware-cnc.rules) * 1:24399 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mooochq variant outbound connection (malware-cnc.rules) * 1:24400 <-> DISABLED <-> MALWARE-BACKDOOR Backdoor.Win32.Protos.A runtime detection (malware-backdoor.rules) * 1:24402 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO install time detection (malware-backdoor.rules) * 1:24403 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO runtime detection (malware-backdoor.rules) * 1:24404 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO runtime detection (malware-backdoor.rules) * 1:24405 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:24416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:24417 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:24418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24419 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24420 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Misun variant outbound connection (malware-cnc.rules) * 1:24426 <-> DISABLED <-> MALWARE-OTHER Java.Trojan.Jacksbot class download (malware-other.rules) * 1:24427 <-> DISABLED <-> MALWARE-OTHER Java.Trojan.Jacksbot jar download (malware-other.rules) * 1:24437 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mirage variant outbound connection (malware-cnc.rules) * 1:24438 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mirage variant outbound connection (malware-cnc.rules) * 1:24443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules) * 1:24444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules) * 1:24445 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules) * 1:24449 <-> DISABLED <-> MALWARE-CNC Java.Exploit.Agent variant outbound connection (malware-cnc.rules) * 1:24450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tibeli variant outbound connection (malware-cnc.rules) * 1:24451 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quervar variant outbound connection (malware-cnc.rules) * 1:24529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Begman variant connection to cnc-server (malware-cnc.rules) * 1:24540 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Spy.Heur variant outbound connection attempt (malware-backdoor.rules) * 1:24541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Unebot variant outbound connection (malware-cnc.rules) * 1:24542 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Beystreet variant outbound connection (malware-cnc.rules) * 1:24545 <-> DISABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client response (malware-backdoor.rules) * 1:24562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules) * 1:24565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msposer variant outbound connection (malware-cnc.rules) * 1:24567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Olmarik variant outbound connection (malware-cnc.rules) * 1:24569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:24576 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Barus variant outbound connection (malware-cnc.rules) * 1:24586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Barkiofork variant outbound connection (malware-cnc.rules) * 1:24623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules) * 1:24635 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Dycler variant outbound connection (malware-cnc.rules) * 1:24857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (malware-cnc.rules) * 1:24916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:24917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Turspy variant outbound connection (malware-cnc.rules) * 1:24918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Turspy variant outbound connection (malware-cnc.rules) * 1:24976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26852 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer create-add range on DOM objects memory corruption attempt (browser-ie.rules) * 1:26853 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer create-add range on DOM objects memory corruption attempt (browser-ie.rules) * 1:3010 <-> DISABLED <-> MALWARE-CNC RUX the Tick get windows directory (malware-cnc.rules) * 1:3011 <-> DISABLED <-> MALWARE-CNC RUX the Tick get system directory (malware-cnc.rules) * 1:3012 <-> DISABLED <-> MALWARE-CNC RUX the Tick upload/execute arbitrary file (malware-cnc.rules) * 1:3014 <-> DISABLED <-> MALWARE-CNC Asylum 0.1 connection (malware-cnc.rules) * 1:3015 <-> DISABLED <-> MALWARE-CNC Insane Network 4.0 connection (malware-cnc.rules) * 1:3016 <-> DISABLED <-> MALWARE-CNC Insane Network 4.0 connection port 63536 (malware-cnc.rules) * 1:3064 <-> DISABLED <-> MALWARE-BACKDOOR Vampire 1.2 connection confirmation (malware-backdoor.rules) * 1:3155 <-> DISABLED <-> MALWARE-BACKDOOR BackOrifice 2000 Inbound Traffic (malware-backdoor.rules) * 1:3635 <-> DISABLED <-> MALWARE-BACKDOOR Amanda 2.0 connection established (malware-backdoor.rules) * 1:3636 <-> DISABLED <-> MALWARE-BACKDOOR Crazzy Net 5.0 connection established (malware-backdoor.rules) * 1:39528 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF WRAssembly ASLR bypass download attempt (file-office.rules) * 1:39529 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF WRAssembly ASLR bypass download attempt (file-office.rules) * 1:40606 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:5742 <-> DISABLED <-> MALWARE-OTHER Keylogger activitylogger runtime detection (malware-other.rules) * 1:5759 <-> DISABLED <-> MALWARE-OTHER Keylogger fearlesskeyspy runtime detection (malware-other.rules) * 1:5777 <-> DISABLED <-> MALWARE-OTHER Keylogger gurl watcher runtime detection (malware-other.rules) * 1:5778 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwpe windows activity logs (malware-other.rules) * 1:5779 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwpe shell file logs (malware-other.rules) * 1:5780 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwpe word filtered echelon log (malware-other.rules) * 1:5781 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwae windows activity logs (malware-other.rules) * 1:5782 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwae word filtered echelon log (malware-other.rules) * 1:5783 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwae keystrokes log (malware-other.rules) * 1:5784 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwae urls browsed log (malware-other.rules) * 1:5790 <-> DISABLED <-> MALWARE-OTHER Keylogger pc actmon pro runtime detection - smtp (malware-other.rules) * 1:5812 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - email notification (malware-tools.rules) * 1:5814 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - create redirection (malware-tools.rules) * 1:5816 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - destory redirection (malware-tools.rules) * 1:5819 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - check status (malware-tools.rules) * 1:5821 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - destory log (malware-tools.rules) * 1:5823 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - view netstat (malware-tools.rules) * 1:5839 <-> DISABLED <-> MALWARE-OTHER Trackware ucmore runtime detection - click sponsor/ad link (malware-other.rules) * 1:5875 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool eraser runtime detection - detonate (malware-tools.rules) * 1:5876 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool eraser runtime detection - disinfect (malware-tools.rules) * 1:5956 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool ghostvoice 1.02 icq notification of server installation (malware-tools.rules) * 1:5958 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool ghostvoice 1.02 runtime detection - init connection with password requirement (malware-tools.rules) * 1:6016 <-> DISABLED <-> MALWARE-BACKDOOR dsk lite 1.0 runtime detection - initial connection (malware-backdoor.rules) * 1:6017 <-> DISABLED <-> MALWARE-BACKDOOR dsk lite 1.0 runtime detection - disconnect (malware-backdoor.rules) * 1:6018 <-> DISABLED <-> MALWARE-CNC dsk lite 1.0 variant outbound connection icq notification (malware-cnc.rules) * 1:6019 <-> DISABLED <-> MALWARE-CNC dsk lite 1.0 variant outbound connection cgi notification (malware-cnc.rules) * 1:6020 <-> DISABLED <-> MALWARE-CNC dsk lite 1.0 variant outbound connection php notification (malware-cnc.rules) * 1:6021 <-> DISABLED <-> MALWARE-BACKDOOR silent spy 2.10 command response port 4225 (malware-backdoor.rules) * 1:6022 <-> DISABLED <-> MALWARE-BACKDOOR silent spy 2.10 command response port 4226 (malware-backdoor.rules) * 1:6023 <-> DISABLED <-> MALWARE-CNC silent spy 2.10 variant outbound connection icq notification (malware-cnc.rules) * 1:6024 <-> DISABLED <-> MALWARE-BACKDOOR nuclear rat v6_21 runtime detection (malware-backdoor.rules) * 1:6026 <-> DISABLED <-> MALWARE-BACKDOOR dimbus 1.0 runtime detection - get pc info (malware-backdoor.rules) * 1:6028 <-> DISABLED <-> MALWARE-BACKDOOR cyberpaky runtime detection (malware-backdoor.rules) * 1:23595 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Papras variant outbound connection (malware-cnc.rules) * 1:6035 <-> DISABLED <-> MALWARE-BACKDOOR minicommand runtime detection - initial connection server-to-client (malware-backdoor.rules) * 1:6037 <-> DISABLED <-> MALWARE-BACKDOOR netbus 1.7 runtime detection - email notification (malware-backdoor.rules) * 1:6039 <-> DISABLED <-> MALWARE-CNC fade 1.0 variant outbound connection notification (malware-cnc.rules) * 1:6042 <-> DISABLED <-> MALWARE-CNC fear 0.2 variant outbound connection php notification (malware-cnc.rules) * 1:6043 <-> DISABLED <-> MALWARE-CNC fear 0.2 variant outbound connection cgi notification (malware-cnc.rules) * 1:6046 <-> DISABLED <-> MALWARE-BACKDOOR fear 0.2 runtime detection - initial connection (malware-backdoor.rules) * 1:6048 <-> DISABLED <-> MALWARE-BACKDOOR fun factory runtime detection - connect (malware-backdoor.rules) * 1:6050 <-> DISABLED <-> MALWARE-BACKDOOR fun factory runtime detection - upload (malware-backdoor.rules) * 1:6052 <-> DISABLED <-> MALWARE-BACKDOOR fun factory runtime detection - set volume (malware-backdoor.rules) * 1:6054 <-> DISABLED <-> MALWARE-BACKDOOR fun factory runtime detection - do script remotely (malware-backdoor.rules) * 1:6058 <-> DISABLED <-> MALWARE-CNC neurotickat1.3 variant outbound connection icq notification (malware-cnc.rules) * 1:6059 <-> DISABLED <-> MALWARE-CNC neurotickat1.3 variant outbound connection cgi notification (malware-cnc.rules) * 1:6062 <-> DISABLED <-> MALWARE-BACKDOOR neurotickat1.3 runtime detection - initial connection (malware-backdoor.rules) * 1:6064 <-> DISABLED <-> MALWARE-BACKDOOR schwindler 1.82 runtime detection (malware-backdoor.rules) * 1:6066 <-> DISABLED <-> MALWARE-BACKDOOR optixlite 1.0 runtime detection - connection success server-to-client (malware-backdoor.rules) * 1:6069 <-> DISABLED <-> MALWARE-CNC optixlite 1.0 variant outbound connection icq notification (malware-cnc.rules) * 1:6070 <-> DISABLED <-> MALWARE-BACKDOOR freak 1.0 runtime detection - irc notification (malware-backdoor.rules) * 1:6071 <-> DISABLED <-> MALWARE-CNC freak 1.0 variant outbound connection icq notification (malware-cnc.rules) * 1:6073 <-> DISABLED <-> MALWARE-BACKDOOR freak 1.0 runtime detection - initial connection server-to-client (malware-backdoor.rules) * 1:6075 <-> DISABLED <-> MALWARE-BACKDOOR xhx 1.6 runtime detection - initial connection server-to-client (malware-backdoor.rules) * 1:6076 <-> DISABLED <-> MALWARE-BACKDOOR amiboide uploader runtime detection - init connection (malware-backdoor.rules) * 1:6078 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - get information (malware-backdoor.rules) * 1:6080 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - show autospy (malware-backdoor.rules) * 1:6082 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - show nude pic (malware-backdoor.rules) * 1:6084 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - hide taskbar (malware-backdoor.rules) * 1:6086 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - make directory (malware-backdoor.rules) * 1:6088 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection - init connection (malware-backdoor.rules) * 1:6090 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection - get memory info (malware-backdoor.rules) * 1:6092 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection - get harddisk info (malware-backdoor.rules) * 1:6094 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection - get drive info (malware-backdoor.rules) * 1:6096 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection - get system info (malware-backdoor.rules) * 1:6098 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection - check server (malware-backdoor.rules) * 1:6100 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection - view content of directory (malware-backdoor.rules) * 1:6102 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection - execute command (malware-backdoor.rules) * 1:6104 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection - upload file (malware-backdoor.rules) * 1:6106 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection - download file (malware-backdoor.rules) * 1:6107 <-> DISABLED <-> MALWARE-BACKDOOR backage 3.1 runtime detection (malware-backdoor.rules) * 1:6109 <-> DISABLED <-> MALWARE-BACKDOOR dagger v1.1.40 runtime detection (malware-backdoor.rules) * 1:6110 <-> DISABLED <-> MALWARE-BACKDOOR forced entry v1.1 beta runtime detection (malware-backdoor.rules) * 1:6113 <-> DISABLED <-> MALWARE-BACKDOOR optix 1.32 runtime detection - init conn (malware-backdoor.rules) * 1:6114 <-> DISABLED <-> MALWARE-BACKDOOR optix 1.32 runtime detection - email notification (malware-backdoor.rules) * 1:6115 <-> DISABLED <-> MALWARE-CNC optix 1.32 variant outbound connection icq notification (malware-cnc.rules) * 1:6117 <-> DISABLED <-> MALWARE-BACKDOOR fore v1.0 beta runtime detection - init conn (malware-backdoor.rules) * 1:6119 <-> DISABLED <-> MALWARE-BACKDOOR net runner runtime detection - initial connection server-to-client (malware-backdoor.rules) * 1:6121 <-> DISABLED <-> MALWARE-BACKDOOR net runner runtime detection - download file server-to-client (malware-backdoor.rules) * 1:6124 <-> DISABLED <-> MALWARE-BACKDOOR ambush 1.0 runtime detection - ping server-to-client (malware-backdoor.rules) * 1:6126 <-> DISABLED <-> MALWARE-BACKDOOR dkangel runtime detection - smtp (malware-backdoor.rules) * 1:6127 <-> DISABLED <-> MALWARE-BACKDOOR dkangel runtime detection - udp client-to-server (malware-backdoor.rules) * 1:6128 <-> DISABLED <-> MALWARE-BACKDOOR dkangel runtime detection - icmp echo reply client-to-server (malware-backdoor.rules) * 1:6130 <-> DISABLED <-> MALWARE-BACKDOOR chupacabra 1.0 runtime detection - get computer name (malware-backdoor.rules) * 1:6132 <-> DISABLED <-> MALWARE-BACKDOOR chupacabra 1.0 runtime detection - get user name (malware-backdoor.rules) * 1:6133 <-> DISABLED <-> MALWARE-BACKDOOR chupacabra 1.0 runtime detection - send messages (malware-backdoor.rules) * 1:6134 <-> DISABLED <-> MALWARE-BACKDOOR chupacabra 1.0 runtime detection - delete file (malware-backdoor.rules) * 1:6136 <-> DISABLED <-> MALWARE-BACKDOOR clindestine 1.0 runtime detection - capture big screen (malware-backdoor.rules) * 1:6137 <-> DISABLED <-> MALWARE-BACKDOOR clindestine 1.0 runtime detection - capture small screen (malware-backdoor.rules) * 1:6138 <-> DISABLED <-> MALWARE-BACKDOOR clindestine 1.0 runtime detection - get computer info (malware-backdoor.rules) * 1:6139 <-> DISABLED <-> MALWARE-BACKDOOR clindestine 1.0 runtime detection - get system directory (malware-backdoor.rules) * 1:6142 <-> DISABLED <-> MALWARE-BACKDOOR hellzaddiction v1.0e runtime detection - ftp open (malware-backdoor.rules) * 1:6143 <-> DISABLED <-> MALWARE-BACKDOOR dark connection inside v1.2 runtime detection (malware-backdoor.rules) * 1:6146 <-> DISABLED <-> MALWARE-BACKDOOR mantis runtime detection - sent notify option client-to-server 2 (malware-backdoor.rules) * 1:6148 <-> DISABLED <-> MALWARE-BACKDOOR mantis runtime detection - go to address server-to-client (malware-backdoor.rules) * 1:6150 <-> DISABLED <-> MALWARE-BACKDOOR netcontrol v1.0.8 runtime detection (malware-backdoor.rules) * 1:6151 <-> DISABLED <-> MALWARE-BACKDOOR back attack v1.4 runtime detection (malware-backdoor.rules) * 1:6153 <-> DISABLED <-> MALWARE-BACKDOOR dirtxt runtime detection - chdir server-to-client (malware-backdoor.rules) * 1:6155 <-> DISABLED <-> MALWARE-BACKDOOR dirtxt runtime detection - info server-to-client (malware-backdoor.rules) * 1:6157 <-> DISABLED <-> MALWARE-BACKDOOR dirtxt runtime detection - view server-to-client (malware-backdoor.rules) * 1:6159 <-> DISABLED <-> MALWARE-BACKDOOR delirium of disorder runtime detection - enable keylogger (malware-backdoor.rules) * 1:6160 <-> DISABLED <-> MALWARE-BACKDOOR delirium of disorder runtime detection - stop keylogger (malware-backdoor.rules) * 1:6161 <-> DISABLED <-> MALWARE-BACKDOOR furax 1.0 b2 runtime detection (malware-backdoor.rules) * 1:6165 <-> DISABLED <-> MALWARE-BACKDOOR psyrat 1.0 runtime detection (malware-backdoor.rules) * 1:6166 <-> DISABLED <-> MALWARE-BACKDOOR unicorn runtime detection - initial connection (malware-backdoor.rules) * 1:6168 <-> DISABLED <-> MALWARE-BACKDOOR unicorn runtime detection - set wallpaper server-to-client (malware-backdoor.rules) * 1:6170 <-> DISABLED <-> MALWARE-BACKDOOR digital rootbeer runtime detection (malware-backdoor.rules) * 1:6172 <-> DISABLED <-> MALWARE-BACKDOOR cookie monster 0.24 runtime detection - get version info (malware-backdoor.rules) * 1:6174 <-> DISABLED <-> MALWARE-BACKDOOR cookie monster 0.24 runtime detection - file explorer (malware-backdoor.rules) * 1:6175 <-> DISABLED <-> MALWARE-BACKDOOR cookie monster 0.24 runtime detection - kill kernel (malware-backdoor.rules) * 1:6176 <-> DISABLED <-> MALWARE-BACKDOOR guptachar 2.0 runtime detection (malware-backdoor.rules) * 1:6177 <-> DISABLED <-> MALWARE-BACKDOOR ultimate destruction runtime detection - kill process client-to-server (malware-backdoor.rules) * 1:6178 <-> DISABLED <-> MALWARE-BACKDOOR ultimate destruction runtime detection - kill windows client-to-server (malware-backdoor.rules) * 1:6179 <-> DISABLED <-> MALWARE-BACKDOOR bladerunner 0.80 runtime detection (malware-backdoor.rules) * 1:6181 <-> DISABLED <-> MALWARE-BACKDOOR netraider 0.0 runtime detection (malware-backdoor.rules) * 1:6190 <-> DISABLED <-> MALWARE-OTHER Keylogger eblaster 5.0 runtime detection (malware-other.rules) * 1:6205 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool freak 88 das runtime detection (malware-tools.rules) * 1:6206 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool sin stealer 1.1 runtime detection (malware-tools.rules) * 1:6207 <-> DISABLED <-> MALWARE-OTHER Keylogger winsession runtime detection - smtp (malware-other.rules) * 1:6208 <-> DISABLED <-> MALWARE-OTHER Keylogger winsession runtime detection - ftp (malware-other.rules) * 1:6220 <-> DISABLED <-> MALWARE-OTHER Keylogger boss everyware runtime detection (malware-other.rules) * 1:6221 <-> DISABLED <-> MALWARE-OTHER Keylogger computerspy runtime detection (malware-other.rules) * 1:6286 <-> DISABLED <-> MALWARE-BACKDOOR antilamer 1.1 runtime detection (malware-backdoor.rules) * 1:6287 <-> DISABLED <-> MALWARE-BACKDOOR fictional daemon 4.4 runtime detection - telent (malware-backdoor.rules) * 1:6288 <-> DISABLED <-> MALWARE-BACKDOOR fictional daemon 4.4 runtime detection - ftp (malware-backdoor.rules) * 1:6291 <-> DISABLED <-> MALWARE-CNC justjoke v2.6 variant outbound connection (malware-cnc.rules) * 1:6292 <-> DISABLED <-> MALWARE-BACKDOOR joker ddos v1.0.1 runtime detection - initial connection (malware-backdoor.rules) * 1:6295 <-> DISABLED <-> MALWARE-BACKDOOR joker ddos v1.0.1 runtime detection - bomb (malware-backdoor.rules) * 1:6296 <-> DISABLED <-> MALWARE-CNC insurrection 1.1.0 variant outbound connection icq notification 1 (malware-cnc.rules) * 1:6297 <-> DISABLED <-> MALWARE-CNC insurrection 1.1.0 variant outbound connection icq notification 2 (malware-cnc.rules) * 1:6298 <-> DISABLED <-> MALWARE-BACKDOOR insurrection 1.1.0 runtime detection - reverse connection (malware-backdoor.rules) * 1:6299 <-> DISABLED <-> MALWARE-BACKDOOR insurrection 1.1.0 runtime detection - initial connection (malware-backdoor.rules) * 1:6300 <-> DISABLED <-> MALWARE-CNC cia 1.3 variant outbound connection icq notification (malware-cnc.rules) * 1:6301 <-> DISABLED <-> MALWARE-BACKDOOR cia 1.3 runtime detection - smtp notification (malware-backdoor.rules) * 1:6303 <-> DISABLED <-> MALWARE-BACKDOOR cia runtime detection - initial connection (malware-backdoor.rules) * 1:6305 <-> DISABLED <-> MALWARE-BACKDOOR softwar shadowthief runtime detection - initial connection (malware-backdoor.rules) * 1:6306 <-> DISABLED <-> MALWARE-BACKDOOR shit heep runtime detection (malware-backdoor.rules) * 1:6308 <-> DISABLED <-> MALWARE-BACKDOOR lamespy runtime detection - initial connection (malware-backdoor.rules) * 1:6311 <-> DISABLED <-> MALWARE-BACKDOOR net demon runtime detection - initial connection - password accepted (malware-backdoor.rules) * 1:6313 <-> DISABLED <-> MALWARE-BACKDOOR net demon runtime detection - message response (malware-backdoor.rules) * 1:6315 <-> DISABLED <-> MALWARE-BACKDOOR net demon runtime detection - open browser response (malware-backdoor.rules) * 1:6317 <-> DISABLED <-> MALWARE-BACKDOOR net demon runtime detection - file manager response (malware-backdoor.rules) * 1:6318 <-> DISABLED <-> MALWARE-BACKDOOR rtb666 runtime detection (malware-backdoor.rules) * 1:6321 <-> DISABLED <-> MALWARE-BACKDOOR ptakks2.1 runtime detection - keepalive acknowledgement (malware-backdoor.rules) * 1:6322 <-> DISABLED <-> MALWARE-BACKDOOR ptakks2.1 runtime detection - command pattern (malware-backdoor.rules) * 1:6324 <-> DISABLED <-> MALWARE-BACKDOOR 3xBackdoor runtime detection (malware-backdoor.rules) * 1:6325 <-> DISABLED <-> MALWARE-BACKDOOR fucktrojan 1.2 runtime detection - initial connection (malware-backdoor.rules) * 1:6327 <-> DISABLED <-> MALWARE-BACKDOOR fucktrojan 1.2 runtime detection - flood (malware-backdoor.rules) * 1:6328 <-> DISABLED <-> MALWARE-BACKDOOR commando runtime detection - initial connection (malware-backdoor.rules) * 1:6330 <-> DISABLED <-> MALWARE-BACKDOOR commando runtime detection - chat server-to-client (malware-backdoor.rules) * 1:6331 <-> DISABLED <-> MALWARE-CNC globalkiller1.0 variant outbound connection notification (malware-cnc.rules) * 1:6332 <-> DISABLED <-> MALWARE-BACKDOOR globalkiller1.0 runtime detection - initial connection (malware-backdoor.rules) * 1:6333 <-> DISABLED <-> MALWARE-BACKDOOR wincrash 2.0 runtime detection (malware-backdoor.rules) * 1:6334 <-> DISABLED <-> MALWARE-BACKDOOR backlash runtime detection (malware-backdoor.rules) * 1:6336 <-> DISABLED <-> MALWARE-BACKDOOR buttman v0.9p runtime detection - remote control (malware-backdoor.rules) * 1:6338 <-> DISABLED <-> MALWARE-BACKDOOR hatredfriend file manage command (malware-backdoor.rules) * 1:6339 <-> DISABLED <-> MALWARE-BACKDOOR hatredfriend email notification detection (malware-backdoor.rules) * 1:6340 <-> DISABLED <-> MALWARE-OTHER Keylogger handy keylogger runtime detection (malware-other.rules) * 1:6365 <-> DISABLED <-> MALWARE-OTHER Sony rootkit runtime detection (malware-other.rules) * 1:6383 <-> DISABLED <-> MALWARE-OTHER Keylogger stealthwatcher 2000 runtime detection - tcp connection setup (malware-other.rules) * 1:6384 <-> DISABLED <-> MALWARE-OTHER Keylogger stealthwatcher 2000 runtime detection - agent discover broadcast (malware-other.rules) * 1:6385 <-> DISABLED <-> MALWARE-OTHER Keylogger stealthwatcher 2000 runtime detection - agent status monitoring (malware-other.rules) * 1:6386 <-> DISABLED <-> MALWARE-OTHER Keylogger stealthwatcher 2000 runtime detection - agent up notification (malware-other.rules) * 1:6395 <-> DISABLED <-> MALWARE-CNC a-311 death variant outbound connection server-to-client (malware-cnc.rules) * 1:6396 <-> DISABLED <-> MALWARE-CNC a-311 death user-agent string detected (malware-cnc.rules) * 1:6397 <-> DISABLED <-> MALWARE-BACKDOOR http rat runtime detection - smtp (malware-backdoor.rules) * 1:6398 <-> DISABLED <-> MALWARE-BACKDOOR http rat runtime detection - http (malware-backdoor.rules) * 1:6399 <-> DISABLED <-> MALWARE-BACKDOOR rad 1.2.3 runtime detection (malware-backdoor.rules) * 1:6401 <-> DISABLED <-> MALWARE-BACKDOOR snowdoor runtime detection server-to-client (malware-backdoor.rules) * 1:6402 <-> DISABLED <-> MALWARE-BACKDOOR netangel connection client-to-server (malware-backdoor.rules) * 1:6473 <-> DISABLED <-> MALWARE-BACKDOOR bugs runtime detection - file manager server-to-client (malware-backdoor.rules) * 1:6474 <-> DISABLED <-> MALWARE-CNC Win.Trojan.loosky.gen variant outbound connection notification (malware-cnc.rules) * 1:6476 <-> DISABLED <-> MALWARE-BACKDOOR badrat 1.1 runtime detection (malware-backdoor.rules) * 1:6477 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool beee runtime detection - smtp (malware-tools.rules) * 1:6492 <-> DISABLED <-> MALWARE-BACKDOOR Trickler Backdoor-BAC.gen.e runtime detection - notification (malware-backdoor.rules) * 1:6493 <-> DISABLED <-> MALWARE-BACKDOOR Trickler Backdoor-BAC.gen.e runtime detection - post data (malware-backdoor.rules) * 1:6498 <-> DISABLED <-> MALWARE-BACKDOOR exploiter 1.0 runtime detection (malware-backdoor.rules) * 1:7057 <-> DISABLED <-> MALWARE-BACKDOOR charon runtime detection - initial connection (malware-backdoor.rules) * 1:7060 <-> DISABLED <-> MALWARE-BACKDOOR charon runtime detection - download file/log (malware-backdoor.rules) * 1:7064 <-> DISABLED <-> MALWARE-BACKDOOR cybernetic 1.62 runtime detection - email notification (malware-backdoor.rules) * 1:7068 <-> DISABLED <-> MALWARE-BACKDOOR delta source 0.5 beta runtime detection - ping (malware-backdoor.rules) * 1:7069 <-> DISABLED <-> MALWARE-BACKDOOR delta source 0.5 beta runtime detection - pc info (malware-backdoor.rules) * 1:7072 <-> DISABLED <-> MALWARE-BACKDOOR fraggle rock 2.0 lite runtime detection - pc info (malware-backdoor.rules) * 1:7073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.dumaru.gen variant outbound connection notification (malware-cnc.rules) * 1:7074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.dumaru.gen variant outbound connection cmd (malware-cnc.rules) * 1:7075 <-> DISABLED <-> MALWARE-BACKDOOR bandook 1.0 runtime detection (malware-backdoor.rules) * 1:7076 <-> DISABLED <-> MALWARE-CNC minimo v0.6 variant outbound connection cgi notification (malware-cnc.rules) * 1:7077 <-> DISABLED <-> MALWARE-CNC minimo v0.6 variant outbound connection icq notification (malware-cnc.rules) * 1:7081 <-> DISABLED <-> MALWARE-BACKDOOR up and run v1.0 beta runtime detection (malware-backdoor.rules) * 1:7084 <-> DISABLED <-> MALWARE-BACKDOOR erazer v1.1 runtime detection - sin notification (malware-backdoor.rules) * 1:7086 <-> DISABLED <-> MALWARE-BACKDOOR erazer v1.1 runtime detection - init connection (malware-backdoor.rules) * 1:7103 <-> DISABLED <-> MALWARE-CNC gwboy 0.92 variant outbound connection (malware-cnc.rules) * 1:7120 <-> DISABLED <-> MALWARE-BACKDOOR y3k 1.2 runtime detection - init connection 1 (malware-backdoor.rules) * 1:7122 <-> DISABLED <-> MALWARE-BACKDOOR y3k 1.2 runtime detection - init connection 2 (malware-backdoor.rules) * 1:7146 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool sars notifier runtime detection - sin notification (malware-tools.rules) * 1:7147 <-> DISABLED <-> MALWARE-CNC Hacker-Tool sars notifier variant outbound connection icq notification (malware-cnc.rules) * 1:7148 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool sars notifier runtime detection - cgi notification (malware-tools.rules) * 1:7149 <-> DISABLED <-> MALWARE-CNC Hacker-Tool sars notifier variant outbound connection php notification (malware-cnc.rules) * 1:7150 <-> DISABLED <-> MALWARE-CNC Hacker-Tool sars notifier variant outbound connection irc notification (malware-cnc.rules) * 1:7151 <-> DISABLED <-> MALWARE-CNC Hacker-Tool sars notifier variant outbound connection net send notification (malware-cnc.rules) * 1:7154 <-> DISABLED <-> MALWARE-OTHER Keylogger active keylogger home runtime detection (malware-other.rules) * 1:7156 <-> DISABLED <-> MALWARE-OTHER Keylogger win-spy runtime detection - email delivery (malware-other.rules) * 1:7158 <-> DISABLED <-> MALWARE-OTHER Keylogger win-spy runtime detection - remote conn server-to-client (malware-other.rules) * 1:7160 <-> DISABLED <-> MALWARE-OTHER Keylogger win-spy runtime detection - upload file server-to-client (malware-other.rules) * 1:7162 <-> DISABLED <-> MALWARE-OTHER Keylogger win-spy runtime detection - download file server-to-client (malware-other.rules) * 1:7164 <-> DISABLED <-> MALWARE-OTHER Keylogger win-spy runtime detection - execute file server-to-client (malware-other.rules) * 1:7169 <-> DISABLED <-> MALWARE-OTHER Keylogger ab system spy runtime detection - information exchange (malware-other.rules) * 1:7176 <-> DISABLED <-> MALWARE-OTHER Keylogger ab system spy runtime detection - log retrieve (malware-other.rules) * 1:7177 <-> DISABLED <-> MALWARE-OTHER Keylogger ab system spy runtime detection - info send through email (malware-other.rules) * 1:7180 <-> DISABLED <-> MALWARE-OTHER Keylogger desktop detective 2000 runtime detection - init connection (malware-other.rules) * 1:7183 <-> DISABLED <-> MALWARE-CNC Snoopware barok variant outbound connection (malware-cnc.rules) * 1:7184 <-> DISABLED <-> MALWARE-OTHER Keylogger 007 spy software runtime detection - smtp (malware-other.rules) * 1:7185 <-> DISABLED <-> MALWARE-OTHER Keylogger 007 spy software runtime detection - ftp (malware-other.rules) * 1:7186 <-> DISABLED <-> MALWARE-OTHER Keylogger kgb Keylogger runtime detection (malware-other.rules) * 1:7189 <-> DISABLED <-> MALWARE-OTHER Trackware shopathome runtime detection - setcookie request (malware-other.rules) * 1:7504 <-> DISABLED <-> MALWARE-OTHER Keylogger actualspy runtime detection - ftp-data (malware-other.rules) * 1:7505 <-> DISABLED <-> MALWARE-OTHER Keylogger actualspy runtime detection - smtp (malware-other.rules) * 1:7507 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool coma runtime detection - init connection (malware-tools.rules) * 1:7509 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool coma runtime detection - ping (malware-tools.rules) * 1:7539 <-> DISABLED <-> MALWARE-OTHER Keylogger eye spy pro 1.0 runtime detection (malware-other.rules) * 1:7541 <-> DISABLED <-> MALWARE-OTHER Keylogger starlogger runtime detection (malware-other.rules) * 1:7542 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool mini oblivion runtime detection - successful init connection (malware-tools.rules) * 1:7546 <-> DISABLED <-> MALWARE-OTHER Keylogger PerfectKeylogger runtime detection (malware-other.rules) * 1:7547 <-> DISABLED <-> MALWARE-OTHER Keylogger activity monitor 3.8 runtime detection - agent status monitoring (malware-other.rules) * 1:7548 <-> DISABLED <-> MALWARE-OTHER Keylogger activity monitor 3.8 runtime detection - agent up notification (malware-other.rules) * 1:7549 <-> DISABLED <-> MALWARE-OTHER Keylogger activity monitor 3.8 runtime detection (malware-other.rules) * 1:7551 <-> DISABLED <-> MALWARE-OTHER Keylogger ardamax keylogger runtime detection - smtp (malware-other.rules) * 1:7552 <-> DISABLED <-> MALWARE-OTHER Keylogger ardamax keylogger runtime detection - ftp (malware-other.rules) * 1:7557 <-> DISABLED <-> MALWARE-OTHER Trackware purityscan runtime detection - start up (malware-other.rules) * 1:7558 <-> DISABLED <-> MALWARE-OTHER Trackware purityscan runtime detection - installation notify (malware-other.rules) * 1:7559 <-> DISABLED <-> MALWARE-OTHER Trackware purityscan runtime detection - track user activity and status (malware-other.rules) * 1:7560 <-> DISABLED <-> MALWARE-OTHER Trackware purityscan runtime detection - self update (malware-other.rules) * 1:7561 <-> DISABLED <-> MALWARE-OTHER Trackware purityscan runtime detection - opt out of interstitial advertising (malware-other.rules) * 1:7568 <-> DISABLED <-> MALWARE-OTHER Trackware webhancer runtime detection (malware-other.rules) * 1:7574 <-> DISABLED <-> MALWARE-OTHER Keylogger proagent 2.0 runtime detection (malware-other.rules) * 1:7586 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool clandestine runtime detection - image transferred (malware-tools.rules) * 1:7592 <-> DISABLED <-> MALWARE-OTHER Keylogger keylogger pro runtime detection (malware-other.rules) * 1:7597 <-> DISABLED <-> MALWARE-OTHER Keylogger spy lantern keylogger runtime detection (malware-other.rules) * 1:7605 <-> DISABLED <-> MALWARE-BACKDOOR katux 2.0 runtime detection - screen capture (malware-backdoor.rules) * 1:7607 <-> DISABLED <-> MALWARE-BACKDOOR katux 2.0 runtime detection - get system info (malware-backdoor.rules) * 1:7609 <-> DISABLED <-> MALWARE-BACKDOOR katux 2.0 runtime detection - chat (malware-backdoor.rules) * 1:7616 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.0 runtime detection - connection without password (malware-backdoor.rules) * 1:7619 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.0 runtime detection - connection request with password (malware-backdoor.rules) * 1:7623 <-> DISABLED <-> MALWARE-BACKDOOR remote control 1.7 runtime detection - connection request (malware-backdoor.rules) * 1:7624 <-> DISABLED <-> MALWARE-BACKDOOR remote control 1.7 runtime detection - data connection (malware-backdoor.rules) * 1:7629 <-> DISABLED <-> MALWARE-BACKDOOR skyrat show runtime detection - initial connection (malware-backdoor.rules) * 1:7630 <-> DISABLED <-> MALWARE-BACKDOOR helios 3.1 runtime detection - initial connection (malware-backdoor.rules) * 1:7632 <-> DISABLED <-> MALWARE-BACKDOOR hornet 1.0 runtime detection - fetch system info (malware-backdoor.rules) * 1:7634 <-> DISABLED <-> MALWARE-BACKDOOR hornet 1.0 runtime detection - irc connection (malware-backdoor.rules) * 1:7636 <-> DISABLED <-> MALWARE-BACKDOOR hornet 1.0 runtime detection - fetch processes list (malware-backdoor.rules) * 1:7637 <-> DISABLED <-> MALWARE-CNC hornet 1.0 variant outbound connection icq notification (malware-cnc.rules) * 1:7638 <-> DISABLED <-> MALWARE-BACKDOOR Win.Exploit.Backdoor ncph runtime detection - initial connection (malware-backdoor.rules) * 1:7639 <-> DISABLED <-> MALWARE-CNC air variant outbound connection php notification (malware-cnc.rules) * 1:7640 <-> DISABLED <-> MALWARE-CNC air variant outbound connection webmail notification (malware-cnc.rules) * 1:7641 <-> DISABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client-to-server (malware-backdoor.rules) * 1:7642 <-> DISABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client response (malware-backdoor.rules) * 1:7644 <-> DISABLED <-> MALWARE-BACKDOOR ullysse runtime detection - client-to-server (malware-backdoor.rules) * 1:7646 <-> DISABLED <-> MALWARE-BACKDOOR snipernet 2.1 runtime detection (malware-backdoor.rules) * 1:7658 <-> DISABLED <-> MALWARE-BACKDOOR jodeitor 1.1 runtime detection - initial connection (malware-backdoor.rules) * 1:7659 <-> DISABLED <-> MALWARE-BACKDOOR lan filtrator 1.1 runtime detection - sin notification (malware-backdoor.rules) * 1:7661 <-> DISABLED <-> MALWARE-BACKDOOR lan filtrator 1.1 runtime detection - initial connection request (malware-backdoor.rules) * 1:7663 <-> DISABLED <-> MALWARE-BACKDOOR snid x2 v1.2 runtime detection - initial connection (malware-backdoor.rules) * 1:7665 <-> DISABLED <-> MALWARE-BACKDOOR screen control 1.0 runtime detection - initial connection (malware-backdoor.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:44362 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Sality (blacklist.rules) * 1:44361 <-> ENABLED <-> SERVER-WEBAPP Trend Micro OfficeScan proxy_controller.php command injection attempt (server-webapp.rules) * 1:44364 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF hex encoded WRAssembly ASLR bypass download attempt (file-office.rules) * 1:44359 <-> ENABLED <-> SERVER-WEBAPP Trend Micro OfficeScan proxy_controller.php command injection attempt (server-webapp.rules) * 1:44360 <-> ENABLED <-> SERVER-WEBAPP Trend Micro OfficeScan proxy_controller.php command injection attempt (server-webapp.rules) * 1:44363 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF hex encoded WRAsembly ASLR bypass download attempt (file-office.rules) * 1:44358 <-> DISABLED <-> PUA-ADWARE DealPly Adware variant outbound connection (pua-adware.rules)
* 1:10078 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10079 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10080 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10081 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10082 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10083 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10088 <-> DISABLED <-> MALWARE-OTHER Keylogger beyond Keylogger runtime detection - log sent by smtp (malware-other.rules) * 1:10089 <-> DISABLED <-> MALWARE-OTHER Keylogger beyond Keylogger runtime detection - log sent by ftp (malware-other.rules) * 1:10091 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool spylply.a runtime detection (malware-tools.rules) * 1:10092 <-> DISABLED <-> MALWARE-OTHER Trackware russian searchbar runtime detection (malware-other.rules) * 1:10095 <-> DISABLED <-> MALWARE-OTHER Trackware bydou runtime detection (malware-other.rules) * 1:10096 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - keylog (malware-other.rules) * 1:10098 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - get system info (malware-other.rules) * 1:10100 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - open website (malware-other.rules) * 1:10101 <-> DISABLED <-> MALWARE-BACKDOOR crossfires trojan 3.0 runtime detection - delete file (malware-backdoor.rules) * 1:10102 <-> DISABLED <-> MALWARE-BACKDOOR crossfires trojan 3.0 runtime detection - chat with victim (malware-backdoor.rules) * 1:10105 <-> DISABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection - retrieve pc info (malware-backdoor.rules) * 1:10107 <-> DISABLED <-> MALWARE-BACKDOOR icmp cmd 1.0 runtime detection - pslist (malware-backdoor.rules) * 1:10108 <-> DISABLED <-> MALWARE-BACKDOOR icmp cmd 1.0 runtime detection - pskill (malware-backdoor.rules) * 1:10109 <-> DISABLED <-> MALWARE-BACKDOOR k-msnrat 1.0.0 runtime detection - init connection (malware-backdoor.rules) * 1:10112 <-> DISABLED <-> MALWARE-BACKDOOR rix3 1.0 runtime detection - init connection (malware-backdoor.rules) * 1:10165 <-> DISABLED <-> MALWARE-OTHER Keylogger mybr Keylogger runtime detection (malware-other.rules) * 1:10166 <-> DISABLED <-> MALWARE-OTHER Trackware baigoo runtime detection (malware-other.rules) * 1:10168 <-> DISABLED <-> MALWARE-BACKDOOR one runtime detection (malware-backdoor.rules) * 1:10169 <-> DISABLED <-> MALWARE-BACKDOOR matrix 1.03 by mtronic runtime detection - init connection (malware-backdoor.rules) * 1:10181 <-> DISABLED <-> MALWARE-OTHER Keylogger systemsleuth runtime detection (malware-other.rules) * 1:10183 <-> DISABLED <-> MALWARE-OTHER Keylogger activity Keylogger runtime detection (malware-other.rules) * 1:10184 <-> DISABLED <-> MALWARE-BACKDOOR wow 23 runtime detection (malware-backdoor.rules) * 1:10185 <-> DISABLED <-> MALWARE-BACKDOOR x-door runtime detection (malware-backdoor.rules) * 1:10196 <-> DISABLED <-> MALWARE-BACKDOOR Wordpress backdoor feed.php code execution (malware-backdoor.rules) * 1:10197 <-> DISABLED <-> MALWARE-BACKDOOR Wordpress backdoor theme.php code execution (malware-backdoor.rules) * 1:10435 <-> DISABLED <-> MALWARE-OTHER Trackware admedia runtime detection (malware-other.rules) * 1:10436 <-> DISABLED <-> MALWARE-OTHER Keylogger keyspy runtime detection (malware-other.rules) * 1:10440 <-> DISABLED <-> MALWARE-OTHER Keylogger pc black box runtime detection (malware-other.rules) * 1:10441 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool statwin runtime detection (malware-tools.rules) * 1:10442 <-> DISABLED <-> MALWARE-BACKDOOR nirvana 2.0 runtime detection - explore c drive (malware-backdoor.rules) * 1:10443 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - sniff info (malware-backdoor.rules) * 1:10444 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - open ftp serice (malware-backdoor.rules) * 1:10445 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - get password (malware-backdoor.rules) * 1:10446 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - get server info (malware-backdoor.rules) * 1:10447 <-> DISABLED <-> MALWARE-CNC 51d 1b variant outbound connection icq notification (malware-cnc.rules) * 1:10448 <-> DISABLED <-> MALWARE-BACKDOOR acessor 2.0 runtime detection - init connection (malware-backdoor.rules) * 1:10449 <-> DISABLED <-> MALWARE-BACKDOOR acid shivers runtime detection - init telnet connection (malware-backdoor.rules) * 1:10451 <-> DISABLED <-> MALWARE-BACKDOOR only 1 rat runtime detection - control command (malware-backdoor.rules) * 1:10453 <-> DISABLED <-> MALWARE-BACKDOOR zalivator 1.4.2 pro runtime detection - smtp notification (malware-backdoor.rules) * 1:10454 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - init connection (malware-backdoor.rules) * 1:10456 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (malware-backdoor.rules) * 1:10457 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - start keylogger (malware-backdoor.rules) * 1:10458 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 or illusion runtime detection - open file manager (malware-backdoor.rules) * 1:10459 <-> DISABLED <-> MALWARE-BACKDOOR wineggdrop shell pro runtime detection - init connection (malware-backdoor.rules) * 1:10461 <-> DISABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - get system info (malware-backdoor.rules) * 1:10463 <-> DISABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - explorer (malware-backdoor.rules) * 1:11307 <-> DISABLED <-> MALWARE-OTHER Keylogger computer monitor Keylogger runtime detection (malware-other.rules) * 1:11309 <-> DISABLED <-> MALWARE-OTHER Keylogger sskc v2.0 runtime detection (malware-other.rules) * 1:11311 <-> DISABLED <-> MALWARE-OTHER Keylogger pcsentinelsoftware Keylogger runtime detection - upload infor (malware-other.rules) * 1:11312 <-> DISABLED <-> MALWARE-OTHER Trackware uplink runtime detection (malware-other.rules) * 1:11314 <-> DISABLED <-> MALWARE-BACKDOOR shadownet remote spy 2.0 runtime detection (malware-backdoor.rules) * 1:11316 <-> DISABLED <-> MALWARE-BACKDOOR lurker 1.1 runtime detection - init connection (malware-backdoor.rules) * 1:11317 <-> DISABLED <-> MALWARE-BACKDOOR abremote pro 3.1 runtime detection - init connection (malware-backdoor.rules) * 1:11318 <-> DISABLED <-> MALWARE-BACKDOOR boer runtime detection - init connection (malware-backdoor.rules) * 1:11319 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - init connection request (malware-backdoor.rules) * 1:11320 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - reverse mode init connection request (malware-backdoor.rules) * 1:11321 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - udp broadcast (malware-backdoor.rules) * 1:11323 <-> DISABLED <-> MALWARE-BACKDOOR sohoanywhere runtime detection (malware-backdoor.rules) * 1:12166 <-> DISABLED <-> MALWARE-CNC lithium 1.02 variant outbound connection (malware-cnc.rules) * 1:13953 <-> DISABLED <-> MALWARE-CNC Asprox trojan initial query (malware-cnc.rules) * 1:15295 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankpatch configuration download (malware-cnc.rules) * 1:15296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankpatch malicious file download (malware-cnc.rules) * 1:15297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankpatch report home (malware-cnc.rules) * 1:16098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.cekar variant outbound connection (malware-cnc.rules) * 1:16140 <-> DISABLED <-> MALWARE-CNC torpig-mebroot command and control checkin (malware-cnc.rules) * 1:16439 <-> DISABLED <-> MALWARE-CNC Possible Zeus User-Agent - _TEST_ (malware-cnc.rules) * 1:16440 <-> DISABLED <-> MALWARE-CNC Possible Zeus User-Agent - ie (malware-cnc.rules) * 1:16441 <-> DISABLED <-> MALWARE-CNC Possible Zeus User-Agent - Download (malware-cnc.rules) * 1:16442 <-> DISABLED <-> MALWARE-CNC Possible Zeus User-Agent - Mozilla (malware-cnc.rules) * 1:16483 <-> DISABLED <-> MALWARE-CNC Koobface worm submission of collected data to C&C server (malware-cnc.rules) * 1:16558 <-> DISABLED <-> MALWARE-CNC SdBot IRC Win.Trojan.server to client communication (malware-cnc.rules) * 1:16804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot.E - initial load (malware-cnc.rules) * 1:17058 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.JS.Agent.ewh Javascript download (malware-cnc.rules) * 1:18562 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.LivePcCare variant outbound connection (malware-cnc.rules) * 1:18577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.agum variant outbound connection (malware-cnc.rules) * 1:18707 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.ControlCenter variant outbound connection (malware-cnc.rules) * 1:18708 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.AntivirusSoft variant outbound connection (malware-cnc.rules) * 1:18709 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.aufm variant outbound connection (malware-cnc.rules) * 1:18711 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.SecurityCentral variant outbound connection (malware-cnc.rules) * 1:18712 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.XJRAntivirus variant outbound connection (malware-cnc.rules) * 1:18716 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.H variant outbound connection (malware-cnc.rules) * 1:18717 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.QO variant outbound connection (malware-cnc.rules) * 1:18718 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.AdvancedDefender variant outbound connection (malware-cnc.rules) * 1:18724 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.ZeroClean variant outbound connection (malware-cnc.rules) * 1:18739 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Koobface.D variant outbound connection (malware-cnc.rules) * 1:18978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pasta.aoq variant outbound connection (malware-cnc.rules) * 1:18979 <-> DISABLED <-> MALWARE-CNC Worm.Win32.AutoRun.fmo variant outbound connection (malware-cnc.rules) * 1:19042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.ACQE variant outbound connection (malware-cnc.rules) * 1:19045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos.XQ variant outbound connection (malware-cnc.rules) * 1:19048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkness variant outbound connection (malware-cnc.rules) * 1:19050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra.fxe variant outbound connection (malware-cnc.rules) * 1:19062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakePlus variant outbound connection (malware-cnc.rules) * 1:19135 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Buterat Checkin (malware-backdoor.rules) * 1:19340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeav TREAntivirus variant outbound connection (malware-cnc.rules) * 1:19341 <-> DISABLED <-> MALWARE-CNC Worm MSIL.AiO.a variant outbound connection (malware-cnc.rules) * 1:19342 <-> DISABLED <-> MALWARE-CNC Adware Professional variant outbound connection (malware-cnc.rules) * 1:19343 <-> DISABLED <-> MALWARE-CNC Adware Pro variant outbound connection (malware-cnc.rules) * 1:19344 <-> DISABLED <-> MALWARE-CNC AntiMalware Pro variant outbound connection (malware-cnc.rules) * 1:19345 <-> DISABLED <-> MALWARE-CNC REAnti variant outbound connection (malware-cnc.rules) * 1:19346 <-> DISABLED <-> MALWARE-CNC Additional Guard variant outbound connection (malware-cnc.rules) * 1:19352 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small.D variant outbound connection (malware-cnc.rules) * 1:19354 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Agent.bhxn variant outbound connection (malware-backdoor.rules) * 1:19362 <-> DISABLED <-> MALWARE-OTHER generic IRC botnet connection (malware-other.rules) * 1:19366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HXWAN.A variant outbound connection (malware-cnc.rules) * 1:19367 <-> DISABLED <-> MALWARE-CNC Win.Worm.Vaubeg.A variant outbound connection (malware-cnc.rules) * 1:19368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.D variant outbound connection (malware-cnc.rules) * 1:19369 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.D variant outbound connection (malware-cnc.rules) * 1:19370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.D variant outbound connection (malware-cnc.rules) * 1:19551 <-> DISABLED <-> MALWARE-OTHER self-signed SSL certificate with default Internet Widgits Pty Ltd organization name (malware-other.rules) * 1:19554 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeav Antivirus Xp Pro variant outbound connection (malware-cnc.rules) * 1:19555 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small variant outbound connection (malware-cnc.rules) * 1:19556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Homa variant outbound connection (malware-cnc.rules) * 1:19557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shark.ag variant outbound connection (malware-cnc.rules) * 1:19724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:19725 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poison variant outbound connection (malware-cnc.rules) * 1:19726 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poison variant outbound connection (malware-cnc.rules) * 1:19727 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos.DI variant outbound connection (malware-cnc.rules) * 1:19957 <-> DISABLED <-> MALWARE-CNC Arabian-Attacker 1.1.0 variant outbound connection (malware-cnc.rules) * 1:19964 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:19979 <-> DISABLED <-> MALWARE-CNC IRCBot runtime traffic detected (malware-cnc.rules) * 1:19980 <-> DISABLED <-> MALWARE-CNC IRCBot runtime traffic detected (malware-cnc.rules) * 1:19981 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micstus.A runtime traffic detected (malware-cnc.rules) * 1:20008 <-> DISABLED <-> MALWARE-CNC Malware PDFMarca.A runtime traffic detected (malware-cnc.rules) * 1:20010 <-> DISABLED <-> MALWARE-CNC Win32/Babmote.A runtime TCP traffic detected (malware-cnc.rules) * 1:20035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Coinbit.A runtime traffic detected (malware-cnc.rules) * 1:20036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Agent.ndau runtime traffic detected (malware-cnc.rules) * 1:20037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cve runtime traffic detected (malware-cnc.rules) * 1:20038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cve runtime traffic detected (malware-cnc.rules) * 1:20057 <-> DISABLED <-> MALWARE-CNC BitCoin Miner IP query (malware-cnc.rules) * 1:20064 <-> DISABLED <-> MALWARE-CNC Malware Win.Trojan.Clemag.A variant outbound connection (malware-cnc.rules) * 1:20066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 SensLiceld.A runtime traffic detected (malware-cnc.rules) * 1:20067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Zatvex.A runtime traffic detected (malware-cnc.rules) * 1:20068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jetilms.A runtime activity detected (malware-cnc.rules) * 1:20069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.alhq runtime traffic detected (malware-cnc.rules) * 1:20205 <-> DISABLED <-> MALWARE-CNC Win32/Poison beaconing request (malware-cnc.rules) * 1:20233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut variant outbound connection (malware-cnc.rules) * 1:20234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ceckno.cmz runtime traffic detected (malware-cnc.rules) * 1:20435 <-> DISABLED <-> MALWARE-CNC TrojanSpy Win.Trojan.Zbot.Svr runtime traffic detected (malware-cnc.rules) * 1:20447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.JAAK variant outbound connection (malware-cnc.rules) * 1:20606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Domsingx.A variant outbound connection (malware-cnc.rules) * 1:20626 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shylock.A variant outbound connection (malware-cnc.rules) * 1:20627 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shylock.A C&C server response (malware-cnc.rules) * 1:20836 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy.A runtime traffic detected (malware-cnc.rules) * 1:20838 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smokebot.A runtime traffic detected (malware-cnc.rules) * 1:20844 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.smxy runtime traffic detected (malware-cnc.rules) * 1:20877 <-> DISABLED <-> MALWARE-CNC RunTime Worm.Win32.Warezov.gs variant outbound connection (malware-cnc.rules) * 1:20890 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.adbp runtime traffic detected (malware-cnc.rules) * 1:20891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.adbp runtime traffic detected (malware-cnc.rules) * 1:20892 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Skopvel.A runtime traffic detected (malware-cnc.rules) * 1:21028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Usinec connect to server (malware-cnc.rules) * 1:21058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AutoIt.pm runtime traffic detected (malware-cnc.rules) * 1:21087 <-> DISABLED <-> MALWARE-CNC Bindow.Worm runtime traffic detected (malware-cnc.rules) * 1:21122 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bandok.zp runtime traffic detected (malware-cnc.rules) * 1:21123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flymux.A runtime traffic detected (malware-cnc.rules) * 1:21124 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Opachki.A runtime traffic detected (malware-cnc.rules) * 1:21125 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alureon.DG runtime traffic detected (malware-cnc.rules) * 1:21126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koutodoor.C runtime traffic detected (malware-cnc.rules) * 1:21127 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Setfic.A runtime traffic detected (malware-cnc.rules) * 1:21128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dromedan.A runtime traffic detected (malware-cnc.rules) * 1:21142 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot.PKJ runtime traffic detected (malware-cnc.rules) * 1:21143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot.PKJ runtime traffic detected (malware-cnc.rules) * 1:21144 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot.PKJ runtime traffic detected (malware-cnc.rules) * 1:21145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neraweq.A runtime traffic detected (malware-cnc.rules) * 1:21218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodager.C variant outbound connection (malware-cnc.rules) * 1:21249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBasddsa.A runtime traffic detected (malware-cnc.rules) * 1:21250 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBasddsa.A runtime traffic detected (malware-cnc.rules) * 1:21273 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tusha variant runtime traffic detected (malware-cnc.rules) * 1:21274 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tusha variant runtime traffic detected (malware-cnc.rules) * 1:21277 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shexie.A runtime traffic detected (malware-cnc.rules) * 1:21294 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancodor.be runtime traffic detected (malware-cnc.rules) * 1:21303 <-> DISABLED <-> MALWARE-CNC Win32 Initor.ag runtime traffic detected (malware-cnc.rules) * 1:21359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.jju runtime traffic detected (malware-cnc.rules) * 1:21360 <-> DISABLED <-> MALWARE-CNC Win32 Agent.dbzx runtime traffic detected (malware-cnc.rules) * 1:21361 <-> DISABLED <-> MALWARE-CNC Worm.Win32.TDownland.ca runtime traffic detected (malware-cnc.rules) * 1:21362 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TDSS.aa runtime traffic detected (malware-cnc.rules) * 1:21364 <-> DISABLED <-> MALWARE-CNC DOQ.gen.y RUNTIME traffic detected (malware-cnc.rules) * 1:21365 <-> DISABLED <-> MALWARE-CNC DOQ.gen.y RUNTIME traffic detected (malware-cnc.rules) * 1:21366 <-> DISABLED <-> MALWARE-CNC DOQ.gen.y INSTALL traffic detected (malware-cnc.rules) * 1:21367 <-> DISABLED <-> MALWARE-CNC Win32 VB.abcl runtime traffic detected (malware-cnc.rules) * 1:21368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wallop.de runtime traffic detected (malware-cnc.rules) * 1:21369 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wallop.de runtime traffic detected (malware-cnc.rules) * 1:21372 <-> DISABLED <-> MALWARE-CNC Malware Defense runtime traffic detected (malware-cnc.rules) * 1:21373 <-> DISABLED <-> MALWARE-CNC Malware Defense runtime traffic detected (malware-cnc.rules) * 1:21374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bifrose.EF runtime traffic detected (malware-cnc.rules) * 1:21376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Microjoin activity detected (malware-cnc.rules) * 1:21379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Genome.Amqj runtime traffic detected (malware-cnc.rules) * 1:21381 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dialer.ngb runtime traffic detected (malware-cnc.rules) * 1:21382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuqel.Q host setting3.yeahost.com runtime traffic detected (malware-cnc.rules) * 1:21383 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuqel.Q host 9999mb.com runtime traffic detected (malware-cnc.rules) * 1:21384 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuqel.Q host freewebs.com runtime traffic detected (malware-cnc.rules) * 1:21386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wadolin.A runtime traffic detected (malware-cnc.rules) * 1:21390 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agobot.dl runtime traffic detected (malware-cnc.rules) * 1:21391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.dcac runtime traffic detected (malware-cnc.rules) * 1:21416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankpatch authentication string detected (malware-cnc.rules) * 1:21444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TDSS variant outbound connection (malware-cnc.rules) * 1:21464 <-> DISABLED <-> MALWARE-CNC Downloader-CEW.b runtime traffic detected (malware-cnc.rules) * 1:21466 <-> DISABLED <-> MALWARE-CNC Autorun.BDS runtime traffic detected (malware-cnc.rules) * 1:21473 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GameThief variant outbound connection (malware-cnc.rules) * 1:21477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Noobot variant outbound connection (malware-cnc.rules) * 1:21496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saeeka variant outbound connection (malware-cnc.rules) * 1:21497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saeeka variant outbound connection (malware-cnc.rules) * 1:21511 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vaxpy variant outbound connection (malware-cnc.rules) * 1:21520 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayrob variant outbound connection (malware-cnc.rules) * 1:21521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayrob update connection (malware-cnc.rules) * 1:21527 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader registration connection detection (malware-cnc.rules) * 1:21528 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader keep-alive connection detection (malware-cnc.rules) * 1:21769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LogonInvader.a variant outbound connection (malware-cnc.rules) * 1:21846 <-> DISABLED <-> MALWARE-CNC TDS Sutra - request in.cgi (malware-cnc.rules) * 1:21848 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - page redirecting to a SutraTDS (malware-other.rules) * 1:21849 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - HTTP header redirecting to a SutraTDS (malware-other.rules) * 1:21968 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Rebhip.A variant outbound connection type A (malware-backdoor.rules) * 1:21969 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Rebhip.A variant outbound connection type B (malware-backdoor.rules) * 1:21978 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nervos variant outbound connection (malware-backdoor.rules) * 1:21979 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nervos variant inbound connection (malware-backdoor.rules) * 1:21997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:21998 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:22000 <-> DISABLED <-> MALWARE-CNC Win.Worm.amna variant outbound connection (malware-cnc.rules) * 1:22001 <-> DISABLED <-> MALWARE-CNC Win.Worm.amna variant outbound connection (malware-cnc.rules) * 1:22953 <-> DISABLED <-> MALWARE-TOOLS Hulk denial of service attempt (malware-tools.rules) * 1:23051 <-> DISABLED <-> MALWARE-CNC Dybalom.A runtime traffic detected (malware-cnc.rules) * 1:23176 <-> DISABLED <-> MALWARE-CNC Donbot.A runtime traffic detected (malware-cnc.rules) * 1:23234 <-> DISABLED <-> MALWARE-CNC Frethog.MK runtime traffic detected (malware-cnc.rules) * 1:23235 <-> DISABLED <-> MALWARE-CNC PBin.A runtime traffic detected (malware-cnc.rules) * 1:23252 <-> DISABLED <-> MALWARE-CNC MacOS.MacKontrol variant outbound connection (malware-cnc.rules) * 1:23255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duojeen variant outbound connection (malware-cnc.rules) * 1:23257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duojeen variant outbound connection (malware-cnc.rules) * 1:23306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stealer connect to server (malware-cnc.rules) * 1:23308 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Bucriv variant outbound connection (malware-cnc.rules) * 1:23317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper initial variant outbound connection (malware-cnc.rules) * 1:23333 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker initial C&C checkin (malware-cnc.rules) * 1:23336 <-> DISABLED <-> MALWARE-CNC Linfo.A variant outbound connection (malware-cnc.rules) * 1:23339 <-> DISABLED <-> MALWARE-CNC Prier.A variant outbound connection (malware-cnc.rules) * 1:23340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nitol.B variant outbound connection (malware-cnc.rules) * 1:23343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:23344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Harvso.A variant outbound connection (malware-cnc.rules) * 1:23377 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sasfis variant outbound connection (malware-cnc.rules) * 1:23378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sasfis variant outbound connection (malware-cnc.rules) * 1:23379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Leepload variant outbound connection (malware-cnc.rules) * 1:23380 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ventana initial variant outbound connection (malware-cnc.rules) * 1:23381 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Thoper.C runtime detection (malware-backdoor.rules) * 1:23387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:23389 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Java.Arratomref variant outbound connection (malware-cnc.rules) * 1:23390 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Java.Arratomref variant outbound connection (malware-cnc.rules) * 1:23399 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Govdi.A variant outbound connection (malware-cnc.rules) * 1:23446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax.A variant outbound connection (malware-cnc.rules) * 1:23447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax.A variant outbound connection (malware-cnc.rules) * 1:23448 <-> DISABLED <-> MALWARE-CNC Win.Worm.Psyokym variant outbound connection (malware-cnc.rules) * 1:23449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Servstart.ax variant outbound connection (malware-cnc.rules) * 1:23468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules) * 1:23469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules) * 1:23483 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Georbot file download (malware-backdoor.rules) * 1:23494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Onitab.A outbound connection (malware-cnc.rules) * 1:23495 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kugdifod.A variant outbound connection (malware-cnc.rules) * 1:9839 <-> DISABLED <-> MALWARE-BACKDOOR sun shadow 1.70 runtime detection - keep alive (malware-backdoor.rules) * 1:9838 <-> DISABLED <-> MALWARE-BACKDOOR sun shadow 1.70 runtime detection - init connection (malware-backdoor.rules) * 1:9836 <-> DISABLED <-> MALWARE-BACKDOOR ieva 1.0 runtime detection - crazy mouse (malware-backdoor.rules) * 1:9835 <-> DISABLED <-> MALWARE-BACKDOOR ieva 1.0 runtime detection - swap mouse (malware-backdoor.rules) * 1:9834 <-> DISABLED <-> MALWARE-BACKDOOR ieva 1.0 runtime detection - black screen (malware-backdoor.rules) * 1:9833 <-> DISABLED <-> MALWARE-BACKDOOR ieva 1.0 runtime detection - fake delete harddisk message (malware-backdoor.rules) * 1:9832 <-> DISABLED <-> MALWARE-BACKDOOR ieva 1.0 runtime detection - send message (malware-backdoor.rules) * 1:9830 <-> DISABLED <-> MALWARE-OTHER Keylogger supreme spy runtime detection (malware-other.rules) * 1:9829 <-> DISABLED <-> MALWARE-OTHER Trackware relevantknowledge runtime detection (malware-other.rules) * 1:9828 <-> DISABLED <-> MALWARE-OTHER Keylogger paq keylog runtime detection - ftp (malware-other.rules) * 1:9827 <-> DISABLED <-> MALWARE-OTHER Keylogger paq keylog runtime detection - smtp (malware-other.rules) * 1:9667 <-> DISABLED <-> MALWARE-BACKDOOR superra runtime detection - issue remote control command (malware-backdoor.rules) * 1:9666 <-> DISABLED <-> MALWARE-BACKDOOR superra runtime detection - success init connection (malware-backdoor.rules) * 1:9665 <-> DISABLED <-> MALWARE-BACKDOOR crossbow 1.12 runtime detection - init connection (malware-backdoor.rules) * 1:9663 <-> DISABLED <-> MALWARE-BACKDOOR bersek 1.0 runtime detection - start remote shell (malware-backdoor.rules) * 1:9661 <-> DISABLED <-> MALWARE-BACKDOOR bersek 1.0 runtime detection - show processes (malware-backdoor.rules) * 1:9659 <-> DISABLED <-> MALWARE-BACKDOOR bersek 1.0 runtime detection - file manage (malware-backdoor.rules) * 1:9657 <-> DISABLED <-> MALWARE-BACKDOOR bersek 1.0 runtime detection - init connection (malware-backdoor.rules) * 1:9655 <-> DISABLED <-> MALWARE-BACKDOOR apofis 1.0 runtime detection - remote controlling (malware-backdoor.rules) * 1:9653 <-> DISABLED <-> MALWARE-CNC apofis 1.0 variant outbound connection php notification (malware-cnc.rules) * 1:9650 <-> DISABLED <-> MALWARE-OTHER Keylogger ghost Keylogger runtime detection (malware-other.rules) * 1:9648 <-> DISABLED <-> MALWARE-OTHER Keylogger emailspypro runtime detection (malware-other.rules) * 1:9647 <-> DISABLED <-> MALWARE-OTHER Keylogger system surveillance pro runtime detection (malware-other.rules) * 1:9426 <-> DISABLED <-> MALWARE-OTHER mydoom.ap attachment (malware-other.rules) * 1:9425 <-> DISABLED <-> MALWARE-OTHER netsky attachment (malware-other.rules) * 1:9424 <-> DISABLED <-> MALWARE-OTHER /winnt/explorer.exe unicode klez infection (malware-other.rules) * 1:9417 <-> DISABLED <-> MALWARE-OTHER bagle.a smtp propagation detection (malware-other.rules) * 1:9416 <-> DISABLED <-> MALWARE-OTHER bagle.at smtp propagation detection (malware-other.rules) * 1:9415 <-> DISABLED <-> MALWARE-OTHER plexus.a smtp propagation detection (malware-other.rules) * 1:9414 <-> DISABLED <-> MALWARE-OTHER lovelorn.a smtp propagation detection (malware-other.rules) * 1:9413 <-> DISABLED <-> MALWARE-OTHER ganda smtp propagation detection (malware-other.rules) * 1:9412 <-> DISABLED <-> MALWARE-OTHER sinmsn.b msn propagation detection (malware-other.rules) * 1:9411 <-> DISABLED <-> MALWARE-OTHER mimail.f smtp propagation detection (malware-other.rules) * 1:9410 <-> DISABLED <-> MALWARE-OTHER netsky.z smtp propagation detection (malware-other.rules) * 1:9409 <-> DISABLED <-> MALWARE-OTHER atak.b smtp propagation detection (malware-other.rules) * 1:9408 <-> DISABLED <-> MALWARE-OTHER lacrow smtp propagation detection (malware-other.rules) * 1:9407 <-> DISABLED <-> MALWARE-OTHER lovgate.b netshare propagation detection (malware-other.rules) * 1:9406 <-> DISABLED <-> MALWARE-OTHER lovgate.e smtp propagation detection (malware-other.rules) * 1:9404 <-> DISABLED <-> MALWARE-OTHER netsky.ac smtp propagation detection (malware-other.rules) * 1:9403 <-> DISABLED <-> MALWARE-OTHER netsky.aa smtp propagation detection (malware-other.rules) * 1:9402 <-> DISABLED <-> MALWARE-OTHER welchia tftp propagation detection (malware-other.rules) * 1:9401 <-> DISABLED <-> MALWARE-OTHER gokar http propagation detection (malware-other.rules) * 1:9400 <-> DISABLED <-> MALWARE-OTHER abotus smtp propagation detection (malware-other.rules) * 1:9399 <-> DISABLED <-> MALWARE-OTHER hanged smtp propagation detection (malware-other.rules) * 1:9398 <-> DISABLED <-> MALWARE-OTHER totilix.a smtp propagation detection (malware-other.rules) * 1:9397 <-> DISABLED <-> MALWARE-OTHER neysid smtp propagation detection (malware-other.rules) * 1:9396 <-> DISABLED <-> MALWARE-OTHER deborm.t netshare propagation detection (malware-other.rules) * 1:9395 <-> DISABLED <-> MALWARE-OTHER deborm.j netshare propagation detection (malware-other.rules) * 1:9394 <-> DISABLED <-> MALWARE-OTHER bagle.n smtp propagation detection (malware-other.rules) * 1:9393 <-> DISABLED <-> MALWARE-OTHER bagle.k smtp propagation detection (malware-other.rules) * 1:9392 <-> DISABLED <-> MALWARE-OTHER bagle.j smtp propagation detection (malware-other.rules) * 1:9391 <-> DISABLED <-> MALWARE-OTHER mimail.i smtp propagation detection (malware-other.rules) * 1:9390 <-> DISABLED <-> MALWARE-OTHER deborm.d netshare propagation detection (malware-other.rules) * 1:9389 <-> DISABLED <-> MALWARE-OTHER bagle.i smtp propagation detection (malware-other.rules) * 1:9388 <-> DISABLED <-> MALWARE-OTHER mimail.g smtp propagation detection (malware-other.rules) * 1:9387 <-> DISABLED <-> MALWARE-OTHER klez.j web propagation detection (malware-other.rules) * 1:9386 <-> DISABLED <-> MALWARE-OTHER bagle.f smtp propagation detection (malware-other.rules) * 1:9385 <-> DISABLED <-> MALWARE-OTHER collo.a smtp propagation detection (malware-other.rules) * 1:9384 <-> DISABLED <-> MALWARE-OTHER beglur.a smtp propagation detection (malware-other.rules) * 1:9383 <-> DISABLED <-> MALWARE-OTHER netsky.y smtp propagation detection (malware-other.rules) * 1:9382 <-> DISABLED <-> MALWARE-OTHER fearso.c smtp propagation detection (malware-other.rules) * 1:9381 <-> DISABLED <-> MALWARE-OTHER lara smtp propagation detection (malware-other.rules) * 1:9380 <-> DISABLED <-> MALWARE-OTHER jitux msn messenger propagation detection (malware-other.rules) * 1:9379 <-> DISABLED <-> MALWARE-OTHER netsky.s smtp propagation detection (malware-other.rules) * 1:9378 <-> DISABLED <-> MALWARE-OTHER netsky.q smtp propagation detection (malware-other.rules) * 1:9377 <-> DISABLED <-> MALWARE-OTHER mydoom.g smtp propagation detection (malware-other.rules) * 1:9376 <-> DISABLED <-> MALWARE-OTHER fishlet.a smtp propagation detection (malware-other.rules) * 1:9375 <-> DISABLED <-> MALWARE-OTHER duksten.c smtp propagation detection (malware-other.rules) * 1:9374 <-> DISABLED <-> MALWARE-OTHER creepy.b smtp propagation detection (malware-other.rules) * 1:9373 <-> DISABLED <-> MALWARE-OTHER clepa smtp propagation detection (malware-other.rules) * 1:9372 <-> DISABLED <-> MALWARE-OTHER blebla.a smtp propagation detection (malware-other.rules) * 1:9371 <-> DISABLED <-> MALWARE-OTHER bagle.e smtp propagation detection (malware-other.rules) * 1:9370 <-> DISABLED <-> MALWARE-OTHER bagle.b smtp propagation detection (malware-other.rules) * 1:9369 <-> DISABLED <-> MALWARE-OTHER atak.a smtp propagation detection (malware-other.rules) * 1:9368 <-> DISABLED <-> MALWARE-OTHER agist.a smtp propagation detection (malware-other.rules) * 1:9367 <-> DISABLED <-> MALWARE-OTHER anset.b smtp propagation detection (malware-other.rules) * 1:9366 <-> DISABLED <-> MALWARE-OTHER mimail.s smtp propagation detection (malware-other.rules) * 1:9365 <-> DISABLED <-> MALWARE-OTHER cult.c smtp propagation detection (malware-other.rules) * 1:9364 <-> DISABLED <-> MALWARE-OTHER klez.e web propagation detection (malware-other.rules) * 1:9363 <-> DISABLED <-> MALWARE-OTHER klez.d web propagation detection (malware-other.rules) * 1:9362 <-> DISABLED <-> MALWARE-OTHER mimail.m smtp propagation detection (malware-other.rules) * 1:9361 <-> DISABLED <-> MALWARE-OTHER mimail.l smtp propagation detection (malware-other.rules) * 1:9360 <-> DISABLED <-> MALWARE-OTHER cult.b smtp propagation detection (malware-other.rules) * 1:9359 <-> DISABLED <-> MALWARE-OTHER zafi.b smtp propagation detection (malware-other.rules) * 1:9358 <-> DISABLED <-> MALWARE-OTHER fizzer smtp propagation detection (malware-other.rules) * 1:9357 <-> DISABLED <-> MALWARE-OTHER deborm.r netshare propagation detection (malware-other.rules) * 1:9356 <-> DISABLED <-> MALWARE-OTHER deborm.q netshare propagation detection (malware-other.rules) * 1:9355 <-> DISABLED <-> MALWARE-OTHER deborm.u netshare propagation detection (malware-other.rules) * 1:9354 <-> DISABLED <-> MALWARE-OTHER deborm.y netshare propagation detection (malware-other.rules) * 1:9353 <-> DISABLED <-> MALWARE-OTHER deborm.x netshare propagation detection (malware-other.rules) * 1:9352 <-> DISABLED <-> MALWARE-OTHER lovgate.a smtp propagation detection (malware-other.rules) * 1:9351 <-> DISABLED <-> MALWARE-OTHER lovgate.a netshare propagation detection (malware-other.rules) * 1:9350 <-> DISABLED <-> MALWARE-OTHER mimail.k smtp propagation detection (malware-other.rules) * 1:9349 <-> DISABLED <-> MALWARE-OTHER plemood smtp propagation detection (malware-other.rules) * 1:9348 <-> DISABLED <-> MALWARE-OTHER morbex smtp propagation detection (malware-other.rules) * 1:9347 <-> DISABLED <-> MALWARE-OTHER klez.b netshare propagation detection (malware-other.rules) * 1:9346 <-> DISABLED <-> MALWARE-OTHER klez.b web propagation detection (malware-other.rules) * 1:9345 <-> DISABLED <-> MALWARE-OTHER kipis.a smtp propagation detection (malware-other.rules) * 1:9344 <-> DISABLED <-> MALWARE-OTHER kindal smtp propagation detection (malware-other.rules) * 1:9343 <-> DISABLED <-> MALWARE-OTHER kadra smtp propagation detection (malware-other.rules) * 1:9342 <-> DISABLED <-> MALWARE-OTHER paroc.a smtp propagation detection (malware-other.rules) * 1:9341 <-> DISABLED <-> MALWARE-OTHER sasser open ftp command shell (malware-other.rules) * 1:9340 <-> DISABLED <-> MALWARE-OTHER klez.i web propagation detection (malware-other.rules) * 1:9339 <-> DISABLED <-> MALWARE-OTHER klez.g web propagation detection (malware-other.rules) * 1:9338 <-> DISABLED <-> MALWARE-OTHER mydoom.i smtp propagation detection (malware-other.rules) * 1:9337 <-> DISABLED <-> MALWARE-OTHER netsky.x smtp propagation detection (malware-other.rules) * 1:9336 <-> DISABLED <-> MALWARE-OTHER netsky.t smtp propagation detection (malware-other.rules) * 1:9335 <-> DISABLED <-> MALWARE-OTHER netsky.b smtp propagation detection (malware-other.rules) * 1:9334 <-> DISABLED <-> MALWARE-OTHER lovgate.c smtp propagation detection (malware-other.rules) * 1:9333 <-> DISABLED <-> MALWARE-OTHER mimail.e smtp propagation detection (malware-other.rules) * 1:9332 <-> DISABLED <-> MALWARE-OTHER mimail.a smtp propagation detection (malware-other.rules) * 1:9331 <-> DISABLED <-> MALWARE-OTHER mydoom.m smtp propagation detection (malware-other.rules) * 1:9330 <-> DISABLED <-> MALWARE-OTHER mydoom.e smtp propagation detection (malware-other.rules) * 1:9328 <-> DISABLED <-> MALWARE-OTHER zhangpo smtp propagation detection (malware-other.rules) * 1:9327 <-> DISABLED <-> MALWARE-OTHER netsky.af smtp propagation detection (malware-other.rules) * 1:9326 <-> DISABLED <-> MALWARE-OTHER netsky.p smtp propagation detection (malware-other.rules) * 1:8549 <-> DISABLED <-> MALWARE-BACKDOOR zxshell runtime detection - setting information retrieve (malware-backdoor.rules) * 1:8548 <-> DISABLED <-> MALWARE-BACKDOOR zzmm 2.0 runtime detection - init connection (malware-backdoor.rules) * 1:8544 <-> DISABLED <-> MALWARE-OTHER Keylogger nicespy runtime detection - smtp (malware-other.rules) * 1:8543 <-> DISABLED <-> MALWARE-OTHER Trackware deluxecommunications runtime detection - display popup ads (malware-other.rules) * 1:8542 <-> DISABLED <-> MALWARE-OTHER Trackware deluxecommunications runtime detection - collect info (malware-other.rules) * 1:8467 <-> DISABLED <-> MALWARE-OTHER Keylogger netobserve runtime detection - remote login response (malware-other.rules) * 1:8466 <-> DISABLED <-> MALWARE-OTHER Keylogger netobserve runtime detection - email notification (malware-other.rules) * 1:8463 <-> DISABLED <-> MALWARE-OTHER Trackware duduaccelerator runtime detection - trace login info (malware-other.rules) * 1:8462 <-> DISABLED <-> MALWARE-OTHER Trackware duduaccelerator runtime detection - trace info downloaded (malware-other.rules) * 1:8461 <-> DISABLED <-> MALWARE-OTHER Trackware duduaccelerator runtime detection - send userinfo (malware-other.rules) * 1:8362 <-> DISABLED <-> MALWARE-BACKDOOR black curse 4.0 runtime detection - normal init connection (malware-backdoor.rules) * 1:8361 <-> DISABLED <-> MALWARE-BACKDOOR black curse 4.0 runtime detection - inverse init connection (malware-backdoor.rules) * 1:8080 <-> DISABLED <-> MALWARE-CNC x2a variant outbound connection client update (malware-cnc.rules) * 1:8079 <-> DISABLED <-> MALWARE-BACKDOOR x2a runtime detection - init connection (malware-backdoor.rules) * 1:8078 <-> DISABLED <-> MALWARE-BACKDOOR mithril runtime detection - get process list (malware-backdoor.rules) * 1:8076 <-> DISABLED <-> MALWARE-BACKDOOR mithril runtime detection - get system information (malware-backdoor.rules) * 1:8074 <-> DISABLED <-> MALWARE-BACKDOOR mithril runtime detection - init connection (malware-backdoor.rules) * 1:7857 <-> DISABLED <-> MALWARE-OTHER Keylogger EliteKeylogger runtime detection (malware-other.rules) * 1:7856 <-> DISABLED <-> MALWARE-OTHER Trackware winsysba-a runtime detection - track surfing activity (malware-other.rules) * 1:7847 <-> DISABLED <-> MALWARE-OTHER Keylogger clogger 1.0 runtime detection - send log through email (malware-other.rules) * 1:7842 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool davps runtime detection (malware-tools.rules) * 1:7837 <-> DISABLED <-> MALWARE-OTHER Keylogger spyoutside runtime detection - email delivery (malware-other.rules) * 1:7836 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool nettracker runtime detection - report send through email (malware-tools.rules) * 1:7835 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool nettracker runtime detection - report browsing (malware-tools.rules) * 1:7822 <-> DISABLED <-> MALWARE-BACKDOOR xbkdr runtime detection (malware-backdoor.rules) * 1:7818 <-> DISABLED <-> MALWARE-BACKDOOR infector v1.0 runtime detection - init conn (malware-backdoor.rules) * 1:7816 <-> DISABLED <-> MALWARE-BACKDOOR darkmoon reverse connection detection - cts (malware-backdoor.rules) * 1:7814 <-> DISABLED <-> MALWARE-BACKDOOR darkmoon initial connection detection - stc (malware-backdoor.rules) * 1:7812 <-> DISABLED <-> MALWARE-BACKDOOR abacab runtime detection - banner (malware-backdoor.rules) * 1:7809 <-> DISABLED <-> MALWARE-BACKDOOR fatal wound 1.0 runtime detection - upload (malware-backdoor.rules) * 1:7807 <-> DISABLED <-> MALWARE-BACKDOOR fatal wound 1.0 runtime detection - execute file (malware-backdoor.rules) * 1:7806 <-> DISABLED <-> MALWARE-BACKDOOR fatal wound 1.0 runtime detection - initial connection (malware-backdoor.rules) * 1:7805 <-> DISABLED <-> MALWARE-CNC war trojan ver1.0 variant outbound connection ie hijacker (malware-cnc.rules) * 1:7804 <-> DISABLED <-> MALWARE-BACKDOOR war trojan ver1.0 runtime detection - disable ctrl+alt+del (malware-backdoor.rules) * 1:7803 <-> DISABLED <-> MALWARE-BACKDOOR war trojan ver1.0 runtime detection - send messages (malware-backdoor.rules) * 1:7802 <-> DISABLED <-> MALWARE-BACKDOOR portal of doom runtime detection - udp stc (malware-backdoor.rules) * 1:7801 <-> DISABLED <-> MALWARE-BACKDOOR portal of doom runtime detection - udp cts (malware-backdoor.rules) * 1:7800 <-> DISABLED <-> MALWARE-BACKDOOR incommand 1.7 runtime detection - file manage 2 (malware-backdoor.rules) * 1:7798 <-> DISABLED <-> MALWARE-BACKDOOR incommand 1.7 runtime detection - file manage 1 (malware-backdoor.rules) * 1:7796 <-> DISABLED <-> MALWARE-BACKDOOR incommand 1.7 runtime detection - init connection (malware-backdoor.rules) * 1:7793 <-> DISABLED <-> MALWARE-BACKDOOR remote anything 5.11.22 runtime detection - chat with attacker (malware-backdoor.rules) * 1:7792 <-> DISABLED <-> MALWARE-BACKDOOR remote anything 5.11.22 runtime detection - chat with victim (malware-backdoor.rules) * 1:7791 <-> DISABLED <-> MALWARE-BACKDOOR remote anything 5.11.22 runtime detection - victim response (malware-backdoor.rules) * 1:7785 <-> DISABLED <-> MALWARE-BACKDOOR forced control uploader runtime detection - connection with password (malware-backdoor.rules) * 1:7783 <-> DISABLED <-> MALWARE-BACKDOOR netdevil runtime detection - file manager (malware-backdoor.rules) * 1:7778 <-> DISABLED <-> MALWARE-BACKDOOR elfrat runtime detection - initial connection (malware-backdoor.rules) * 1:7777 <-> DISABLED <-> MALWARE-BACKDOOR messiah 4.0 runtime detection - get drives (malware-backdoor.rules) * 1:7775 <-> DISABLED <-> MALWARE-BACKDOOR messiah 4.0 runtime detection - screen capture (malware-backdoor.rules) * 1:7773 <-> DISABLED <-> MALWARE-BACKDOOR messiah 4.0 runtime detection - enable keylogger (malware-backdoor.rules) * 1:7771 <-> DISABLED <-> MALWARE-BACKDOOR messiah 4.0 runtime detection - get server info (malware-backdoor.rules) * 1:7767 <-> DISABLED <-> MALWARE-BACKDOOR nt remote controller 2000 runtime detection - foldermonitor server-to-client (malware-backdoor.rules) * 1:7765 <-> DISABLED <-> MALWARE-BACKDOOR nt remote controller 2000 runtime detection - sysinfo server-to-client (malware-backdoor.rules) * 1:7763 <-> DISABLED <-> MALWARE-BACKDOOR nt remote controller 2000 runtime detection - services client-to-server (malware-backdoor.rules) * 1:7762 <-> DISABLED <-> MALWARE-CNC analftp 0.1 variant outbound connection icq notification (malware-cnc.rules) * 1:7760 <-> DISABLED <-> MALWARE-BACKDOOR netthief runtime detection (malware-backdoor.rules) * 1:7759 <-> DISABLED <-> MALWARE-BACKDOOR glacier runtime detection - screen capture (malware-backdoor.rules) * 1:7758 <-> DISABLED <-> MALWARE-BACKDOOR glacier runtime detection - initial connection and directory browse (malware-backdoor.rules) * 1:7755 <-> DISABLED <-> MALWARE-BACKDOOR buschtrommel 1.22 runtime detection - spy function (malware-backdoor.rules) * 1:7752 <-> DISABLED <-> MALWARE-BACKDOOR buschtrommel 1.22 runtime detection - initial connection (malware-backdoor.rules) * 1:7749 <-> DISABLED <-> MALWARE-BACKDOOR bobo 1.0 runtime detection - send message (malware-backdoor.rules) * 1:7747 <-> DISABLED <-> MALWARE-BACKDOOR bobo 1.0 runtime detection - initial connection (malware-backdoor.rules) * 1:7745 <-> DISABLED <-> MALWARE-BACKDOOR phoenix 2.1 runtime detection (malware-backdoor.rules) * 1:7743 <-> DISABLED <-> MALWARE-BACKDOOR nova 1.0 runtime detection - cgi notification server-to-client (malware-backdoor.rules) * 1:7739 <-> DISABLED <-> MALWARE-BACKDOOR alexmessomalex runtime detection - grab (malware-backdoor.rules) * 1:7738 <-> DISABLED <-> MALWARE-BACKDOOR alexmessomalex runtime detection - initial connection (malware-backdoor.rules) * 1:7733 <-> DISABLED <-> MALWARE-BACKDOOR outbreak_0.2.7 runtime detection - initial connection (malware-backdoor.rules) * 1:7732 <-> DISABLED <-> MALWARE-BACKDOOR outbreak_0.2.7 runtime detection - ring client-to-server (malware-backdoor.rules) * 1:7730 <-> DISABLED <-> MALWARE-BACKDOOR outbreak_0.2.7 runtime detection - reverse connection (malware-backdoor.rules) * 1:7729 <-> DISABLED <-> MALWARE-BACKDOOR radmin runtime detection - server-to-client (malware-backdoor.rules) * 1:7727 <-> DISABLED <-> MALWARE-BACKDOOR reversable ver1.0 runtime detection - execute command (malware-backdoor.rules) * 1:7724 <-> DISABLED <-> MALWARE-BACKDOOR reversable ver1.0 runtime detection - initial connection - flowbit set (malware-backdoor.rules) * 1:7722 <-> DISABLED <-> MALWARE-CNC prorat 1.9 cgi notification detection (malware-cnc.rules) * 1:7721 <-> DISABLED <-> MALWARE-BACKDOOR prorat 1.9 initial connection detection (malware-backdoor.rules) * 1:7720 <-> DISABLED <-> MALWARE-BACKDOOR desktop scout runtime detection (malware-backdoor.rules) * 1:7719 <-> DISABLED <-> MALWARE-BACKDOOR dameware mini remote control runtime detection - initial connection (malware-backdoor.rules) * 1:7717 <-> DISABLED <-> MALWARE-BACKDOOR snake trojan runtime detection (malware-backdoor.rules) * 1:7710 <-> DISABLED <-> MALWARE-BACKDOOR fear1.5/aciddrop1.0 runtime detection - initial connection (malware-backdoor.rules) * 1:7677 <-> DISABLED <-> MALWARE-BACKDOOR cool remote control or crackdown runtime detection - initial connection (malware-backdoor.rules) * 1:7707 <-> DISABLED <-> MALWARE-BACKDOOR omniquad instant remote control runtime detection - file transfer setup (malware-backdoor.rules) * 1:7672 <-> DISABLED <-> MALWARE-BACKDOOR remoter runtime detection - initial connection (malware-backdoor.rules) * 1:7706 <-> DISABLED <-> MALWARE-BACKDOOR omniquad instant remote control runtime detection - initial connection (malware-backdoor.rules) * 1:7704 <-> DISABLED <-> MALWARE-CNC roach 1.0 server installation notification - email (malware-cnc.rules) * 1:7703 <-> DISABLED <-> MALWARE-BACKDOOR roach 1.0 runtime detection - remote control actions (malware-backdoor.rules) * 1:7701 <-> DISABLED <-> MALWARE-BACKDOOR brain wiper runtime detection - chat (malware-backdoor.rules) * 1:7699 <-> DISABLED <-> MALWARE-BACKDOOR brain wiper runtime detection - launch application (malware-backdoor.rules) * 1:7692 <-> DISABLED <-> MALWARE-BACKDOOR exception 1.0 runtime detection - notification (malware-backdoor.rules) * 1:7691 <-> DISABLED <-> MALWARE-BACKDOOR evade runtime detection - file manager (malware-backdoor.rules) * 1:7689 <-> DISABLED <-> MALWARE-BACKDOOR evade runtime detection - initial connection (malware-backdoor.rules) * 1:7675 <-> DISABLED <-> MALWARE-BACKDOOR remote havoc runtime detection (malware-backdoor.rules) * 1:7688 <-> DISABLED <-> MALWARE-BACKDOOR illusion runtime detection - file browser server-to-client (malware-backdoor.rules) * 1:7686 <-> DISABLED <-> MALWARE-BACKDOOR illusion runtime detection - get remote info server-to-client (malware-backdoor.rules) * 1:7667 <-> DISABLED <-> MALWARE-BACKDOOR screen control 1.0 runtime detection - capture on port 2208 (malware-backdoor.rules) * 1:7684 <-> DISABLED <-> MALWARE-BACKDOOR hrat 1.0 runtime detection (malware-backdoor.rules) * 1:7670 <-> DISABLED <-> MALWARE-BACKDOOR digital upload runtime detection - initial connection (malware-backdoor.rules) * 1:7671 <-> DISABLED <-> MALWARE-BACKDOOR digital upload runtime detection - chat (malware-backdoor.rules) * 1:7683 <-> DISABLED <-> MALWARE-BACKDOOR acid head 1.00 runtime detection (malware-backdoor.rules) * 1:7669 <-> DISABLED <-> MALWARE-BACKDOOR screen control 1.0 runtime detection - capture on port 2213 (malware-backdoor.rules) * 1:7665 <-> DISABLED <-> MALWARE-BACKDOOR screen control 1.0 runtime detection - initial connection (malware-backdoor.rules) * 1:7681 <-> DISABLED <-> MALWARE-BACKDOOR cool remote control 1.12 runtime detection - download file (malware-backdoor.rules) * 1:7679 <-> DISABLED <-> MALWARE-BACKDOOR cool remote control 1.12 runtime detection - upload file (malware-backdoor.rules) * 1:6026 <-> DISABLED <-> MALWARE-BACKDOOR dimbus 1.0 runtime detection - get pc info (malware-backdoor.rules) * 1:23593 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler variant outbound connection (malware-cnc.rules) * 1:23594 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Papras variant outbound connection (malware-cnc.rules) * 1:23595 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Papras variant outbound connection (malware-cnc.rules) * 1:23597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.DHD variant outbound connection (malware-cnc.rules) * 1:23598 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Slagent outgoing connection (malware-cnc.rules) * 1:23599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Slagent outgoing connection (malware-cnc.rules) * 1:23606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy.A outbound connection (malware-cnc.rules) * 1:23607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy.A outbound connection (malware-cnc.rules) * 1:23634 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kegotip variant outbound connection (malware-cnc.rules) * 1:23782 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus.kych variant outbound connection (malware-cnc.rules) * 1:23787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locotout variant outbound connection (malware-cnc.rules) * 1:23788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locotout variant outbound connection (malware-cnc.rules) * 1:23794 <-> DISABLED <-> MALWARE-CNC known command and control traffic (malware-cnc.rules) * 1:23876 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scirib variant outbound connection (malware-cnc.rules) * 1:23877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dtfanri variant outbound connection (malware-cnc.rules) * 1:23935 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zakahic variant outbound connection (malware-cnc.rules) * 1:23936 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zakahic variant outbound connection (malware-cnc.rules) * 1:23941 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Aharm variant outbound connection (malware-cnc.rules) * 1:23948 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sicisono variant outbound connection (malware-cnc.rules) * 1:23949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TKcik variant outbound connection (malware-cnc.rules) * 1:23952 <-> DISABLED <-> MALWARE-TOOLS Tors Hammer slow post flood attempt (malware-tools.rules) * 1:23953 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comfoo variant outbound connection (malware-cnc.rules) * 1:23955 <-> DISABLED <-> MALWARE-CNC Xhuna.A variant outbound connection (malware-cnc.rules) * 1:23963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Runagry variant outbound connection (malware-cnc.rules) * 1:23971 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kabwak variant outbound connection (malware-cnc.rules) * 1:23973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vampols variant inbound connection (malware-cnc.rules) * 1:23976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Genome initial variant outbound connection (malware-cnc.rules) * 1:23977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Genome runtime update to cnc-server (malware-cnc.rules) * 1:24011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransomer variant outbound connection (malware-cnc.rules) * 1:24012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cbot variant outbound connection - inital contact (malware-cnc.rules) * 1:24013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cbot variant outbound connection - inital contact (malware-cnc.rules) * 1:24014 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cbot variant outbound connection - inital contact (malware-cnc.rules) * 1:24016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Madon variant outbound connection - variant outbound connection (malware-cnc.rules) * 1:24035 <-> DISABLED <-> MALWARE-CNC Downloader.Inject variant outbound connection (malware-cnc.rules) * 1:24082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules) * 1:24092 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Clisbot variant outbound connection (malware-cnc.rules) * 1:24107 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a BMP file (malware-other.rules) * 1:24123 <-> DISABLED <-> MALWARE-BACKDOOR Virus.Win32.Xpaj.A variant outbound connection (malware-backdoor.rules) * 1:24173 <-> DISABLED <-> MALWARE-BACKDOOR Trojan-Downloader.Win32.Doneltart.A runtime detection (malware-backdoor.rules) * 1:24174 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lataa variant outbound connection (malware-cnc.rules) * 1:24175 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lataa variant outbound connection (malware-cnc.rules) * 1:24271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Bancos variant outbound connection (malware-cnc.rules) * 1:24288 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flexty variant outbound connection (malware-cnc.rules) * 1:24307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Workir variant outbound connection (malware-cnc.rules) * 1:24308 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Workir variant outbound connection (malware-cnc.rules) * 1:24334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (malware-cnc.rules) * 1:24345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drexonin variant outbound connection (malware-cnc.rules) * 1:24346 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:24347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Bloropac variant outbound connection (malware-cnc.rules) * 1:24368 <-> DISABLED <-> MALWARE-CNC Lizamoon sql injection campaign phone-home (malware-cnc.rules) * 1:24369 <-> DISABLED <-> MALWARE-CNC Lizamoon sql injection campaign ur.php response detected (malware-cnc.rules) * 1:24373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Agent variant outbound connection (malware-cnc.rules) * 1:24374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Agent variant outbound connection (malware-cnc.rules) * 1:24376 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.Delf.KDV runtime detection (malware-backdoor.rules) * 1:24377 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.FakeAV.FakeAlert runtime detection (malware-backdoor.rules) * 1:24383 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dipwit outbound connection (malware-cnc.rules) * 1:24384 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules) * 1:24385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules) * 1:24398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mooochq variant outbound connection (malware-cnc.rules) * 1:24399 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mooochq variant outbound connection (malware-cnc.rules) * 1:24400 <-> DISABLED <-> MALWARE-BACKDOOR Backdoor.Win32.Protos.A runtime detection (malware-backdoor.rules) * 1:24402 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO install time detection (malware-backdoor.rules) * 1:24403 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO runtime detection (malware-backdoor.rules) * 1:24404 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO runtime detection (malware-backdoor.rules) * 1:24405 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:24416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:24417 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:24418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24419 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24420 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Misun variant outbound connection (malware-cnc.rules) * 1:24426 <-> DISABLED <-> MALWARE-OTHER Java.Trojan.Jacksbot class download (malware-other.rules) * 1:24427 <-> DISABLED <-> MALWARE-OTHER Java.Trojan.Jacksbot jar download (malware-other.rules) * 1:24437 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mirage variant outbound connection (malware-cnc.rules) * 1:24438 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mirage variant outbound connection (malware-cnc.rules) * 1:24443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules) * 1:24444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules) * 1:24445 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules) * 1:24449 <-> DISABLED <-> MALWARE-CNC Java.Exploit.Agent variant outbound connection (malware-cnc.rules) * 1:24450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tibeli variant outbound connection (malware-cnc.rules) * 1:24451 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quervar variant outbound connection (malware-cnc.rules) * 1:24529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Begman variant connection to cnc-server (malware-cnc.rules) * 1:24540 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Spy.Heur variant outbound connection attempt (malware-backdoor.rules) * 1:24541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Unebot variant outbound connection (malware-cnc.rules) * 1:24542 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Beystreet variant outbound connection (malware-cnc.rules) * 1:24545 <-> DISABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client response (malware-backdoor.rules) * 1:24562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules) * 1:24565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msposer variant outbound connection (malware-cnc.rules) * 1:24567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Olmarik variant outbound connection (malware-cnc.rules) * 1:24569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:24576 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Barus variant outbound connection (malware-cnc.rules) * 1:24586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Barkiofork variant outbound connection (malware-cnc.rules) * 1:24623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules) * 1:24635 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Dycler variant outbound connection (malware-cnc.rules) * 1:24857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (malware-cnc.rules) * 1:24916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:24917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Turspy variant outbound connection (malware-cnc.rules) * 1:24918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Turspy variant outbound connection (malware-cnc.rules) * 1:24976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26852 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer create-add range on DOM objects memory corruption attempt (browser-ie.rules) * 1:26853 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer create-add range on DOM objects memory corruption attempt (browser-ie.rules) * 1:3010 <-> DISABLED <-> MALWARE-CNC RUX the Tick get windows directory (malware-cnc.rules) * 1:3011 <-> DISABLED <-> MALWARE-CNC RUX the Tick get system directory (malware-cnc.rules) * 1:3012 <-> DISABLED <-> MALWARE-CNC RUX the Tick upload/execute arbitrary file (malware-cnc.rules) * 1:3014 <-> DISABLED <-> MALWARE-CNC Asylum 0.1 connection (malware-cnc.rules) * 1:3015 <-> DISABLED <-> MALWARE-CNC Insane Network 4.0 connection (malware-cnc.rules) * 1:3016 <-> DISABLED <-> MALWARE-CNC Insane Network 4.0 connection port 63536 (malware-cnc.rules) * 1:3064 <-> DISABLED <-> MALWARE-BACKDOOR Vampire 1.2 connection confirmation (malware-backdoor.rules) * 1:3155 <-> DISABLED <-> MALWARE-BACKDOOR BackOrifice 2000 Inbound Traffic (malware-backdoor.rules) * 1:3635 <-> DISABLED <-> MALWARE-BACKDOOR Amanda 2.0 connection established (malware-backdoor.rules) * 1:3636 <-> DISABLED <-> MALWARE-BACKDOOR Crazzy Net 5.0 connection established (malware-backdoor.rules) * 1:39528 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF WRAssembly ASLR bypass download attempt (file-office.rules) * 1:39529 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF WRAssembly ASLR bypass download attempt (file-office.rules) * 1:40606 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:5742 <-> DISABLED <-> MALWARE-OTHER Keylogger activitylogger runtime detection (malware-other.rules) * 1:5759 <-> DISABLED <-> MALWARE-OTHER Keylogger fearlesskeyspy runtime detection (malware-other.rules) * 1:5777 <-> DISABLED <-> MALWARE-OTHER Keylogger gurl watcher runtime detection (malware-other.rules) * 1:5778 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwpe windows activity logs (malware-other.rules) * 1:5779 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwpe shell file logs (malware-other.rules) * 1:5780 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwpe word filtered echelon log (malware-other.rules) * 1:5781 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwae windows activity logs (malware-other.rules) * 1:5782 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwae word filtered echelon log (malware-other.rules) * 1:5783 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwae keystrokes log (malware-other.rules) * 1:5784 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwae urls browsed log (malware-other.rules) * 1:5790 <-> DISABLED <-> MALWARE-OTHER Keylogger pc actmon pro runtime detection - smtp (malware-other.rules) * 1:5812 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - email notification (malware-tools.rules) * 1:5814 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - create redirection (malware-tools.rules) * 1:5816 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - destory redirection (malware-tools.rules) * 1:5819 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - check status (malware-tools.rules) * 1:5821 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - destory log (malware-tools.rules) * 1:5823 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - view netstat (malware-tools.rules) * 1:5839 <-> DISABLED <-> MALWARE-OTHER Trackware ucmore runtime detection - click sponsor/ad link (malware-other.rules) * 1:5875 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool eraser runtime detection - detonate (malware-tools.rules) * 1:5876 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool eraser runtime detection - disinfect (malware-tools.rules) * 1:5956 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool ghostvoice 1.02 icq notification of server installation (malware-tools.rules) * 1:5958 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool ghostvoice 1.02 runtime detection - init connection with password requirement (malware-tools.rules) * 1:6016 <-> DISABLED <-> MALWARE-BACKDOOR dsk lite 1.0 runtime detection - initial connection (malware-backdoor.rules) * 1:6017 <-> DISABLED <-> MALWARE-BACKDOOR dsk lite 1.0 runtime detection - disconnect (malware-backdoor.rules) * 1:6018 <-> DISABLED <-> MALWARE-CNC dsk lite 1.0 variant outbound connection icq notification (malware-cnc.rules) * 1:6019 <-> DISABLED <-> MALWARE-CNC dsk lite 1.0 variant outbound connection cgi notification (malware-cnc.rules) * 1:6020 <-> DISABLED <-> MALWARE-CNC dsk lite 1.0 variant outbound connection php notification (malware-cnc.rules) * 1:6021 <-> DISABLED <-> MALWARE-BACKDOOR silent spy 2.10 command response port 4225 (malware-backdoor.rules) * 1:6022 <-> DISABLED <-> MALWARE-BACKDOOR silent spy 2.10 command response port 4226 (malware-backdoor.rules) * 1:6023 <-> DISABLED <-> MALWARE-CNC silent spy 2.10 variant outbound connection icq notification (malware-cnc.rules) * 1:6024 <-> DISABLED <-> MALWARE-BACKDOOR nuclear rat v6_21 runtime detection (malware-backdoor.rules) * 1:24191 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Raven variant outbound connection (malware-cnc.rules) * 1:6028 <-> DISABLED <-> MALWARE-BACKDOOR cyberpaky runtime detection (malware-backdoor.rules) * 1:6029 <-> DISABLED <-> MALWARE-CNC fkwp 2.0 variant outbound connection icq notification (malware-cnc.rules) * 1:6035 <-> DISABLED <-> MALWARE-BACKDOOR minicommand runtime detection - initial connection server-to-client (malware-backdoor.rules) * 1:6037 <-> DISABLED <-> MALWARE-BACKDOOR netbus 1.7 runtime detection - email notification (malware-backdoor.rules) * 1:6039 <-> DISABLED <-> MALWARE-CNC fade 1.0 variant outbound connection notification (malware-cnc.rules) * 1:6042 <-> DISABLED <-> MALWARE-CNC fear 0.2 variant outbound connection php notification (malware-cnc.rules) * 1:6043 <-> DISABLED <-> MALWARE-CNC fear 0.2 variant outbound connection cgi notification (malware-cnc.rules) * 1:6046 <-> DISABLED <-> MALWARE-BACKDOOR fear 0.2 runtime detection - initial connection (malware-backdoor.rules) * 1:6048 <-> DISABLED <-> MALWARE-BACKDOOR fun factory runtime detection - connect (malware-backdoor.rules) * 1:6050 <-> DISABLED <-> MALWARE-BACKDOOR fun factory runtime detection - upload (malware-backdoor.rules) * 1:6052 <-> DISABLED <-> MALWARE-BACKDOOR fun factory runtime detection - set volume (malware-backdoor.rules) * 1:6054 <-> DISABLED <-> MALWARE-BACKDOOR fun factory runtime detection - do script remotely (malware-backdoor.rules) * 1:6058 <-> DISABLED <-> MALWARE-CNC neurotickat1.3 variant outbound connection icq notification (malware-cnc.rules) * 1:6059 <-> DISABLED <-> MALWARE-CNC neurotickat1.3 variant outbound connection cgi notification (malware-cnc.rules) * 1:6062 <-> DISABLED <-> MALWARE-BACKDOOR neurotickat1.3 runtime detection - initial connection (malware-backdoor.rules) * 1:6064 <-> DISABLED <-> MALWARE-BACKDOOR schwindler 1.82 runtime detection (malware-backdoor.rules) * 1:6066 <-> DISABLED <-> MALWARE-BACKDOOR optixlite 1.0 runtime detection - connection success server-to-client (malware-backdoor.rules) * 1:6069 <-> DISABLED <-> MALWARE-CNC optixlite 1.0 variant outbound connection icq notification (malware-cnc.rules) * 1:6070 <-> DISABLED <-> MALWARE-BACKDOOR freak 1.0 runtime detection - irc notification (malware-backdoor.rules) * 1:6071 <-> DISABLED <-> MALWARE-CNC freak 1.0 variant outbound connection icq notification (malware-cnc.rules) * 1:6073 <-> DISABLED <-> MALWARE-BACKDOOR freak 1.0 runtime detection - initial connection server-to-client (malware-backdoor.rules) * 1:6075 <-> DISABLED <-> MALWARE-BACKDOOR xhx 1.6 runtime detection - initial connection server-to-client (malware-backdoor.rules) * 1:6076 <-> DISABLED <-> MALWARE-BACKDOOR amiboide uploader runtime detection - init connection (malware-backdoor.rules) * 1:6078 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - get information (malware-backdoor.rules) * 1:6080 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - show autospy (malware-backdoor.rules) * 1:6082 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - show nude pic (malware-backdoor.rules) * 1:6084 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - hide taskbar (malware-backdoor.rules) * 1:6086 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - make directory (malware-backdoor.rules) * 1:6088 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection - init connection (malware-backdoor.rules) * 1:6090 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection - get memory info (malware-backdoor.rules) * 1:6092 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection - get harddisk info (malware-backdoor.rules) * 1:6094 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection - get drive info (malware-backdoor.rules) * 1:6096 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection - get system info (malware-backdoor.rules) * 1:6098 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection - check server (malware-backdoor.rules) * 1:6100 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection - view content of directory (malware-backdoor.rules) * 1:6102 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection - execute command (malware-backdoor.rules) * 1:6104 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection - upload file (malware-backdoor.rules) * 1:6106 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection - download file (malware-backdoor.rules) * 1:6107 <-> DISABLED <-> MALWARE-BACKDOOR backage 3.1 runtime detection (malware-backdoor.rules) * 1:6109 <-> DISABLED <-> MALWARE-BACKDOOR dagger v1.1.40 runtime detection (malware-backdoor.rules) * 1:6110 <-> DISABLED <-> MALWARE-BACKDOOR forced entry v1.1 beta runtime detection (malware-backdoor.rules) * 1:6113 <-> DISABLED <-> MALWARE-BACKDOOR optix 1.32 runtime detection - init conn (malware-backdoor.rules) * 1:6114 <-> DISABLED <-> MALWARE-BACKDOOR optix 1.32 runtime detection - email notification (malware-backdoor.rules) * 1:6115 <-> DISABLED <-> MALWARE-CNC optix 1.32 variant outbound connection icq notification (malware-cnc.rules) * 1:6117 <-> DISABLED <-> MALWARE-BACKDOOR fore v1.0 beta runtime detection - init conn (malware-backdoor.rules) * 1:6119 <-> DISABLED <-> MALWARE-BACKDOOR net runner runtime detection - initial connection server-to-client (malware-backdoor.rules) * 1:6121 <-> DISABLED <-> MALWARE-BACKDOOR net runner runtime detection - download file server-to-client (malware-backdoor.rules) * 1:6124 <-> DISABLED <-> MALWARE-BACKDOOR ambush 1.0 runtime detection - ping server-to-client (malware-backdoor.rules) * 1:6126 <-> DISABLED <-> MALWARE-BACKDOOR dkangel runtime detection - smtp (malware-backdoor.rules) * 1:6127 <-> DISABLED <-> MALWARE-BACKDOOR dkangel runtime detection - udp client-to-server (malware-backdoor.rules) * 1:6128 <-> DISABLED <-> MALWARE-BACKDOOR dkangel runtime detection - icmp echo reply client-to-server (malware-backdoor.rules) * 1:6130 <-> DISABLED <-> MALWARE-BACKDOOR chupacabra 1.0 runtime detection - get computer name (malware-backdoor.rules) * 1:6132 <-> DISABLED <-> MALWARE-BACKDOOR chupacabra 1.0 runtime detection - get user name (malware-backdoor.rules) * 1:6133 <-> DISABLED <-> MALWARE-BACKDOOR chupacabra 1.0 runtime detection - send messages (malware-backdoor.rules) * 1:6134 <-> DISABLED <-> MALWARE-BACKDOOR chupacabra 1.0 runtime detection - delete file (malware-backdoor.rules) * 1:6136 <-> DISABLED <-> MALWARE-BACKDOOR clindestine 1.0 runtime detection - capture big screen (malware-backdoor.rules) * 1:6137 <-> DISABLED <-> MALWARE-BACKDOOR clindestine 1.0 runtime detection - capture small screen (malware-backdoor.rules) * 1:6138 <-> DISABLED <-> MALWARE-BACKDOOR clindestine 1.0 runtime detection - get computer info (malware-backdoor.rules) * 1:6139 <-> DISABLED <-> MALWARE-BACKDOOR clindestine 1.0 runtime detection - get system directory (malware-backdoor.rules) * 1:6142 <-> DISABLED <-> MALWARE-BACKDOOR hellzaddiction v1.0e runtime detection - ftp open (malware-backdoor.rules) * 1:6143 <-> DISABLED <-> MALWARE-BACKDOOR dark connection inside v1.2 runtime detection (malware-backdoor.rules) * 1:6146 <-> DISABLED <-> MALWARE-BACKDOOR mantis runtime detection - sent notify option client-to-server 2 (malware-backdoor.rules) * 1:6148 <-> DISABLED <-> MALWARE-BACKDOOR mantis runtime detection - go to address server-to-client (malware-backdoor.rules) * 1:6150 <-> DISABLED <-> MALWARE-BACKDOOR netcontrol v1.0.8 runtime detection (malware-backdoor.rules) * 1:6151 <-> DISABLED <-> MALWARE-BACKDOOR back attack v1.4 runtime detection (malware-backdoor.rules) * 1:6153 <-> DISABLED <-> MALWARE-BACKDOOR dirtxt runtime detection - chdir server-to-client (malware-backdoor.rules) * 1:6155 <-> DISABLED <-> MALWARE-BACKDOOR dirtxt runtime detection - info server-to-client (malware-backdoor.rules) * 1:6157 <-> DISABLED <-> MALWARE-BACKDOOR dirtxt runtime detection - view server-to-client (malware-backdoor.rules) * 1:6159 <-> DISABLED <-> MALWARE-BACKDOOR delirium of disorder runtime detection - enable keylogger (malware-backdoor.rules) * 1:6160 <-> DISABLED <-> MALWARE-BACKDOOR delirium of disorder runtime detection - stop keylogger (malware-backdoor.rules) * 1:6161 <-> DISABLED <-> MALWARE-BACKDOOR furax 1.0 b2 runtime detection (malware-backdoor.rules) * 1:6165 <-> DISABLED <-> MALWARE-BACKDOOR psyrat 1.0 runtime detection (malware-backdoor.rules) * 1:6166 <-> DISABLED <-> MALWARE-BACKDOOR unicorn runtime detection - initial connection (malware-backdoor.rules) * 1:6168 <-> DISABLED <-> MALWARE-BACKDOOR unicorn runtime detection - set wallpaper server-to-client (malware-backdoor.rules) * 1:6170 <-> DISABLED <-> MALWARE-BACKDOOR digital rootbeer runtime detection (malware-backdoor.rules) * 1:6172 <-> DISABLED <-> MALWARE-BACKDOOR cookie monster 0.24 runtime detection - get version info (malware-backdoor.rules) * 1:6174 <-> DISABLED <-> MALWARE-BACKDOOR cookie monster 0.24 runtime detection - file explorer (malware-backdoor.rules) * 1:6175 <-> DISABLED <-> MALWARE-BACKDOOR cookie monster 0.24 runtime detection - kill kernel (malware-backdoor.rules) * 1:6176 <-> DISABLED <-> MALWARE-BACKDOOR guptachar 2.0 runtime detection (malware-backdoor.rules) * 1:6177 <-> DISABLED <-> MALWARE-BACKDOOR ultimate destruction runtime detection - kill process client-to-server (malware-backdoor.rules) * 1:6178 <-> DISABLED <-> MALWARE-BACKDOOR ultimate destruction runtime detection - kill windows client-to-server (malware-backdoor.rules) * 1:6179 <-> DISABLED <-> MALWARE-BACKDOOR bladerunner 0.80 runtime detection (malware-backdoor.rules) * 1:6181 <-> DISABLED <-> MALWARE-BACKDOOR netraider 0.0 runtime detection (malware-backdoor.rules) * 1:6190 <-> DISABLED <-> MALWARE-OTHER Keylogger eblaster 5.0 runtime detection (malware-other.rules) * 1:6205 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool freak 88 das runtime detection (malware-tools.rules) * 1:6206 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool sin stealer 1.1 runtime detection (malware-tools.rules) * 1:6207 <-> DISABLED <-> MALWARE-OTHER Keylogger winsession runtime detection - smtp (malware-other.rules) * 1:6208 <-> DISABLED <-> MALWARE-OTHER Keylogger winsession runtime detection - ftp (malware-other.rules) * 1:6220 <-> DISABLED <-> MALWARE-OTHER Keylogger boss everyware runtime detection (malware-other.rules) * 1:6221 <-> DISABLED <-> MALWARE-OTHER Keylogger computerspy runtime detection (malware-other.rules) * 1:6286 <-> DISABLED <-> MALWARE-BACKDOOR antilamer 1.1 runtime detection (malware-backdoor.rules) * 1:6287 <-> DISABLED <-> MALWARE-BACKDOOR fictional daemon 4.4 runtime detection - telent (malware-backdoor.rules) * 1:6288 <-> DISABLED <-> MALWARE-BACKDOOR fictional daemon 4.4 runtime detection - ftp (malware-backdoor.rules) * 1:6291 <-> DISABLED <-> MALWARE-CNC justjoke v2.6 variant outbound connection (malware-cnc.rules) * 1:6292 <-> DISABLED <-> MALWARE-BACKDOOR joker ddos v1.0.1 runtime detection - initial connection (malware-backdoor.rules) * 1:6295 <-> DISABLED <-> MALWARE-BACKDOOR joker ddos v1.0.1 runtime detection - bomb (malware-backdoor.rules) * 1:6296 <-> DISABLED <-> MALWARE-CNC insurrection 1.1.0 variant outbound connection icq notification 1 (malware-cnc.rules) * 1:6297 <-> DISABLED <-> MALWARE-CNC insurrection 1.1.0 variant outbound connection icq notification 2 (malware-cnc.rules) * 1:6298 <-> DISABLED <-> MALWARE-BACKDOOR insurrection 1.1.0 runtime detection - reverse connection (malware-backdoor.rules) * 1:6299 <-> DISABLED <-> MALWARE-BACKDOOR insurrection 1.1.0 runtime detection - initial connection (malware-backdoor.rules) * 1:6300 <-> DISABLED <-> MALWARE-CNC cia 1.3 variant outbound connection icq notification (malware-cnc.rules) * 1:6301 <-> DISABLED <-> MALWARE-BACKDOOR cia 1.3 runtime detection - smtp notification (malware-backdoor.rules) * 1:6303 <-> DISABLED <-> MALWARE-BACKDOOR cia runtime detection - initial connection (malware-backdoor.rules) * 1:6305 <-> DISABLED <-> MALWARE-BACKDOOR softwar shadowthief runtime detection - initial connection (malware-backdoor.rules) * 1:6306 <-> DISABLED <-> MALWARE-BACKDOOR shit heep runtime detection (malware-backdoor.rules) * 1:6308 <-> DISABLED <-> MALWARE-BACKDOOR lamespy runtime detection - initial connection (malware-backdoor.rules) * 1:6311 <-> DISABLED <-> MALWARE-BACKDOOR net demon runtime detection - initial connection - password accepted (malware-backdoor.rules) * 1:6313 <-> DISABLED <-> MALWARE-BACKDOOR net demon runtime detection - message response (malware-backdoor.rules) * 1:6315 <-> DISABLED <-> MALWARE-BACKDOOR net demon runtime detection - open browser response (malware-backdoor.rules) * 1:6317 <-> DISABLED <-> MALWARE-BACKDOOR net demon runtime detection - file manager response (malware-backdoor.rules) * 1:6318 <-> DISABLED <-> MALWARE-BACKDOOR rtb666 runtime detection (malware-backdoor.rules) * 1:6321 <-> DISABLED <-> MALWARE-BACKDOOR ptakks2.1 runtime detection - keepalive acknowledgement (malware-backdoor.rules) * 1:6322 <-> DISABLED <-> MALWARE-BACKDOOR ptakks2.1 runtime detection - command pattern (malware-backdoor.rules) * 1:6324 <-> DISABLED <-> MALWARE-BACKDOOR 3xBackdoor runtime detection (malware-backdoor.rules) * 1:6325 <-> DISABLED <-> MALWARE-BACKDOOR fucktrojan 1.2 runtime detection - initial connection (malware-backdoor.rules) * 1:6327 <-> DISABLED <-> MALWARE-BACKDOOR fucktrojan 1.2 runtime detection - flood (malware-backdoor.rules) * 1:6328 <-> DISABLED <-> MALWARE-BACKDOOR commando runtime detection - initial connection (malware-backdoor.rules) * 1:6330 <-> DISABLED <-> MALWARE-BACKDOOR commando runtime detection - chat server-to-client (malware-backdoor.rules) * 1:6331 <-> DISABLED <-> MALWARE-CNC globalkiller1.0 variant outbound connection notification (malware-cnc.rules) * 1:6332 <-> DISABLED <-> MALWARE-BACKDOOR globalkiller1.0 runtime detection - initial connection (malware-backdoor.rules) * 1:6333 <-> DISABLED <-> MALWARE-BACKDOOR wincrash 2.0 runtime detection (malware-backdoor.rules) * 1:6334 <-> DISABLED <-> MALWARE-BACKDOOR backlash runtime detection (malware-backdoor.rules) * 1:6336 <-> DISABLED <-> MALWARE-BACKDOOR buttman v0.9p runtime detection - remote control (malware-backdoor.rules) * 1:6338 <-> DISABLED <-> MALWARE-BACKDOOR hatredfriend file manage command (malware-backdoor.rules) * 1:6339 <-> DISABLED <-> MALWARE-BACKDOOR hatredfriend email notification detection (malware-backdoor.rules) * 1:6340 <-> DISABLED <-> MALWARE-OTHER Keylogger handy keylogger runtime detection (malware-other.rules) * 1:6365 <-> DISABLED <-> MALWARE-OTHER Sony rootkit runtime detection (malware-other.rules) * 1:6383 <-> DISABLED <-> MALWARE-OTHER Keylogger stealthwatcher 2000 runtime detection - tcp connection setup (malware-other.rules) * 1:6384 <-> DISABLED <-> MALWARE-OTHER Keylogger stealthwatcher 2000 runtime detection - agent discover broadcast (malware-other.rules) * 1:6385 <-> DISABLED <-> MALWARE-OTHER Keylogger stealthwatcher 2000 runtime detection - agent status monitoring (malware-other.rules) * 1:6386 <-> DISABLED <-> MALWARE-OTHER Keylogger stealthwatcher 2000 runtime detection - agent up notification (malware-other.rules) * 1:6395 <-> DISABLED <-> MALWARE-CNC a-311 death variant outbound connection server-to-client (malware-cnc.rules) * 1:6396 <-> DISABLED <-> MALWARE-CNC a-311 death user-agent string detected (malware-cnc.rules) * 1:6397 <-> DISABLED <-> MALWARE-BACKDOOR http rat runtime detection - smtp (malware-backdoor.rules) * 1:6398 <-> DISABLED <-> MALWARE-BACKDOOR http rat runtime detection - http (malware-backdoor.rules) * 1:6399 <-> DISABLED <-> MALWARE-BACKDOOR rad 1.2.3 runtime detection (malware-backdoor.rules) * 1:6401 <-> DISABLED <-> MALWARE-BACKDOOR snowdoor runtime detection server-to-client (malware-backdoor.rules) * 1:6402 <-> DISABLED <-> MALWARE-BACKDOOR netangel connection client-to-server (malware-backdoor.rules) * 1:6473 <-> DISABLED <-> MALWARE-BACKDOOR bugs runtime detection - file manager server-to-client (malware-backdoor.rules) * 1:6474 <-> DISABLED <-> MALWARE-CNC Win.Trojan.loosky.gen variant outbound connection notification (malware-cnc.rules) * 1:6476 <-> DISABLED <-> MALWARE-BACKDOOR badrat 1.1 runtime detection (malware-backdoor.rules) * 1:6477 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool beee runtime detection - smtp (malware-tools.rules) * 1:6492 <-> DISABLED <-> MALWARE-BACKDOOR Trickler Backdoor-BAC.gen.e runtime detection - notification (malware-backdoor.rules) * 1:6493 <-> DISABLED <-> MALWARE-BACKDOOR Trickler Backdoor-BAC.gen.e runtime detection - post data (malware-backdoor.rules) * 1:6498 <-> DISABLED <-> MALWARE-BACKDOOR exploiter 1.0 runtime detection (malware-backdoor.rules) * 1:7057 <-> DISABLED <-> MALWARE-BACKDOOR charon runtime detection - initial connection (malware-backdoor.rules) * 1:7060 <-> DISABLED <-> MALWARE-BACKDOOR charon runtime detection - download file/log (malware-backdoor.rules) * 1:7064 <-> DISABLED <-> MALWARE-BACKDOOR cybernetic 1.62 runtime detection - email notification (malware-backdoor.rules) * 1:7068 <-> DISABLED <-> MALWARE-BACKDOOR delta source 0.5 beta runtime detection - ping (malware-backdoor.rules) * 1:7069 <-> DISABLED <-> MALWARE-BACKDOOR delta source 0.5 beta runtime detection - pc info (malware-backdoor.rules) * 1:7072 <-> DISABLED <-> MALWARE-BACKDOOR fraggle rock 2.0 lite runtime detection - pc info (malware-backdoor.rules) * 1:7073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.dumaru.gen variant outbound connection notification (malware-cnc.rules) * 1:7074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.dumaru.gen variant outbound connection cmd (malware-cnc.rules) * 1:7075 <-> DISABLED <-> MALWARE-BACKDOOR bandook 1.0 runtime detection (malware-backdoor.rules) * 1:7076 <-> DISABLED <-> MALWARE-CNC minimo v0.6 variant outbound connection cgi notification (malware-cnc.rules) * 1:7077 <-> DISABLED <-> MALWARE-CNC minimo v0.6 variant outbound connection icq notification (malware-cnc.rules) * 1:7081 <-> DISABLED <-> MALWARE-BACKDOOR up and run v1.0 beta runtime detection (malware-backdoor.rules) * 1:7084 <-> DISABLED <-> MALWARE-BACKDOOR erazer v1.1 runtime detection - sin notification (malware-backdoor.rules) * 1:7086 <-> DISABLED <-> MALWARE-BACKDOOR erazer v1.1 runtime detection - init connection (malware-backdoor.rules) * 1:7103 <-> DISABLED <-> MALWARE-CNC gwboy 0.92 variant outbound connection (malware-cnc.rules) * 1:7120 <-> DISABLED <-> MALWARE-BACKDOOR y3k 1.2 runtime detection - init connection 1 (malware-backdoor.rules) * 1:7122 <-> DISABLED <-> MALWARE-BACKDOOR y3k 1.2 runtime detection - init connection 2 (malware-backdoor.rules) * 1:7146 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool sars notifier runtime detection - sin notification (malware-tools.rules) * 1:7147 <-> DISABLED <-> MALWARE-CNC Hacker-Tool sars notifier variant outbound connection icq notification (malware-cnc.rules) * 1:7148 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool sars notifier runtime detection - cgi notification (malware-tools.rules) * 1:7149 <-> DISABLED <-> MALWARE-CNC Hacker-Tool sars notifier variant outbound connection php notification (malware-cnc.rules) * 1:7150 <-> DISABLED <-> MALWARE-CNC Hacker-Tool sars notifier variant outbound connection irc notification (malware-cnc.rules) * 1:7151 <-> DISABLED <-> MALWARE-CNC Hacker-Tool sars notifier variant outbound connection net send notification (malware-cnc.rules) * 1:7154 <-> DISABLED <-> MALWARE-OTHER Keylogger active keylogger home runtime detection (malware-other.rules) * 1:7156 <-> DISABLED <-> MALWARE-OTHER Keylogger win-spy runtime detection - email delivery (malware-other.rules) * 1:7158 <-> DISABLED <-> MALWARE-OTHER Keylogger win-spy runtime detection - remote conn server-to-client (malware-other.rules) * 1:7160 <-> DISABLED <-> MALWARE-OTHER Keylogger win-spy runtime detection - upload file server-to-client (malware-other.rules) * 1:7162 <-> DISABLED <-> MALWARE-OTHER Keylogger win-spy runtime detection - download file server-to-client (malware-other.rules) * 1:7164 <-> DISABLED <-> MALWARE-OTHER Keylogger win-spy runtime detection - execute file server-to-client (malware-other.rules) * 1:7169 <-> DISABLED <-> MALWARE-OTHER Keylogger ab system spy runtime detection - information exchange (malware-other.rules) * 1:7176 <-> DISABLED <-> MALWARE-OTHER Keylogger ab system spy runtime detection - log retrieve (malware-other.rules) * 1:7177 <-> DISABLED <-> MALWARE-OTHER Keylogger ab system spy runtime detection - info send through email (malware-other.rules) * 1:7180 <-> DISABLED <-> MALWARE-OTHER Keylogger desktop detective 2000 runtime detection - init connection (malware-other.rules) * 1:7183 <-> DISABLED <-> MALWARE-CNC Snoopware barok variant outbound connection (malware-cnc.rules) * 1:7184 <-> DISABLED <-> MALWARE-OTHER Keylogger 007 spy software runtime detection - smtp (malware-other.rules) * 1:7185 <-> DISABLED <-> MALWARE-OTHER Keylogger 007 spy software runtime detection - ftp (malware-other.rules) * 1:7186 <-> DISABLED <-> MALWARE-OTHER Keylogger kgb Keylogger runtime detection (malware-other.rules) * 1:7189 <-> DISABLED <-> MALWARE-OTHER Trackware shopathome runtime detection - setcookie request (malware-other.rules) * 1:7504 <-> DISABLED <-> MALWARE-OTHER Keylogger actualspy runtime detection - ftp-data (malware-other.rules) * 1:7505 <-> DISABLED <-> MALWARE-OTHER Keylogger actualspy runtime detection - smtp (malware-other.rules) * 1:7507 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool coma runtime detection - init connection (malware-tools.rules) * 1:7509 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool coma runtime detection - ping (malware-tools.rules) * 1:7539 <-> DISABLED <-> MALWARE-OTHER Keylogger eye spy pro 1.0 runtime detection (malware-other.rules) * 1:7541 <-> DISABLED <-> MALWARE-OTHER Keylogger starlogger runtime detection (malware-other.rules) * 1:7542 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool mini oblivion runtime detection - successful init connection (malware-tools.rules) * 1:7546 <-> DISABLED <-> MALWARE-OTHER Keylogger PerfectKeylogger runtime detection (malware-other.rules) * 1:7547 <-> DISABLED <-> MALWARE-OTHER Keylogger activity monitor 3.8 runtime detection - agent status monitoring (malware-other.rules) * 1:7548 <-> DISABLED <-> MALWARE-OTHER Keylogger activity monitor 3.8 runtime detection - agent up notification (malware-other.rules) * 1:7549 <-> DISABLED <-> MALWARE-OTHER Keylogger activity monitor 3.8 runtime detection (malware-other.rules) * 1:7551 <-> DISABLED <-> MALWARE-OTHER Keylogger ardamax keylogger runtime detection - smtp (malware-other.rules) * 1:7552 <-> DISABLED <-> MALWARE-OTHER Keylogger ardamax keylogger runtime detection - ftp (malware-other.rules) * 1:7557 <-> DISABLED <-> MALWARE-OTHER Trackware purityscan runtime detection - start up (malware-other.rules) * 1:7558 <-> DISABLED <-> MALWARE-OTHER Trackware purityscan runtime detection - installation notify (malware-other.rules) * 1:7559 <-> DISABLED <-> MALWARE-OTHER Trackware purityscan runtime detection - track user activity and status (malware-other.rules) * 1:7560 <-> DISABLED <-> MALWARE-OTHER Trackware purityscan runtime detection - self update (malware-other.rules) * 1:7561 <-> DISABLED <-> MALWARE-OTHER Trackware purityscan runtime detection - opt out of interstitial advertising (malware-other.rules) * 1:7568 <-> DISABLED <-> MALWARE-OTHER Trackware webhancer runtime detection (malware-other.rules) * 1:7574 <-> DISABLED <-> MALWARE-OTHER Keylogger proagent 2.0 runtime detection (malware-other.rules) * 1:7586 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool clandestine runtime detection - image transferred (malware-tools.rules) * 1:7592 <-> DISABLED <-> MALWARE-OTHER Keylogger keylogger pro runtime detection (malware-other.rules) * 1:7597 <-> DISABLED <-> MALWARE-OTHER Keylogger spy lantern keylogger runtime detection (malware-other.rules) * 1:7605 <-> DISABLED <-> MALWARE-BACKDOOR katux 2.0 runtime detection - screen capture (malware-backdoor.rules) * 1:7607 <-> DISABLED <-> MALWARE-BACKDOOR katux 2.0 runtime detection - get system info (malware-backdoor.rules) * 1:7609 <-> DISABLED <-> MALWARE-BACKDOOR katux 2.0 runtime detection - chat (malware-backdoor.rules) * 1:7616 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.0 runtime detection - connection without password (malware-backdoor.rules) * 1:7619 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.0 runtime detection - connection request with password (malware-backdoor.rules) * 1:7623 <-> DISABLED <-> MALWARE-BACKDOOR remote control 1.7 runtime detection - connection request (malware-backdoor.rules) * 1:7624 <-> DISABLED <-> MALWARE-BACKDOOR remote control 1.7 runtime detection - data connection (malware-backdoor.rules) * 1:7629 <-> DISABLED <-> MALWARE-BACKDOOR skyrat show runtime detection - initial connection (malware-backdoor.rules) * 1:7630 <-> DISABLED <-> MALWARE-BACKDOOR helios 3.1 runtime detection - initial connection (malware-backdoor.rules) * 1:7632 <-> DISABLED <-> MALWARE-BACKDOOR hornet 1.0 runtime detection - fetch system info (malware-backdoor.rules) * 1:7634 <-> DISABLED <-> MALWARE-BACKDOOR hornet 1.0 runtime detection - irc connection (malware-backdoor.rules) * 1:7636 <-> DISABLED <-> MALWARE-BACKDOOR hornet 1.0 runtime detection - fetch processes list (malware-backdoor.rules) * 1:7637 <-> DISABLED <-> MALWARE-CNC hornet 1.0 variant outbound connection icq notification (malware-cnc.rules) * 1:7638 <-> DISABLED <-> MALWARE-BACKDOOR Win.Exploit.Backdoor ncph runtime detection - initial connection (malware-backdoor.rules) * 1:7639 <-> DISABLED <-> MALWARE-CNC air variant outbound connection php notification (malware-cnc.rules) * 1:7640 <-> DISABLED <-> MALWARE-CNC air variant outbound connection webmail notification (malware-cnc.rules) * 1:7641 <-> DISABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client-to-server (malware-backdoor.rules) * 1:7642 <-> DISABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client response (malware-backdoor.rules) * 1:7644 <-> DISABLED <-> MALWARE-BACKDOOR ullysse runtime detection - client-to-server (malware-backdoor.rules) * 1:7646 <-> DISABLED <-> MALWARE-BACKDOOR snipernet 2.1 runtime detection (malware-backdoor.rules) * 1:7658 <-> DISABLED <-> MALWARE-BACKDOOR jodeitor 1.1 runtime detection - initial connection (malware-backdoor.rules) * 1:7659 <-> DISABLED <-> MALWARE-BACKDOOR lan filtrator 1.1 runtime detection - sin notification (malware-backdoor.rules) * 1:7661 <-> DISABLED <-> MALWARE-BACKDOOR lan filtrator 1.1 runtime detection - initial connection request (malware-backdoor.rules) * 1:7663 <-> DISABLED <-> MALWARE-BACKDOOR snid x2 v1.2 runtime detection - initial connection (malware-backdoor.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:44364 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF hex encoded WRAssembly ASLR bypass download attempt (file-office.rules) * 1:44363 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF hex encoded WRAsembly ASLR bypass download attempt (file-office.rules) * 1:44362 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Sality (blacklist.rules) * 1:44361 <-> ENABLED <-> SERVER-WEBAPP Trend Micro OfficeScan proxy_controller.php command injection attempt (server-webapp.rules) * 1:44360 <-> ENABLED <-> SERVER-WEBAPP Trend Micro OfficeScan proxy_controller.php command injection attempt (server-webapp.rules) * 1:44359 <-> ENABLED <-> SERVER-WEBAPP Trend Micro OfficeScan proxy_controller.php command injection attempt (server-webapp.rules) * 1:44358 <-> DISABLED <-> PUA-ADWARE DealPly Adware variant outbound connection (pua-adware.rules)
* 1:6159 <-> DISABLED <-> MALWARE-BACKDOOR delirium of disorder runtime detection - enable keylogger (malware-backdoor.rules) * 1:6157 <-> DISABLED <-> MALWARE-BACKDOOR dirtxt runtime detection - view server-to-client (malware-backdoor.rules) * 1:6155 <-> DISABLED <-> MALWARE-BACKDOOR dirtxt runtime detection - info server-to-client (malware-backdoor.rules) * 1:6153 <-> DISABLED <-> MALWARE-BACKDOOR dirtxt runtime detection - chdir server-to-client (malware-backdoor.rules) * 1:6151 <-> DISABLED <-> MALWARE-BACKDOOR back attack v1.4 runtime detection (malware-backdoor.rules) * 1:6150 <-> DISABLED <-> MALWARE-BACKDOOR netcontrol v1.0.8 runtime detection (malware-backdoor.rules) * 1:6148 <-> DISABLED <-> MALWARE-BACKDOOR mantis runtime detection - go to address server-to-client (malware-backdoor.rules) * 1:6146 <-> DISABLED <-> MALWARE-BACKDOOR mantis runtime detection - sent notify option client-to-server 2 (malware-backdoor.rules) * 1:6143 <-> DISABLED <-> MALWARE-BACKDOOR dark connection inside v1.2 runtime detection (malware-backdoor.rules) * 1:6142 <-> DISABLED <-> MALWARE-BACKDOOR hellzaddiction v1.0e runtime detection - ftp open (malware-backdoor.rules) * 1:6139 <-> DISABLED <-> MALWARE-BACKDOOR clindestine 1.0 runtime detection - get system directory (malware-backdoor.rules) * 1:6138 <-> DISABLED <-> MALWARE-BACKDOOR clindestine 1.0 runtime detection - get computer info (malware-backdoor.rules) * 1:6137 <-> DISABLED <-> MALWARE-BACKDOOR clindestine 1.0 runtime detection - capture small screen (malware-backdoor.rules) * 1:6136 <-> DISABLED <-> MALWARE-BACKDOOR clindestine 1.0 runtime detection - capture big screen (malware-backdoor.rules) * 1:6134 <-> DISABLED <-> MALWARE-BACKDOOR chupacabra 1.0 runtime detection - delete file (malware-backdoor.rules) * 1:6133 <-> DISABLED <-> MALWARE-BACKDOOR chupacabra 1.0 runtime detection - send messages (malware-backdoor.rules) * 1:6132 <-> DISABLED <-> MALWARE-BACKDOOR chupacabra 1.0 runtime detection - get user name (malware-backdoor.rules) * 1:6130 <-> DISABLED <-> MALWARE-BACKDOOR chupacabra 1.0 runtime detection - get computer name (malware-backdoor.rules) * 1:6128 <-> DISABLED <-> MALWARE-BACKDOOR dkangel runtime detection - icmp echo reply client-to-server (malware-backdoor.rules) * 1:6127 <-> DISABLED <-> MALWARE-BACKDOOR dkangel runtime detection - udp client-to-server (malware-backdoor.rules) * 1:6126 <-> DISABLED <-> MALWARE-BACKDOOR dkangel runtime detection - smtp (malware-backdoor.rules) * 1:6124 <-> DISABLED <-> MALWARE-BACKDOOR ambush 1.0 runtime detection - ping server-to-client (malware-backdoor.rules) * 1:6121 <-> DISABLED <-> MALWARE-BACKDOOR net runner runtime detection - download file server-to-client (malware-backdoor.rules) * 1:6119 <-> DISABLED <-> MALWARE-BACKDOOR net runner runtime detection - initial connection server-to-client (malware-backdoor.rules) * 1:6117 <-> DISABLED <-> MALWARE-BACKDOOR fore v1.0 beta runtime detection - init conn (malware-backdoor.rules) * 1:6115 <-> DISABLED <-> MALWARE-CNC optix 1.32 variant outbound connection icq notification (malware-cnc.rules) * 1:6114 <-> DISABLED <-> MALWARE-BACKDOOR optix 1.32 runtime detection - email notification (malware-backdoor.rules) * 1:6113 <-> DISABLED <-> MALWARE-BACKDOOR optix 1.32 runtime detection - init conn (malware-backdoor.rules) * 1:6110 <-> DISABLED <-> MALWARE-BACKDOOR forced entry v1.1 beta runtime detection (malware-backdoor.rules) * 1:6109 <-> DISABLED <-> MALWARE-BACKDOOR dagger v1.1.40 runtime detection (malware-backdoor.rules) * 1:6107 <-> DISABLED <-> MALWARE-BACKDOOR backage 3.1 runtime detection (malware-backdoor.rules) * 1:6106 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection - download file (malware-backdoor.rules) * 1:6104 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection - upload file (malware-backdoor.rules) * 1:6102 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection - execute command (malware-backdoor.rules) * 1:6100 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection - view content of directory (malware-backdoor.rules) * 1:6098 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection - check server (malware-backdoor.rules) * 1:6096 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection - get system info (malware-backdoor.rules) * 1:6094 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection - get drive info (malware-backdoor.rules) * 1:6092 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection - get harddisk info (malware-backdoor.rules) * 1:6090 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection - get memory info (malware-backdoor.rules) * 1:6088 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection - init connection (malware-backdoor.rules) * 1:6086 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - make directory (malware-backdoor.rules) * 1:6084 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - hide taskbar (malware-backdoor.rules) * 1:6082 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - show nude pic (malware-backdoor.rules) * 1:6080 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - show autospy (malware-backdoor.rules) * 1:6078 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - get information (malware-backdoor.rules) * 1:6076 <-> DISABLED <-> MALWARE-BACKDOOR amiboide uploader runtime detection - init connection (malware-backdoor.rules) * 1:6075 <-> DISABLED <-> MALWARE-BACKDOOR xhx 1.6 runtime detection - initial connection server-to-client (malware-backdoor.rules) * 1:6073 <-> DISABLED <-> MALWARE-BACKDOOR freak 1.0 runtime detection - initial connection server-to-client (malware-backdoor.rules) * 1:6071 <-> DISABLED <-> MALWARE-CNC freak 1.0 variant outbound connection icq notification (malware-cnc.rules) * 1:6070 <-> DISABLED <-> MALWARE-BACKDOOR freak 1.0 runtime detection - irc notification (malware-backdoor.rules) * 1:6069 <-> DISABLED <-> MALWARE-CNC optixlite 1.0 variant outbound connection icq notification (malware-cnc.rules) * 1:6066 <-> DISABLED <-> MALWARE-BACKDOOR optixlite 1.0 runtime detection - connection success server-to-client (malware-backdoor.rules) * 1:6064 <-> DISABLED <-> MALWARE-BACKDOOR schwindler 1.82 runtime detection (malware-backdoor.rules) * 1:6062 <-> DISABLED <-> MALWARE-BACKDOOR neurotickat1.3 runtime detection - initial connection (malware-backdoor.rules) * 1:6059 <-> DISABLED <-> MALWARE-CNC neurotickat1.3 variant outbound connection cgi notification (malware-cnc.rules) * 1:6058 <-> DISABLED <-> MALWARE-CNC neurotickat1.3 variant outbound connection icq notification (malware-cnc.rules) * 1:6054 <-> DISABLED <-> MALWARE-BACKDOOR fun factory runtime detection - do script remotely (malware-backdoor.rules) * 1:6052 <-> DISABLED <-> MALWARE-BACKDOOR fun factory runtime detection - set volume (malware-backdoor.rules) * 1:6050 <-> DISABLED <-> MALWARE-BACKDOOR fun factory runtime detection - upload (malware-backdoor.rules) * 1:6048 <-> DISABLED <-> MALWARE-BACKDOOR fun factory runtime detection - connect (malware-backdoor.rules) * 1:6046 <-> DISABLED <-> MALWARE-BACKDOOR fear 0.2 runtime detection - initial connection (malware-backdoor.rules) * 1:6043 <-> DISABLED <-> MALWARE-CNC fear 0.2 variant outbound connection cgi notification (malware-cnc.rules) * 1:6042 <-> DISABLED <-> MALWARE-CNC fear 0.2 variant outbound connection php notification (malware-cnc.rules) * 1:6039 <-> DISABLED <-> MALWARE-CNC fade 1.0 variant outbound connection notification (malware-cnc.rules) * 1:6037 <-> DISABLED <-> MALWARE-BACKDOOR netbus 1.7 runtime detection - email notification (malware-backdoor.rules) * 1:6035 <-> DISABLED <-> MALWARE-BACKDOOR minicommand runtime detection - initial connection server-to-client (malware-backdoor.rules) * 1:6029 <-> DISABLED <-> MALWARE-CNC fkwp 2.0 variant outbound connection icq notification (malware-cnc.rules) * 1:6028 <-> DISABLED <-> MALWARE-BACKDOOR cyberpaky runtime detection (malware-backdoor.rules) * 1:6026 <-> DISABLED <-> MALWARE-BACKDOOR dimbus 1.0 runtime detection - get pc info (malware-backdoor.rules) * 1:6024 <-> DISABLED <-> MALWARE-BACKDOOR nuclear rat v6_21 runtime detection (malware-backdoor.rules) * 1:6023 <-> DISABLED <-> MALWARE-CNC silent spy 2.10 variant outbound connection icq notification (malware-cnc.rules) * 1:6022 <-> DISABLED <-> MALWARE-BACKDOOR silent spy 2.10 command response port 4226 (malware-backdoor.rules) * 1:6021 <-> DISABLED <-> MALWARE-BACKDOOR silent spy 2.10 command response port 4225 (malware-backdoor.rules) * 1:6020 <-> DISABLED <-> MALWARE-CNC dsk lite 1.0 variant outbound connection php notification (malware-cnc.rules) * 1:6019 <-> DISABLED <-> MALWARE-CNC dsk lite 1.0 variant outbound connection cgi notification (malware-cnc.rules) * 1:6018 <-> DISABLED <-> MALWARE-CNC dsk lite 1.0 variant outbound connection icq notification (malware-cnc.rules) * 1:6017 <-> DISABLED <-> MALWARE-BACKDOOR dsk lite 1.0 runtime detection - disconnect (malware-backdoor.rules) * 1:6016 <-> DISABLED <-> MALWARE-BACKDOOR dsk lite 1.0 runtime detection - initial connection (malware-backdoor.rules) * 1:5958 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool ghostvoice 1.02 runtime detection - init connection with password requirement (malware-tools.rules) * 1:5956 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool ghostvoice 1.02 icq notification of server installation (malware-tools.rules) * 1:5876 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool eraser runtime detection - disinfect (malware-tools.rules) * 1:5875 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool eraser runtime detection - detonate (malware-tools.rules) * 1:5839 <-> DISABLED <-> MALWARE-OTHER Trackware ucmore runtime detection - click sponsor/ad link (malware-other.rules) * 1:5823 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - view netstat (malware-tools.rules) * 1:5821 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - destory log (malware-tools.rules) * 1:5819 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - check status (malware-tools.rules) * 1:5816 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - destory redirection (malware-tools.rules) * 1:5814 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - create redirection (malware-tools.rules) * 1:5812 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - email notification (malware-tools.rules) * 1:5790 <-> DISABLED <-> MALWARE-OTHER Keylogger pc actmon pro runtime detection - smtp (malware-other.rules) * 1:5784 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwae urls browsed log (malware-other.rules) * 1:5783 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwae keystrokes log (malware-other.rules) * 1:5782 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwae word filtered echelon log (malware-other.rules) * 1:5781 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwae windows activity logs (malware-other.rules) * 1:5780 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwpe word filtered echelon log (malware-other.rules) * 1:5779 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwpe shell file logs (malware-other.rules) * 1:5778 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwpe windows activity logs (malware-other.rules) * 1:5777 <-> DISABLED <-> MALWARE-OTHER Keylogger gurl watcher runtime detection (malware-other.rules) * 1:5759 <-> DISABLED <-> MALWARE-OTHER Keylogger fearlesskeyspy runtime detection (malware-other.rules) * 1:5742 <-> DISABLED <-> MALWARE-OTHER Keylogger activitylogger runtime detection (malware-other.rules) * 1:40606 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:39529 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF WRAssembly ASLR bypass download attempt (file-office.rules) * 1:39528 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF WRAssembly ASLR bypass download attempt (file-office.rules) * 1:3636 <-> DISABLED <-> MALWARE-BACKDOOR Crazzy Net 5.0 connection established (malware-backdoor.rules) * 1:3635 <-> DISABLED <-> MALWARE-BACKDOOR Amanda 2.0 connection established (malware-backdoor.rules) * 1:3155 <-> DISABLED <-> MALWARE-BACKDOOR BackOrifice 2000 Inbound Traffic (malware-backdoor.rules) * 1:3064 <-> DISABLED <-> MALWARE-BACKDOOR Vampire 1.2 connection confirmation (malware-backdoor.rules) * 1:3016 <-> DISABLED <-> MALWARE-CNC Insane Network 4.0 connection port 63536 (malware-cnc.rules) * 1:3015 <-> DISABLED <-> MALWARE-CNC Insane Network 4.0 connection (malware-cnc.rules) * 1:3014 <-> DISABLED <-> MALWARE-CNC Asylum 0.1 connection (malware-cnc.rules) * 1:3012 <-> DISABLED <-> MALWARE-CNC RUX the Tick upload/execute arbitrary file (malware-cnc.rules) * 1:3011 <-> DISABLED <-> MALWARE-CNC RUX the Tick get system directory (malware-cnc.rules) * 1:3010 <-> DISABLED <-> MALWARE-CNC RUX the Tick get windows directory (malware-cnc.rules) * 1:26853 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer create-add range on DOM objects memory corruption attempt (browser-ie.rules) * 1:26852 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer create-add range on DOM objects memory corruption attempt (browser-ie.rules) * 1:24976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:24918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Turspy variant outbound connection (malware-cnc.rules) * 1:24917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Turspy variant outbound connection (malware-cnc.rules) * 1:24916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:24857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (malware-cnc.rules) * 1:24635 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Dycler variant outbound connection (malware-cnc.rules) * 1:24623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules) * 1:24586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Barkiofork variant outbound connection (malware-cnc.rules) * 1:24576 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Barus variant outbound connection (malware-cnc.rules) * 1:24569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:24567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Olmarik variant outbound connection (malware-cnc.rules) * 1:24565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msposer variant outbound connection (malware-cnc.rules) * 1:24562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules) * 1:24545 <-> DISABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client response (malware-backdoor.rules) * 1:24542 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Beystreet variant outbound connection (malware-cnc.rules) * 1:24541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Unebot variant outbound connection (malware-cnc.rules) * 1:24540 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Spy.Heur variant outbound connection attempt (malware-backdoor.rules) * 1:24529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Begman variant connection to cnc-server (malware-cnc.rules) * 1:24451 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quervar variant outbound connection (malware-cnc.rules) * 1:24450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tibeli variant outbound connection (malware-cnc.rules) * 1:24449 <-> DISABLED <-> MALWARE-CNC Java.Exploit.Agent variant outbound connection (malware-cnc.rules) * 1:24445 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules) * 1:24444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules) * 1:24443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules) * 1:24438 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mirage variant outbound connection (malware-cnc.rules) * 1:24437 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mirage variant outbound connection (malware-cnc.rules) * 1:24427 <-> DISABLED <-> MALWARE-OTHER Java.Trojan.Jacksbot jar download (malware-other.rules) * 1:24426 <-> DISABLED <-> MALWARE-OTHER Java.Trojan.Jacksbot class download (malware-other.rules) * 1:24420 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Misun variant outbound connection (malware-cnc.rules) * 1:24419 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24417 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:24416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:24405 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:24404 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO runtime detection (malware-backdoor.rules) * 1:24403 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO runtime detection (malware-backdoor.rules) * 1:24402 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO install time detection (malware-backdoor.rules) * 1:24400 <-> DISABLED <-> MALWARE-BACKDOOR Backdoor.Win32.Protos.A runtime detection (malware-backdoor.rules) * 1:24399 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mooochq variant outbound connection (malware-cnc.rules) * 1:24398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mooochq variant outbound connection (malware-cnc.rules) * 1:24385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules) * 1:24384 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules) * 1:24383 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dipwit outbound connection (malware-cnc.rules) * 1:24377 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.FakeAV.FakeAlert runtime detection (malware-backdoor.rules) * 1:24376 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.Delf.KDV runtime detection (malware-backdoor.rules) * 1:24374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Agent variant outbound connection (malware-cnc.rules) * 1:24373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Agent variant outbound connection (malware-cnc.rules) * 1:24369 <-> DISABLED <-> MALWARE-CNC Lizamoon sql injection campaign ur.php response detected (malware-cnc.rules) * 1:24368 <-> DISABLED <-> MALWARE-CNC Lizamoon sql injection campaign phone-home (malware-cnc.rules) * 1:24347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Bloropac variant outbound connection (malware-cnc.rules) * 1:24346 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:24345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drexonin variant outbound connection (malware-cnc.rules) * 1:24334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (malware-cnc.rules) * 1:24308 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Workir variant outbound connection (malware-cnc.rules) * 1:24307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Workir variant outbound connection (malware-cnc.rules) * 1:24288 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flexty variant outbound connection (malware-cnc.rules) * 1:24271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Bancos variant outbound connection (malware-cnc.rules) * 1:24191 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Raven variant outbound connection (malware-cnc.rules) * 1:24175 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lataa variant outbound connection (malware-cnc.rules) * 1:24174 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lataa variant outbound connection (malware-cnc.rules) * 1:24173 <-> DISABLED <-> MALWARE-BACKDOOR Trojan-Downloader.Win32.Doneltart.A runtime detection (malware-backdoor.rules) * 1:24123 <-> DISABLED <-> MALWARE-BACKDOOR Virus.Win32.Xpaj.A variant outbound connection (malware-backdoor.rules) * 1:24107 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a BMP file (malware-other.rules) * 1:24092 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Clisbot variant outbound connection (malware-cnc.rules) * 1:24082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules) * 1:24035 <-> DISABLED <-> MALWARE-CNC Downloader.Inject variant outbound connection (malware-cnc.rules) * 1:24016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Madon variant outbound connection - variant outbound connection (malware-cnc.rules) * 1:24014 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cbot variant outbound connection - inital contact (malware-cnc.rules) * 1:24013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cbot variant outbound connection - inital contact (malware-cnc.rules) * 1:24012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cbot variant outbound connection - inital contact (malware-cnc.rules) * 1:24011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransomer variant outbound connection (malware-cnc.rules) * 1:23977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Genome runtime update to cnc-server (malware-cnc.rules) * 1:23976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Genome initial variant outbound connection (malware-cnc.rules) * 1:23973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vampols variant inbound connection (malware-cnc.rules) * 1:23971 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kabwak variant outbound connection (malware-cnc.rules) * 1:23963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Runagry variant outbound connection (malware-cnc.rules) * 1:23955 <-> DISABLED <-> MALWARE-CNC Xhuna.A variant outbound connection (malware-cnc.rules) * 1:23953 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comfoo variant outbound connection (malware-cnc.rules) * 1:23952 <-> DISABLED <-> MALWARE-TOOLS Tors Hammer slow post flood attempt (malware-tools.rules) * 1:23949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TKcik variant outbound connection (malware-cnc.rules) * 1:23948 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sicisono variant outbound connection (malware-cnc.rules) * 1:23941 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Aharm variant outbound connection (malware-cnc.rules) * 1:23936 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zakahic variant outbound connection (malware-cnc.rules) * 1:23935 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zakahic variant outbound connection (malware-cnc.rules) * 1:23877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dtfanri variant outbound connection (malware-cnc.rules) * 1:23876 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scirib variant outbound connection (malware-cnc.rules) * 1:23794 <-> DISABLED <-> MALWARE-CNC known command and control traffic (malware-cnc.rules) * 1:23788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locotout variant outbound connection (malware-cnc.rules) * 1:23787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locotout variant outbound connection (malware-cnc.rules) * 1:23782 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus.kych variant outbound connection (malware-cnc.rules) * 1:23634 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kegotip variant outbound connection (malware-cnc.rules) * 1:23607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy.A outbound connection (malware-cnc.rules) * 1:23606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy.A outbound connection (malware-cnc.rules) * 1:23599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Slagent outgoing connection (malware-cnc.rules) * 1:23598 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Slagent outgoing connection (malware-cnc.rules) * 1:23597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.DHD variant outbound connection (malware-cnc.rules) * 1:23595 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Papras variant outbound connection (malware-cnc.rules) * 1:23594 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Papras variant outbound connection (malware-cnc.rules) * 1:23593 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler variant outbound connection (malware-cnc.rules) * 1:23495 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kugdifod.A variant outbound connection (malware-cnc.rules) * 1:23494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Onitab.A outbound connection (malware-cnc.rules) * 1:23483 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Georbot file download (malware-backdoor.rules) * 1:23469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules) * 1:23468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules) * 1:23449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Servstart.ax variant outbound connection (malware-cnc.rules) * 1:23448 <-> DISABLED <-> MALWARE-CNC Win.Worm.Psyokym variant outbound connection (malware-cnc.rules) * 1:23447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax.A variant outbound connection (malware-cnc.rules) * 1:23446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax.A variant outbound connection (malware-cnc.rules) * 1:23399 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Govdi.A variant outbound connection (malware-cnc.rules) * 1:23390 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Java.Arratomref variant outbound connection (malware-cnc.rules) * 1:23389 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Java.Arratomref variant outbound connection (malware-cnc.rules) * 1:23387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:23381 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Thoper.C runtime detection (malware-backdoor.rules) * 1:23380 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ventana initial variant outbound connection (malware-cnc.rules) * 1:23379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Leepload variant outbound connection (malware-cnc.rules) * 1:23378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sasfis variant outbound connection (malware-cnc.rules) * 1:23377 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sasfis variant outbound connection (malware-cnc.rules) * 1:23344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Harvso.A variant outbound connection (malware-cnc.rules) * 1:23343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:23340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nitol.B variant outbound connection (malware-cnc.rules) * 1:23339 <-> DISABLED <-> MALWARE-CNC Prier.A variant outbound connection (malware-cnc.rules) * 1:23336 <-> DISABLED <-> MALWARE-CNC Linfo.A variant outbound connection (malware-cnc.rules) * 1:23333 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker initial C&C checkin (malware-cnc.rules) * 1:23317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper initial variant outbound connection (malware-cnc.rules) * 1:23308 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Bucriv variant outbound connection (malware-cnc.rules) * 1:23306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stealer connect to server (malware-cnc.rules) * 1:23257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duojeen variant outbound connection (malware-cnc.rules) * 1:23255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duojeen variant outbound connection (malware-cnc.rules) * 1:23252 <-> DISABLED <-> MALWARE-CNC MacOS.MacKontrol variant outbound connection (malware-cnc.rules) * 1:23235 <-> DISABLED <-> MALWARE-CNC PBin.A runtime traffic detected (malware-cnc.rules) * 1:23234 <-> DISABLED <-> MALWARE-CNC Frethog.MK runtime traffic detected (malware-cnc.rules) * 1:23176 <-> DISABLED <-> MALWARE-CNC Donbot.A runtime traffic detected (malware-cnc.rules) * 1:23051 <-> DISABLED <-> MALWARE-CNC Dybalom.A runtime traffic detected (malware-cnc.rules) * 1:22953 <-> DISABLED <-> MALWARE-TOOLS Hulk denial of service attempt (malware-tools.rules) * 1:22001 <-> DISABLED <-> MALWARE-CNC Win.Worm.amna variant outbound connection (malware-cnc.rules) * 1:22000 <-> DISABLED <-> MALWARE-CNC Win.Worm.amna variant outbound connection (malware-cnc.rules) * 1:21998 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:21997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:21979 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nervos variant inbound connection (malware-backdoor.rules) * 1:21978 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nervos variant outbound connection (malware-backdoor.rules) * 1:21969 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Rebhip.A variant outbound connection type B (malware-backdoor.rules) * 1:21968 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Rebhip.A variant outbound connection type A (malware-backdoor.rules) * 1:21849 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - HTTP header redirecting to a SutraTDS (malware-other.rules) * 1:21848 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - page redirecting to a SutraTDS (malware-other.rules) * 1:21846 <-> DISABLED <-> MALWARE-CNC TDS Sutra - request in.cgi (malware-cnc.rules) * 1:21769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LogonInvader.a variant outbound connection (malware-cnc.rules) * 1:21528 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader keep-alive connection detection (malware-cnc.rules) * 1:21527 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader registration connection detection (malware-cnc.rules) * 1:21521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayrob update connection (malware-cnc.rules) * 1:21520 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayrob variant outbound connection (malware-cnc.rules) * 1:21511 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vaxpy variant outbound connection (malware-cnc.rules) * 1:21497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saeeka variant outbound connection (malware-cnc.rules) * 1:21496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saeeka variant outbound connection (malware-cnc.rules) * 1:21477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Noobot variant outbound connection (malware-cnc.rules) * 1:21473 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GameThief variant outbound connection (malware-cnc.rules) * 1:21466 <-> DISABLED <-> MALWARE-CNC Autorun.BDS runtime traffic detected (malware-cnc.rules) * 1:21464 <-> DISABLED <-> MALWARE-CNC Downloader-CEW.b runtime traffic detected (malware-cnc.rules) * 1:21444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TDSS variant outbound connection (malware-cnc.rules) * 1:21416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankpatch authentication string detected (malware-cnc.rules) * 1:21391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.dcac runtime traffic detected (malware-cnc.rules) * 1:21390 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agobot.dl runtime traffic detected (malware-cnc.rules) * 1:21386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wadolin.A runtime traffic detected (malware-cnc.rules) * 1:21384 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuqel.Q host freewebs.com runtime traffic detected (malware-cnc.rules) * 1:21383 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuqel.Q host 9999mb.com runtime traffic detected (malware-cnc.rules) * 1:21382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuqel.Q host setting3.yeahost.com runtime traffic detected (malware-cnc.rules) * 1:21381 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dialer.ngb runtime traffic detected (malware-cnc.rules) * 1:21379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Genome.Amqj runtime traffic detected (malware-cnc.rules) * 1:21376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Microjoin activity detected (malware-cnc.rules) * 1:21374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bifrose.EF runtime traffic detected (malware-cnc.rules) * 1:21373 <-> DISABLED <-> MALWARE-CNC Malware Defense runtime traffic detected (malware-cnc.rules) * 1:21372 <-> DISABLED <-> MALWARE-CNC Malware Defense runtime traffic detected (malware-cnc.rules) * 1:21369 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wallop.de runtime traffic detected (malware-cnc.rules) * 1:21368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wallop.de runtime traffic detected (malware-cnc.rules) * 1:21367 <-> DISABLED <-> MALWARE-CNC Win32 VB.abcl runtime traffic detected (malware-cnc.rules) * 1:21366 <-> DISABLED <-> MALWARE-CNC DOQ.gen.y INSTALL traffic detected (malware-cnc.rules) * 1:21365 <-> DISABLED <-> MALWARE-CNC DOQ.gen.y RUNTIME traffic detected (malware-cnc.rules) * 1:21364 <-> DISABLED <-> MALWARE-CNC DOQ.gen.y RUNTIME traffic detected (malware-cnc.rules) * 1:21362 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TDSS.aa runtime traffic detected (malware-cnc.rules) * 1:21361 <-> DISABLED <-> MALWARE-CNC Worm.Win32.TDownland.ca runtime traffic detected (malware-cnc.rules) * 1:21360 <-> DISABLED <-> MALWARE-CNC Win32 Agent.dbzx runtime traffic detected (malware-cnc.rules) * 1:21359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.jju runtime traffic detected (malware-cnc.rules) * 1:21303 <-> DISABLED <-> MALWARE-CNC Win32 Initor.ag runtime traffic detected (malware-cnc.rules) * 1:21294 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancodor.be runtime traffic detected (malware-cnc.rules) * 1:21277 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shexie.A runtime traffic detected (malware-cnc.rules) * 1:21274 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tusha variant runtime traffic detected (malware-cnc.rules) * 1:21273 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tusha variant runtime traffic detected (malware-cnc.rules) * 1:21250 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBasddsa.A runtime traffic detected (malware-cnc.rules) * 1:21249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBasddsa.A runtime traffic detected (malware-cnc.rules) * 1:21218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodager.C variant outbound connection (malware-cnc.rules) * 1:21145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neraweq.A runtime traffic detected (malware-cnc.rules) * 1:21144 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot.PKJ runtime traffic detected (malware-cnc.rules) * 1:21143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot.PKJ runtime traffic detected (malware-cnc.rules) * 1:21142 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot.PKJ runtime traffic detected (malware-cnc.rules) * 1:21128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dromedan.A runtime traffic detected (malware-cnc.rules) * 1:21127 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Setfic.A runtime traffic detected (malware-cnc.rules) * 1:21126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koutodoor.C runtime traffic detected (malware-cnc.rules) * 1:21125 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alureon.DG runtime traffic detected (malware-cnc.rules) * 1:21124 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Opachki.A runtime traffic detected (malware-cnc.rules) * 1:21123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flymux.A runtime traffic detected (malware-cnc.rules) * 1:21122 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bandok.zp runtime traffic detected (malware-cnc.rules) * 1:21087 <-> DISABLED <-> MALWARE-CNC Bindow.Worm runtime traffic detected (malware-cnc.rules) * 1:21058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AutoIt.pm runtime traffic detected (malware-cnc.rules) * 1:21028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Usinec connect to server (malware-cnc.rules) * 1:20892 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Skopvel.A runtime traffic detected (malware-cnc.rules) * 1:20891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.adbp runtime traffic detected (malware-cnc.rules) * 1:20890 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.adbp runtime traffic detected (malware-cnc.rules) * 1:20877 <-> DISABLED <-> MALWARE-CNC RunTime Worm.Win32.Warezov.gs variant outbound connection (malware-cnc.rules) * 1:20844 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.smxy runtime traffic detected (malware-cnc.rules) * 1:20838 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smokebot.A runtime traffic detected (malware-cnc.rules) * 1:20836 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy.A runtime traffic detected (malware-cnc.rules) * 1:20627 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shylock.A C&C server response (malware-cnc.rules) * 1:20626 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shylock.A variant outbound connection (malware-cnc.rules) * 1:20606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Domsingx.A variant outbound connection (malware-cnc.rules) * 1:20447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.JAAK variant outbound connection (malware-cnc.rules) * 1:20435 <-> DISABLED <-> MALWARE-CNC TrojanSpy Win.Trojan.Zbot.Svr runtime traffic detected (malware-cnc.rules) * 1:20234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ceckno.cmz runtime traffic detected (malware-cnc.rules) * 1:20233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut variant outbound connection (malware-cnc.rules) * 1:20205 <-> DISABLED <-> MALWARE-CNC Win32/Poison beaconing request (malware-cnc.rules) * 1:20069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.alhq runtime traffic detected (malware-cnc.rules) * 1:20068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jetilms.A runtime activity detected (malware-cnc.rules) * 1:20067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Zatvex.A runtime traffic detected (malware-cnc.rules) * 1:20066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 SensLiceld.A runtime traffic detected (malware-cnc.rules) * 1:20064 <-> DISABLED <-> MALWARE-CNC Malware Win.Trojan.Clemag.A variant outbound connection (malware-cnc.rules) * 1:20057 <-> DISABLED <-> MALWARE-CNC BitCoin Miner IP query (malware-cnc.rules) * 1:20038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cve runtime traffic detected (malware-cnc.rules) * 1:20037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cve runtime traffic detected (malware-cnc.rules) * 1:20036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Agent.ndau runtime traffic detected (malware-cnc.rules) * 1:20035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Coinbit.A runtime traffic detected (malware-cnc.rules) * 1:20010 <-> DISABLED <-> MALWARE-CNC Win32/Babmote.A runtime TCP traffic detected (malware-cnc.rules) * 1:20008 <-> DISABLED <-> MALWARE-CNC Malware PDFMarca.A runtime traffic detected (malware-cnc.rules) * 1:19981 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micstus.A runtime traffic detected (malware-cnc.rules) * 1:19980 <-> DISABLED <-> MALWARE-CNC IRCBot runtime traffic detected (malware-cnc.rules) * 1:19979 <-> DISABLED <-> MALWARE-CNC IRCBot runtime traffic detected (malware-cnc.rules) * 1:19964 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:19957 <-> DISABLED <-> MALWARE-CNC Arabian-Attacker 1.1.0 variant outbound connection (malware-cnc.rules) * 1:19727 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos.DI variant outbound connection (malware-cnc.rules) * 1:19726 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poison variant outbound connection (malware-cnc.rules) * 1:19725 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poison variant outbound connection (malware-cnc.rules) * 1:19724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:19557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shark.ag variant outbound connection (malware-cnc.rules) * 1:19556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Homa variant outbound connection (malware-cnc.rules) * 1:19555 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small variant outbound connection (malware-cnc.rules) * 1:19554 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeav Antivirus Xp Pro variant outbound connection (malware-cnc.rules) * 1:19551 <-> DISABLED <-> MALWARE-OTHER self-signed SSL certificate with default Internet Widgits Pty Ltd organization name (malware-other.rules) * 1:19370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.D variant outbound connection (malware-cnc.rules) * 1:19369 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.D variant outbound connection (malware-cnc.rules) * 1:19368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.D variant outbound connection (malware-cnc.rules) * 1:19367 <-> DISABLED <-> MALWARE-CNC Win.Worm.Vaubeg.A variant outbound connection (malware-cnc.rules) * 1:19366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HXWAN.A variant outbound connection (malware-cnc.rules) * 1:19362 <-> DISABLED <-> MALWARE-OTHER generic IRC botnet connection (malware-other.rules) * 1:19354 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Agent.bhxn variant outbound connection (malware-backdoor.rules) * 1:19352 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small.D variant outbound connection (malware-cnc.rules) * 1:19346 <-> DISABLED <-> MALWARE-CNC Additional Guard variant outbound connection (malware-cnc.rules) * 1:19345 <-> DISABLED <-> MALWARE-CNC REAnti variant outbound connection (malware-cnc.rules) * 1:19344 <-> DISABLED <-> MALWARE-CNC AntiMalware Pro variant outbound connection (malware-cnc.rules) * 1:19343 <-> DISABLED <-> MALWARE-CNC Adware Pro variant outbound connection (malware-cnc.rules) * 1:19342 <-> DISABLED <-> MALWARE-CNC Adware Professional variant outbound connection (malware-cnc.rules) * 1:19341 <-> DISABLED <-> MALWARE-CNC Worm MSIL.AiO.a variant outbound connection (malware-cnc.rules) * 1:19340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeav TREAntivirus variant outbound connection (malware-cnc.rules) * 1:19135 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Buterat Checkin (malware-backdoor.rules) * 1:19062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakePlus variant outbound connection (malware-cnc.rules) * 1:19050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra.fxe variant outbound connection (malware-cnc.rules) * 1:19048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkness variant outbound connection (malware-cnc.rules) * 1:19045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos.XQ variant outbound connection (malware-cnc.rules) * 1:19042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.ACQE variant outbound connection (malware-cnc.rules) * 1:18979 <-> DISABLED <-> MALWARE-CNC Worm.Win32.AutoRun.fmo variant outbound connection (malware-cnc.rules) * 1:18978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pasta.aoq variant outbound connection (malware-cnc.rules) * 1:18739 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Koobface.D variant outbound connection (malware-cnc.rules) * 1:18724 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.ZeroClean variant outbound connection (malware-cnc.rules) * 1:18718 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.AdvancedDefender variant outbound connection (malware-cnc.rules) * 1:18717 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.QO variant outbound connection (malware-cnc.rules) * 1:18716 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.H variant outbound connection (malware-cnc.rules) * 1:18712 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.XJRAntivirus variant outbound connection (malware-cnc.rules) * 1:18711 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.SecurityCentral variant outbound connection (malware-cnc.rules) * 1:18709 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.aufm variant outbound connection (malware-cnc.rules) * 1:18708 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.AntivirusSoft variant outbound connection (malware-cnc.rules) * 1:18707 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.ControlCenter variant outbound connection (malware-cnc.rules) * 1:18577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.agum variant outbound connection (malware-cnc.rules) * 1:18562 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.LivePcCare variant outbound connection (malware-cnc.rules) * 1:17058 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.JS.Agent.ewh Javascript download (malware-cnc.rules) * 1:16804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot.E - initial load (malware-cnc.rules) * 1:16558 <-> DISABLED <-> MALWARE-CNC SdBot IRC Win.Trojan.server to client communication (malware-cnc.rules) * 1:16483 <-> DISABLED <-> MALWARE-CNC Koobface worm submission of collected data to C&C server (malware-cnc.rules) * 1:16442 <-> DISABLED <-> MALWARE-CNC Possible Zeus User-Agent - Mozilla (malware-cnc.rules) * 1:16441 <-> DISABLED <-> MALWARE-CNC Possible Zeus User-Agent - Download (malware-cnc.rules) * 1:16440 <-> DISABLED <-> MALWARE-CNC Possible Zeus User-Agent - ie (malware-cnc.rules) * 1:16439 <-> DISABLED <-> MALWARE-CNC Possible Zeus User-Agent - _TEST_ (malware-cnc.rules) * 1:16140 <-> DISABLED <-> MALWARE-CNC torpig-mebroot command and control checkin (malware-cnc.rules) * 1:16098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.cekar variant outbound connection (malware-cnc.rules) * 1:15297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankpatch report home (malware-cnc.rules) * 1:15296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankpatch malicious file download (malware-cnc.rules) * 1:15295 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankpatch configuration download (malware-cnc.rules) * 1:13953 <-> DISABLED <-> MALWARE-CNC Asprox trojan initial query (malware-cnc.rules) * 1:12166 <-> DISABLED <-> MALWARE-CNC lithium 1.02 variant outbound connection (malware-cnc.rules) * 1:11323 <-> DISABLED <-> MALWARE-BACKDOOR sohoanywhere runtime detection (malware-backdoor.rules) * 1:11321 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - udp broadcast (malware-backdoor.rules) * 1:11320 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - reverse mode init connection request (malware-backdoor.rules) * 1:11319 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - init connection request (malware-backdoor.rules) * 1:11318 <-> DISABLED <-> MALWARE-BACKDOOR boer runtime detection - init connection (malware-backdoor.rules) * 1:11317 <-> DISABLED <-> MALWARE-BACKDOOR abremote pro 3.1 runtime detection - init connection (malware-backdoor.rules) * 1:11316 <-> DISABLED <-> MALWARE-BACKDOOR lurker 1.1 runtime detection - init connection (malware-backdoor.rules) * 1:11314 <-> DISABLED <-> MALWARE-BACKDOOR shadownet remote spy 2.0 runtime detection (malware-backdoor.rules) * 1:11312 <-> DISABLED <-> MALWARE-OTHER Trackware uplink runtime detection (malware-other.rules) * 1:11311 <-> DISABLED <-> MALWARE-OTHER Keylogger pcsentinelsoftware Keylogger runtime detection - upload infor (malware-other.rules) * 1:11309 <-> DISABLED <-> MALWARE-OTHER Keylogger sskc v2.0 runtime detection (malware-other.rules) * 1:11307 <-> DISABLED <-> MALWARE-OTHER Keylogger computer monitor Keylogger runtime detection (malware-other.rules) * 1:10463 <-> DISABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - explorer (malware-backdoor.rules) * 1:10461 <-> DISABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - get system info (malware-backdoor.rules) * 1:10459 <-> DISABLED <-> MALWARE-BACKDOOR wineggdrop shell pro runtime detection - init connection (malware-backdoor.rules) * 1:10458 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 or illusion runtime detection - open file manager (malware-backdoor.rules) * 1:10457 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - start keylogger (malware-backdoor.rules) * 1:10456 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (malware-backdoor.rules) * 1:10454 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - init connection (malware-backdoor.rules) * 1:10453 <-> DISABLED <-> MALWARE-BACKDOOR zalivator 1.4.2 pro runtime detection - smtp notification (malware-backdoor.rules) * 1:10451 <-> DISABLED <-> MALWARE-BACKDOOR only 1 rat runtime detection - control command (malware-backdoor.rules) * 1:10449 <-> DISABLED <-> MALWARE-BACKDOOR acid shivers runtime detection - init telnet connection (malware-backdoor.rules) * 1:10448 <-> DISABLED <-> MALWARE-BACKDOOR acessor 2.0 runtime detection - init connection (malware-backdoor.rules) * 1:10447 <-> DISABLED <-> MALWARE-CNC 51d 1b variant outbound connection icq notification (malware-cnc.rules) * 1:10446 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - get server info (malware-backdoor.rules) * 1:10445 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - get password (malware-backdoor.rules) * 1:10444 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - open ftp serice (malware-backdoor.rules) * 1:10443 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - sniff info (malware-backdoor.rules) * 1:10442 <-> DISABLED <-> MALWARE-BACKDOOR nirvana 2.0 runtime detection - explore c drive (malware-backdoor.rules) * 1:10441 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool statwin runtime detection (malware-tools.rules) * 1:10440 <-> DISABLED <-> MALWARE-OTHER Keylogger pc black box runtime detection (malware-other.rules) * 1:10436 <-> DISABLED <-> MALWARE-OTHER Keylogger keyspy runtime detection (malware-other.rules) * 1:10435 <-> DISABLED <-> MALWARE-OTHER Trackware admedia runtime detection (malware-other.rules) * 1:10197 <-> DISABLED <-> MALWARE-BACKDOOR Wordpress backdoor theme.php code execution (malware-backdoor.rules) * 1:10196 <-> DISABLED <-> MALWARE-BACKDOOR Wordpress backdoor feed.php code execution (malware-backdoor.rules) * 1:10185 <-> DISABLED <-> MALWARE-BACKDOOR x-door runtime detection (malware-backdoor.rules) * 1:10184 <-> DISABLED <-> MALWARE-BACKDOOR wow 23 runtime detection (malware-backdoor.rules) * 1:10183 <-> DISABLED <-> MALWARE-OTHER Keylogger activity Keylogger runtime detection (malware-other.rules) * 1:10181 <-> DISABLED <-> MALWARE-OTHER Keylogger systemsleuth runtime detection (malware-other.rules) * 1:10169 <-> DISABLED <-> MALWARE-BACKDOOR matrix 1.03 by mtronic runtime detection - init connection (malware-backdoor.rules) * 1:10168 <-> DISABLED <-> MALWARE-BACKDOOR one runtime detection (malware-backdoor.rules) * 1:10166 <-> DISABLED <-> MALWARE-OTHER Trackware baigoo runtime detection (malware-other.rules) * 1:10165 <-> DISABLED <-> MALWARE-OTHER Keylogger mybr Keylogger runtime detection (malware-other.rules) * 1:10112 <-> DISABLED <-> MALWARE-BACKDOOR rix3 1.0 runtime detection - init connection (malware-backdoor.rules) * 1:10109 <-> DISABLED <-> MALWARE-BACKDOOR k-msnrat 1.0.0 runtime detection - init connection (malware-backdoor.rules) * 1:10108 <-> DISABLED <-> MALWARE-BACKDOOR icmp cmd 1.0 runtime detection - pskill (malware-backdoor.rules) * 1:10107 <-> DISABLED <-> MALWARE-BACKDOOR icmp cmd 1.0 runtime detection - pslist (malware-backdoor.rules) * 1:10105 <-> DISABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection - retrieve pc info (malware-backdoor.rules) * 1:10102 <-> DISABLED <-> MALWARE-BACKDOOR crossfires trojan 3.0 runtime detection - chat with victim (malware-backdoor.rules) * 1:10101 <-> DISABLED <-> MALWARE-BACKDOOR crossfires trojan 3.0 runtime detection - delete file (malware-backdoor.rules) * 1:10100 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - open website (malware-other.rules) * 1:10098 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - get system info (malware-other.rules) * 1:10096 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - keylog (malware-other.rules) * 1:10095 <-> DISABLED <-> MALWARE-OTHER Trackware bydou runtime detection (malware-other.rules) * 1:10092 <-> DISABLED <-> MALWARE-OTHER Trackware russian searchbar runtime detection (malware-other.rules) * 1:10091 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool spylply.a runtime detection (malware-tools.rules) * 1:10089 <-> DISABLED <-> MALWARE-OTHER Keylogger beyond Keylogger runtime detection - log sent by ftp (malware-other.rules) * 1:10088 <-> DISABLED <-> MALWARE-OTHER Keylogger beyond Keylogger runtime detection - log sent by smtp (malware-other.rules) * 1:10083 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10082 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10081 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10080 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10079 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10078 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:7164 <-> DISABLED <-> MALWARE-OTHER Keylogger win-spy runtime detection - execute file server-to-client (malware-other.rules) * 1:7169 <-> DISABLED <-> MALWARE-OTHER Keylogger ab system spy runtime detection - information exchange (malware-other.rules) * 1:7176 <-> DISABLED <-> MALWARE-OTHER Keylogger ab system spy runtime detection - log retrieve (malware-other.rules) * 1:7177 <-> DISABLED <-> MALWARE-OTHER Keylogger ab system spy runtime detection - info send through email (malware-other.rules) * 1:7180 <-> DISABLED <-> MALWARE-OTHER Keylogger desktop detective 2000 runtime detection - init connection (malware-other.rules) * 1:7183 <-> DISABLED <-> MALWARE-CNC Snoopware barok variant outbound connection (malware-cnc.rules) * 1:7184 <-> DISABLED <-> MALWARE-OTHER Keylogger 007 spy software runtime detection - smtp (malware-other.rules) * 1:7185 <-> DISABLED <-> MALWARE-OTHER Keylogger 007 spy software runtime detection - ftp (malware-other.rules) * 1:7186 <-> DISABLED <-> MALWARE-OTHER Keylogger kgb Keylogger runtime detection (malware-other.rules) * 1:7189 <-> DISABLED <-> MALWARE-OTHER Trackware shopathome runtime detection - setcookie request (malware-other.rules) * 1:7504 <-> DISABLED <-> MALWARE-OTHER Keylogger actualspy runtime detection - ftp-data (malware-other.rules) * 1:7505 <-> DISABLED <-> MALWARE-OTHER Keylogger actualspy runtime detection - smtp (malware-other.rules) * 1:7507 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool coma runtime detection - init connection (malware-tools.rules) * 1:7509 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool coma runtime detection - ping (malware-tools.rules) * 1:7539 <-> DISABLED <-> MALWARE-OTHER Keylogger eye spy pro 1.0 runtime detection (malware-other.rules) * 1:7541 <-> DISABLED <-> MALWARE-OTHER Keylogger starlogger runtime detection (malware-other.rules) * 1:7542 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool mini oblivion runtime detection - successful init connection (malware-tools.rules) * 1:7546 <-> DISABLED <-> MALWARE-OTHER Keylogger PerfectKeylogger runtime detection (malware-other.rules) * 1:7547 <-> DISABLED <-> MALWARE-OTHER Keylogger activity monitor 3.8 runtime detection - agent status monitoring (malware-other.rules) * 1:7548 <-> DISABLED <-> MALWARE-OTHER Keylogger activity monitor 3.8 runtime detection - agent up notification (malware-other.rules) * 1:7549 <-> DISABLED <-> MALWARE-OTHER Keylogger activity monitor 3.8 runtime detection (malware-other.rules) * 1:7551 <-> DISABLED <-> MALWARE-OTHER Keylogger ardamax keylogger runtime detection - smtp (malware-other.rules) * 1:7552 <-> DISABLED <-> MALWARE-OTHER Keylogger ardamax keylogger runtime detection - ftp (malware-other.rules) * 1:7557 <-> DISABLED <-> MALWARE-OTHER Trackware purityscan runtime detection - start up (malware-other.rules) * 1:7558 <-> DISABLED <-> MALWARE-OTHER Trackware purityscan runtime detection - installation notify (malware-other.rules) * 1:7559 <-> DISABLED <-> MALWARE-OTHER Trackware purityscan runtime detection - track user activity and status (malware-other.rules) * 1:7560 <-> DISABLED <-> MALWARE-OTHER Trackware purityscan runtime detection - self update (malware-other.rules) * 1:7561 <-> DISABLED <-> MALWARE-OTHER Trackware purityscan runtime detection - opt out of interstitial advertising (malware-other.rules) * 1:7568 <-> DISABLED <-> MALWARE-OTHER Trackware webhancer runtime detection (malware-other.rules) * 1:7574 <-> DISABLED <-> MALWARE-OTHER Keylogger proagent 2.0 runtime detection (malware-other.rules) * 1:7586 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool clandestine runtime detection - image transferred (malware-tools.rules) * 1:7592 <-> DISABLED <-> MALWARE-OTHER Keylogger keylogger pro runtime detection (malware-other.rules) * 1:7597 <-> DISABLED <-> MALWARE-OTHER Keylogger spy lantern keylogger runtime detection (malware-other.rules) * 1:7605 <-> DISABLED <-> MALWARE-BACKDOOR katux 2.0 runtime detection - screen capture (malware-backdoor.rules) * 1:7607 <-> DISABLED <-> MALWARE-BACKDOOR katux 2.0 runtime detection - get system info (malware-backdoor.rules) * 1:7609 <-> DISABLED <-> MALWARE-BACKDOOR katux 2.0 runtime detection - chat (malware-backdoor.rules) * 1:7616 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.0 runtime detection - connection without password (malware-backdoor.rules) * 1:7619 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.0 runtime detection - connection request with password (malware-backdoor.rules) * 1:7623 <-> DISABLED <-> MALWARE-BACKDOOR remote control 1.7 runtime detection - connection request (malware-backdoor.rules) * 1:7624 <-> DISABLED <-> MALWARE-BACKDOOR remote control 1.7 runtime detection - data connection (malware-backdoor.rules) * 1:7629 <-> DISABLED <-> MALWARE-BACKDOOR skyrat show runtime detection - initial connection (malware-backdoor.rules) * 1:7630 <-> DISABLED <-> MALWARE-BACKDOOR helios 3.1 runtime detection - initial connection (malware-backdoor.rules) * 1:6160 <-> DISABLED <-> MALWARE-BACKDOOR delirium of disorder runtime detection - stop keylogger (malware-backdoor.rules) * 1:6161 <-> DISABLED <-> MALWARE-BACKDOOR furax 1.0 b2 runtime detection (malware-backdoor.rules) * 1:6165 <-> DISABLED <-> MALWARE-BACKDOOR psyrat 1.0 runtime detection (malware-backdoor.rules) * 1:6166 <-> DISABLED <-> MALWARE-BACKDOOR unicorn runtime detection - initial connection (malware-backdoor.rules) * 1:6168 <-> DISABLED <-> MALWARE-BACKDOOR unicorn runtime detection - set wallpaper server-to-client (malware-backdoor.rules) * 1:6170 <-> DISABLED <-> MALWARE-BACKDOOR digital rootbeer runtime detection (malware-backdoor.rules) * 1:6172 <-> DISABLED <-> MALWARE-BACKDOOR cookie monster 0.24 runtime detection - get version info (malware-backdoor.rules) * 1:6174 <-> DISABLED <-> MALWARE-BACKDOOR cookie monster 0.24 runtime detection - file explorer (malware-backdoor.rules) * 1:6175 <-> DISABLED <-> MALWARE-BACKDOOR cookie monster 0.24 runtime detection - kill kernel (malware-backdoor.rules) * 1:6176 <-> DISABLED <-> MALWARE-BACKDOOR guptachar 2.0 runtime detection (malware-backdoor.rules) * 1:6177 <-> DISABLED <-> MALWARE-BACKDOOR ultimate destruction runtime detection - kill process client-to-server (malware-backdoor.rules) * 1:6178 <-> DISABLED <-> MALWARE-BACKDOOR ultimate destruction runtime detection - kill windows client-to-server (malware-backdoor.rules) * 1:6179 <-> DISABLED <-> MALWARE-BACKDOOR bladerunner 0.80 runtime detection (malware-backdoor.rules) * 1:6181 <-> DISABLED <-> MALWARE-BACKDOOR netraider 0.0 runtime detection (malware-backdoor.rules) * 1:6190 <-> DISABLED <-> MALWARE-OTHER Keylogger eblaster 5.0 runtime detection (malware-other.rules) * 1:6205 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool freak 88 das runtime detection (malware-tools.rules) * 1:6206 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool sin stealer 1.1 runtime detection (malware-tools.rules) * 1:6207 <-> DISABLED <-> MALWARE-OTHER Keylogger winsession runtime detection - smtp (malware-other.rules) * 1:6208 <-> DISABLED <-> MALWARE-OTHER Keylogger winsession runtime detection - ftp (malware-other.rules) * 1:6220 <-> DISABLED <-> MALWARE-OTHER Keylogger boss everyware runtime detection (malware-other.rules) * 1:6221 <-> DISABLED <-> MALWARE-OTHER Keylogger computerspy runtime detection (malware-other.rules) * 1:6286 <-> DISABLED <-> MALWARE-BACKDOOR antilamer 1.1 runtime detection (malware-backdoor.rules) * 1:6287 <-> DISABLED <-> MALWARE-BACKDOOR fictional daemon 4.4 runtime detection - telent (malware-backdoor.rules) * 1:6288 <-> DISABLED <-> MALWARE-BACKDOOR fictional daemon 4.4 runtime detection - ftp (malware-backdoor.rules) * 1:6291 <-> DISABLED <-> MALWARE-CNC justjoke v2.6 variant outbound connection (malware-cnc.rules) * 1:6292 <-> DISABLED <-> MALWARE-BACKDOOR joker ddos v1.0.1 runtime detection - initial connection (malware-backdoor.rules) * 1:6295 <-> DISABLED <-> MALWARE-BACKDOOR joker ddos v1.0.1 runtime detection - bomb (malware-backdoor.rules) * 1:6296 <-> DISABLED <-> MALWARE-CNC insurrection 1.1.0 variant outbound connection icq notification 1 (malware-cnc.rules) * 1:6297 <-> DISABLED <-> MALWARE-CNC insurrection 1.1.0 variant outbound connection icq notification 2 (malware-cnc.rules) * 1:6298 <-> DISABLED <-> MALWARE-BACKDOOR insurrection 1.1.0 runtime detection - reverse connection (malware-backdoor.rules) * 1:6299 <-> DISABLED <-> MALWARE-BACKDOOR insurrection 1.1.0 runtime detection - initial connection (malware-backdoor.rules) * 1:6300 <-> DISABLED <-> MALWARE-CNC cia 1.3 variant outbound connection icq notification (malware-cnc.rules) * 1:6301 <-> DISABLED <-> MALWARE-BACKDOOR cia 1.3 runtime detection - smtp notification (malware-backdoor.rules) * 1:6303 <-> DISABLED <-> MALWARE-BACKDOOR cia runtime detection - initial connection (malware-backdoor.rules) * 1:6305 <-> DISABLED <-> MALWARE-BACKDOOR softwar shadowthief runtime detection - initial connection (malware-backdoor.rules) * 1:6306 <-> DISABLED <-> MALWARE-BACKDOOR shit heep runtime detection (malware-backdoor.rules) * 1:6308 <-> DISABLED <-> MALWARE-BACKDOOR lamespy runtime detection - initial connection (malware-backdoor.rules) * 1:6311 <-> DISABLED <-> MALWARE-BACKDOOR net demon runtime detection - initial connection - password accepted (malware-backdoor.rules) * 1:6313 <-> DISABLED <-> MALWARE-BACKDOOR net demon runtime detection - message response (malware-backdoor.rules) * 1:6315 <-> DISABLED <-> MALWARE-BACKDOOR net demon runtime detection - open browser response (malware-backdoor.rules) * 1:6317 <-> DISABLED <-> MALWARE-BACKDOOR net demon runtime detection - file manager response (malware-backdoor.rules) * 1:6318 <-> DISABLED <-> MALWARE-BACKDOOR rtb666 runtime detection (malware-backdoor.rules) * 1:6321 <-> DISABLED <-> MALWARE-BACKDOOR ptakks2.1 runtime detection - keepalive acknowledgement (malware-backdoor.rules) * 1:6322 <-> DISABLED <-> MALWARE-BACKDOOR ptakks2.1 runtime detection - command pattern (malware-backdoor.rules) * 1:6324 <-> DISABLED <-> MALWARE-BACKDOOR 3xBackdoor runtime detection (malware-backdoor.rules) * 1:6325 <-> DISABLED <-> MALWARE-BACKDOOR fucktrojan 1.2 runtime detection - initial connection (malware-backdoor.rules) * 1:6327 <-> DISABLED <-> MALWARE-BACKDOOR fucktrojan 1.2 runtime detection - flood (malware-backdoor.rules) * 1:6328 <-> DISABLED <-> MALWARE-BACKDOOR commando runtime detection - initial connection (malware-backdoor.rules) * 1:6330 <-> DISABLED <-> MALWARE-BACKDOOR commando runtime detection - chat server-to-client (malware-backdoor.rules) * 1:6331 <-> DISABLED <-> MALWARE-CNC globalkiller1.0 variant outbound connection notification (malware-cnc.rules) * 1:6332 <-> DISABLED <-> MALWARE-BACKDOOR globalkiller1.0 runtime detection - initial connection (malware-backdoor.rules) * 1:6333 <-> DISABLED <-> MALWARE-BACKDOOR wincrash 2.0 runtime detection (malware-backdoor.rules) * 1:6334 <-> DISABLED <-> MALWARE-BACKDOOR backlash runtime detection (malware-backdoor.rules) * 1:6336 <-> DISABLED <-> MALWARE-BACKDOOR buttman v0.9p runtime detection - remote control (malware-backdoor.rules) * 1:6338 <-> DISABLED <-> MALWARE-BACKDOOR hatredfriend file manage command (malware-backdoor.rules) * 1:6339 <-> DISABLED <-> MALWARE-BACKDOOR hatredfriend email notification detection (malware-backdoor.rules) * 1:6340 <-> DISABLED <-> MALWARE-OTHER Keylogger handy keylogger runtime detection (malware-other.rules) * 1:6365 <-> DISABLED <-> MALWARE-OTHER Sony rootkit runtime detection (malware-other.rules) * 1:6383 <-> DISABLED <-> MALWARE-OTHER Keylogger stealthwatcher 2000 runtime detection - tcp connection setup (malware-other.rules) * 1:6384 <-> DISABLED <-> MALWARE-OTHER Keylogger stealthwatcher 2000 runtime detection - agent discover broadcast (malware-other.rules) * 1:6385 <-> DISABLED <-> MALWARE-OTHER Keylogger stealthwatcher 2000 runtime detection - agent status monitoring (malware-other.rules) * 1:6386 <-> DISABLED <-> MALWARE-OTHER Keylogger stealthwatcher 2000 runtime detection - agent up notification (malware-other.rules) * 1:6395 <-> DISABLED <-> MALWARE-CNC a-311 death variant outbound connection server-to-client (malware-cnc.rules) * 1:6396 <-> DISABLED <-> MALWARE-CNC a-311 death user-agent string detected (malware-cnc.rules) * 1:6397 <-> DISABLED <-> MALWARE-BACKDOOR http rat runtime detection - smtp (malware-backdoor.rules) * 1:6398 <-> DISABLED <-> MALWARE-BACKDOOR http rat runtime detection - http (malware-backdoor.rules) * 1:6399 <-> DISABLED <-> MALWARE-BACKDOOR rad 1.2.3 runtime detection (malware-backdoor.rules) * 1:6401 <-> DISABLED <-> MALWARE-BACKDOOR snowdoor runtime detection server-to-client (malware-backdoor.rules) * 1:6402 <-> DISABLED <-> MALWARE-BACKDOOR netangel connection client-to-server (malware-backdoor.rules) * 1:6473 <-> DISABLED <-> MALWARE-BACKDOOR bugs runtime detection - file manager server-to-client (malware-backdoor.rules) * 1:6474 <-> DISABLED <-> MALWARE-CNC Win.Trojan.loosky.gen variant outbound connection notification (malware-cnc.rules) * 1:6476 <-> DISABLED <-> MALWARE-BACKDOOR badrat 1.1 runtime detection (malware-backdoor.rules) * 1:6477 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool beee runtime detection - smtp (malware-tools.rules) * 1:6492 <-> DISABLED <-> MALWARE-BACKDOOR Trickler Backdoor-BAC.gen.e runtime detection - notification (malware-backdoor.rules) * 1:6493 <-> DISABLED <-> MALWARE-BACKDOOR Trickler Backdoor-BAC.gen.e runtime detection - post data (malware-backdoor.rules) * 1:6498 <-> DISABLED <-> MALWARE-BACKDOOR exploiter 1.0 runtime detection (malware-backdoor.rules) * 1:7057 <-> DISABLED <-> MALWARE-BACKDOOR charon runtime detection - initial connection (malware-backdoor.rules) * 1:7060 <-> DISABLED <-> MALWARE-BACKDOOR charon runtime detection - download file/log (malware-backdoor.rules) * 1:7064 <-> DISABLED <-> MALWARE-BACKDOOR cybernetic 1.62 runtime detection - email notification (malware-backdoor.rules) * 1:7068 <-> DISABLED <-> MALWARE-BACKDOOR delta source 0.5 beta runtime detection - ping (malware-backdoor.rules) * 1:7069 <-> DISABLED <-> MALWARE-BACKDOOR delta source 0.5 beta runtime detection - pc info (malware-backdoor.rules) * 1:7072 <-> DISABLED <-> MALWARE-BACKDOOR fraggle rock 2.0 lite runtime detection - pc info (malware-backdoor.rules) * 1:7073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.dumaru.gen variant outbound connection notification (malware-cnc.rules) * 1:7074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.dumaru.gen variant outbound connection cmd (malware-cnc.rules) * 1:7075 <-> DISABLED <-> MALWARE-BACKDOOR bandook 1.0 runtime detection (malware-backdoor.rules) * 1:7076 <-> DISABLED <-> MALWARE-CNC minimo v0.6 variant outbound connection cgi notification (malware-cnc.rules) * 1:7077 <-> DISABLED <-> MALWARE-CNC minimo v0.6 variant outbound connection icq notification (malware-cnc.rules) * 1:7081 <-> DISABLED <-> MALWARE-BACKDOOR up and run v1.0 beta runtime detection (malware-backdoor.rules) * 1:7084 <-> DISABLED <-> MALWARE-BACKDOOR erazer v1.1 runtime detection - sin notification (malware-backdoor.rules) * 1:7086 <-> DISABLED <-> MALWARE-BACKDOOR erazer v1.1 runtime detection - init connection (malware-backdoor.rules) * 1:7103 <-> DISABLED <-> MALWARE-CNC gwboy 0.92 variant outbound connection (malware-cnc.rules) * 1:7120 <-> DISABLED <-> MALWARE-BACKDOOR y3k 1.2 runtime detection - init connection 1 (malware-backdoor.rules) * 1:7122 <-> DISABLED <-> MALWARE-BACKDOOR y3k 1.2 runtime detection - init connection 2 (malware-backdoor.rules) * 1:7146 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool sars notifier runtime detection - sin notification (malware-tools.rules) * 1:7147 <-> DISABLED <-> MALWARE-CNC Hacker-Tool sars notifier variant outbound connection icq notification (malware-cnc.rules) * 1:7148 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool sars notifier runtime detection - cgi notification (malware-tools.rules) * 1:7149 <-> DISABLED <-> MALWARE-CNC Hacker-Tool sars notifier variant outbound connection php notification (malware-cnc.rules) * 1:7150 <-> DISABLED <-> MALWARE-CNC Hacker-Tool sars notifier variant outbound connection irc notification (malware-cnc.rules) * 1:7151 <-> DISABLED <-> MALWARE-CNC Hacker-Tool sars notifier variant outbound connection net send notification (malware-cnc.rules) * 1:7154 <-> DISABLED <-> MALWARE-OTHER Keylogger active keylogger home runtime detection (malware-other.rules) * 1:7156 <-> DISABLED <-> MALWARE-OTHER Keylogger win-spy runtime detection - email delivery (malware-other.rules) * 1:7158 <-> DISABLED <-> MALWARE-OTHER Keylogger win-spy runtime detection - remote conn server-to-client (malware-other.rules) * 1:7160 <-> DISABLED <-> MALWARE-OTHER Keylogger win-spy runtime detection - upload file server-to-client (malware-other.rules) * 1:7162 <-> DISABLED <-> MALWARE-OTHER Keylogger win-spy runtime detection - download file server-to-client (malware-other.rules) * 1:7632 <-> DISABLED <-> MALWARE-BACKDOOR hornet 1.0 runtime detection - fetch system info (malware-backdoor.rules) * 1:7634 <-> DISABLED <-> MALWARE-BACKDOOR hornet 1.0 runtime detection - irc connection (malware-backdoor.rules) * 1:7636 <-> DISABLED <-> MALWARE-BACKDOOR hornet 1.0 runtime detection - fetch processes list (malware-backdoor.rules) * 1:7637 <-> DISABLED <-> MALWARE-CNC hornet 1.0 variant outbound connection icq notification (malware-cnc.rules) * 1:7638 <-> DISABLED <-> MALWARE-BACKDOOR Win.Exploit.Backdoor ncph runtime detection - initial connection (malware-backdoor.rules) * 1:7639 <-> DISABLED <-> MALWARE-CNC air variant outbound connection php notification (malware-cnc.rules) * 1:7640 <-> DISABLED <-> MALWARE-CNC air variant outbound connection webmail notification (malware-cnc.rules) * 1:7641 <-> DISABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client-to-server (malware-backdoor.rules) * 1:7642 <-> DISABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client response (malware-backdoor.rules) * 1:7644 <-> DISABLED <-> MALWARE-BACKDOOR ullysse runtime detection - client-to-server (malware-backdoor.rules) * 1:7646 <-> DISABLED <-> MALWARE-BACKDOOR snipernet 2.1 runtime detection (malware-backdoor.rules) * 1:7658 <-> DISABLED <-> MALWARE-BACKDOOR jodeitor 1.1 runtime detection - initial connection (malware-backdoor.rules) * 1:7659 <-> DISABLED <-> MALWARE-BACKDOOR lan filtrator 1.1 runtime detection - sin notification (malware-backdoor.rules) * 1:7661 <-> DISABLED <-> MALWARE-BACKDOOR lan filtrator 1.1 runtime detection - initial connection request (malware-backdoor.rules) * 1:7663 <-> DISABLED <-> MALWARE-BACKDOOR snid x2 v1.2 runtime detection - initial connection (malware-backdoor.rules) * 1:7665 <-> DISABLED <-> MALWARE-BACKDOOR screen control 1.0 runtime detection - initial connection (malware-backdoor.rules) * 1:7667 <-> DISABLED <-> MALWARE-BACKDOOR screen control 1.0 runtime detection - capture on port 2208 (malware-backdoor.rules) * 1:7669 <-> DISABLED <-> MALWARE-BACKDOOR screen control 1.0 runtime detection - capture on port 2213 (malware-backdoor.rules) * 1:7670 <-> DISABLED <-> MALWARE-BACKDOOR digital upload runtime detection - initial connection (malware-backdoor.rules) * 1:7671 <-> DISABLED <-> MALWARE-BACKDOOR digital upload runtime detection - chat (malware-backdoor.rules) * 1:7672 <-> DISABLED <-> MALWARE-BACKDOOR remoter runtime detection - initial connection (malware-backdoor.rules) * 1:7675 <-> DISABLED <-> MALWARE-BACKDOOR remote havoc runtime detection (malware-backdoor.rules) * 1:7677 <-> DISABLED <-> MALWARE-BACKDOOR cool remote control or crackdown runtime detection - initial connection (malware-backdoor.rules) * 1:7679 <-> DISABLED <-> MALWARE-BACKDOOR cool remote control 1.12 runtime detection - upload file (malware-backdoor.rules) * 1:7681 <-> DISABLED <-> MALWARE-BACKDOOR cool remote control 1.12 runtime detection - download file (malware-backdoor.rules) * 1:7683 <-> DISABLED <-> MALWARE-BACKDOOR acid head 1.00 runtime detection (malware-backdoor.rules) * 1:7684 <-> DISABLED <-> MALWARE-BACKDOOR hrat 1.0 runtime detection (malware-backdoor.rules) * 1:7686 <-> DISABLED <-> MALWARE-BACKDOOR illusion runtime detection - get remote info server-to-client (malware-backdoor.rules) * 1:7688 <-> DISABLED <-> MALWARE-BACKDOOR illusion runtime detection - file browser server-to-client (malware-backdoor.rules) * 1:7689 <-> DISABLED <-> MALWARE-BACKDOOR evade runtime detection - initial connection (malware-backdoor.rules) * 1:7691 <-> DISABLED <-> MALWARE-BACKDOOR evade runtime detection - file manager (malware-backdoor.rules) * 1:7692 <-> DISABLED <-> MALWARE-BACKDOOR exception 1.0 runtime detection - notification (malware-backdoor.rules) * 1:7699 <-> DISABLED <-> MALWARE-BACKDOOR brain wiper runtime detection - launch application (malware-backdoor.rules) * 1:7701 <-> DISABLED <-> MALWARE-BACKDOOR brain wiper runtime detection - chat (malware-backdoor.rules) * 1:7703 <-> DISABLED <-> MALWARE-BACKDOOR roach 1.0 runtime detection - remote control actions (malware-backdoor.rules) * 1:7704 <-> DISABLED <-> MALWARE-CNC roach 1.0 server installation notification - email (malware-cnc.rules) * 1:7706 <-> DISABLED <-> MALWARE-BACKDOOR omniquad instant remote control runtime detection - initial connection (malware-backdoor.rules) * 1:7707 <-> DISABLED <-> MALWARE-BACKDOOR omniquad instant remote control runtime detection - file transfer setup (malware-backdoor.rules) * 1:7710 <-> DISABLED <-> MALWARE-BACKDOOR fear1.5/aciddrop1.0 runtime detection - initial connection (malware-backdoor.rules) * 1:7717 <-> DISABLED <-> MALWARE-BACKDOOR snake trojan runtime detection (malware-backdoor.rules) * 1:7719 <-> DISABLED <-> MALWARE-BACKDOOR dameware mini remote control runtime detection - initial connection (malware-backdoor.rules) * 1:7720 <-> DISABLED <-> MALWARE-BACKDOOR desktop scout runtime detection (malware-backdoor.rules) * 1:7721 <-> DISABLED <-> MALWARE-BACKDOOR prorat 1.9 initial connection detection (malware-backdoor.rules) * 1:7722 <-> DISABLED <-> MALWARE-CNC prorat 1.9 cgi notification detection (malware-cnc.rules) * 1:7724 <-> DISABLED <-> MALWARE-BACKDOOR reversable ver1.0 runtime detection - initial connection - flowbit set (malware-backdoor.rules) * 1:7727 <-> DISABLED <-> MALWARE-BACKDOOR reversable ver1.0 runtime detection - execute command (malware-backdoor.rules) * 1:7729 <-> DISABLED <-> MALWARE-BACKDOOR radmin runtime detection - server-to-client (malware-backdoor.rules) * 1:7730 <-> DISABLED <-> MALWARE-BACKDOOR outbreak_0.2.7 runtime detection - reverse connection (malware-backdoor.rules) * 1:7732 <-> DISABLED <-> MALWARE-BACKDOOR outbreak_0.2.7 runtime detection - ring client-to-server (malware-backdoor.rules) * 1:7733 <-> DISABLED <-> MALWARE-BACKDOOR outbreak_0.2.7 runtime detection - initial connection (malware-backdoor.rules) * 1:7738 <-> DISABLED <-> MALWARE-BACKDOOR alexmessomalex runtime detection - initial connection (malware-backdoor.rules) * 1:7739 <-> DISABLED <-> MALWARE-BACKDOOR alexmessomalex runtime detection - grab (malware-backdoor.rules) * 1:7743 <-> DISABLED <-> MALWARE-BACKDOOR nova 1.0 runtime detection - cgi notification server-to-client (malware-backdoor.rules) * 1:7745 <-> DISABLED <-> MALWARE-BACKDOOR phoenix 2.1 runtime detection (malware-backdoor.rules) * 1:7747 <-> DISABLED <-> MALWARE-BACKDOOR bobo 1.0 runtime detection - initial connection (malware-backdoor.rules) * 1:7749 <-> DISABLED <-> MALWARE-BACKDOOR bobo 1.0 runtime detection - send message (malware-backdoor.rules) * 1:7752 <-> DISABLED <-> MALWARE-BACKDOOR buschtrommel 1.22 runtime detection - initial connection (malware-backdoor.rules) * 1:7755 <-> DISABLED <-> MALWARE-BACKDOOR buschtrommel 1.22 runtime detection - spy function (malware-backdoor.rules) * 1:7758 <-> DISABLED <-> MALWARE-BACKDOOR glacier runtime detection - initial connection and directory browse (malware-backdoor.rules) * 1:7759 <-> DISABLED <-> MALWARE-BACKDOOR glacier runtime detection - screen capture (malware-backdoor.rules) * 1:7760 <-> DISABLED <-> MALWARE-BACKDOOR netthief runtime detection (malware-backdoor.rules) * 1:7762 <-> DISABLED <-> MALWARE-CNC analftp 0.1 variant outbound connection icq notification (malware-cnc.rules) * 1:7763 <-> DISABLED <-> MALWARE-BACKDOOR nt remote controller 2000 runtime detection - services client-to-server (malware-backdoor.rules) * 1:7765 <-> DISABLED <-> MALWARE-BACKDOOR nt remote controller 2000 runtime detection - sysinfo server-to-client (malware-backdoor.rules) * 1:7767 <-> DISABLED <-> MALWARE-BACKDOOR nt remote controller 2000 runtime detection - foldermonitor server-to-client (malware-backdoor.rules) * 1:7771 <-> DISABLED <-> MALWARE-BACKDOOR messiah 4.0 runtime detection - get server info (malware-backdoor.rules) * 1:7773 <-> DISABLED <-> MALWARE-BACKDOOR messiah 4.0 runtime detection - enable keylogger (malware-backdoor.rules) * 1:7775 <-> DISABLED <-> MALWARE-BACKDOOR messiah 4.0 runtime detection - screen capture (malware-backdoor.rules) * 1:7777 <-> DISABLED <-> MALWARE-BACKDOOR messiah 4.0 runtime detection - get drives (malware-backdoor.rules) * 1:7778 <-> DISABLED <-> MALWARE-BACKDOOR elfrat runtime detection - initial connection (malware-backdoor.rules) * 1:7783 <-> DISABLED <-> MALWARE-BACKDOOR netdevil runtime detection - file manager (malware-backdoor.rules) * 1:7785 <-> DISABLED <-> MALWARE-BACKDOOR forced control uploader runtime detection - connection with password (malware-backdoor.rules) * 1:7791 <-> DISABLED <-> MALWARE-BACKDOOR remote anything 5.11.22 runtime detection - victim response (malware-backdoor.rules) * 1:7792 <-> DISABLED <-> MALWARE-BACKDOOR remote anything 5.11.22 runtime detection - chat with victim (malware-backdoor.rules) * 1:7793 <-> DISABLED <-> MALWARE-BACKDOOR remote anything 5.11.22 runtime detection - chat with attacker (malware-backdoor.rules) * 1:7796 <-> DISABLED <-> MALWARE-BACKDOOR incommand 1.7 runtime detection - init connection (malware-backdoor.rules) * 1:7798 <-> DISABLED <-> MALWARE-BACKDOOR incommand 1.7 runtime detection - file manage 1 (malware-backdoor.rules) * 1:7800 <-> DISABLED <-> MALWARE-BACKDOOR incommand 1.7 runtime detection - file manage 2 (malware-backdoor.rules) * 1:7801 <-> DISABLED <-> MALWARE-BACKDOOR portal of doom runtime detection - udp cts (malware-backdoor.rules) * 1:7802 <-> DISABLED <-> MALWARE-BACKDOOR portal of doom runtime detection - udp stc (malware-backdoor.rules) * 1:7803 <-> DISABLED <-> MALWARE-BACKDOOR war trojan ver1.0 runtime detection - send messages (malware-backdoor.rules) * 1:7804 <-> DISABLED <-> MALWARE-BACKDOOR war trojan ver1.0 runtime detection - disable ctrl+alt+del (malware-backdoor.rules) * 1:7805 <-> DISABLED <-> MALWARE-CNC war trojan ver1.0 variant outbound connection ie hijacker (malware-cnc.rules) * 1:7806 <-> DISABLED <-> MALWARE-BACKDOOR fatal wound 1.0 runtime detection - initial connection (malware-backdoor.rules) * 1:7807 <-> DISABLED <-> MALWARE-BACKDOOR fatal wound 1.0 runtime detection - execute file (malware-backdoor.rules) * 1:7809 <-> DISABLED <-> MALWARE-BACKDOOR fatal wound 1.0 runtime detection - upload (malware-backdoor.rules) * 1:7812 <-> DISABLED <-> MALWARE-BACKDOOR abacab runtime detection - banner (malware-backdoor.rules) * 1:7814 <-> DISABLED <-> MALWARE-BACKDOOR darkmoon initial connection detection - stc (malware-backdoor.rules) * 1:7816 <-> DISABLED <-> MALWARE-BACKDOOR darkmoon reverse connection detection - cts (malware-backdoor.rules) * 1:7818 <-> DISABLED <-> MALWARE-BACKDOOR infector v1.0 runtime detection - init conn (malware-backdoor.rules) * 1:7822 <-> DISABLED <-> MALWARE-BACKDOOR xbkdr runtime detection (malware-backdoor.rules) * 1:7835 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool nettracker runtime detection - report browsing (malware-tools.rules) * 1:7836 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool nettracker runtime detection - report send through email (malware-tools.rules) * 1:7837 <-> DISABLED <-> MALWARE-OTHER Keylogger spyoutside runtime detection - email delivery (malware-other.rules) * 1:7842 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool davps runtime detection (malware-tools.rules) * 1:7847 <-> DISABLED <-> MALWARE-OTHER Keylogger clogger 1.0 runtime detection - send log through email (malware-other.rules) * 1:7856 <-> DISABLED <-> MALWARE-OTHER Trackware winsysba-a runtime detection - track surfing activity (malware-other.rules) * 1:7857 <-> DISABLED <-> MALWARE-OTHER Keylogger EliteKeylogger runtime detection (malware-other.rules) * 1:8074 <-> DISABLED <-> MALWARE-BACKDOOR mithril runtime detection - init connection (malware-backdoor.rules) * 1:8076 <-> DISABLED <-> MALWARE-BACKDOOR mithril runtime detection - get system information (malware-backdoor.rules) * 1:8078 <-> DISABLED <-> MALWARE-BACKDOOR mithril runtime detection - get process list (malware-backdoor.rules) * 1:8079 <-> DISABLED <-> MALWARE-BACKDOOR x2a runtime detection - init connection (malware-backdoor.rules) * 1:8080 <-> DISABLED <-> MALWARE-CNC x2a variant outbound connection client update (malware-cnc.rules) * 1:8361 <-> DISABLED <-> MALWARE-BACKDOOR black curse 4.0 runtime detection - inverse init connection (malware-backdoor.rules) * 1:8362 <-> DISABLED <-> MALWARE-BACKDOOR black curse 4.0 runtime detection - normal init connection (malware-backdoor.rules) * 1:8461 <-> DISABLED <-> MALWARE-OTHER Trackware duduaccelerator runtime detection - send userinfo (malware-other.rules) * 1:8462 <-> DISABLED <-> MALWARE-OTHER Trackware duduaccelerator runtime detection - trace info downloaded (malware-other.rules) * 1:8463 <-> DISABLED <-> MALWARE-OTHER Trackware duduaccelerator runtime detection - trace login info (malware-other.rules) * 1:8466 <-> DISABLED <-> MALWARE-OTHER Keylogger netobserve runtime detection - email notification (malware-other.rules) * 1:8467 <-> DISABLED <-> MALWARE-OTHER Keylogger netobserve runtime detection - remote login response (malware-other.rules) * 1:8542 <-> DISABLED <-> MALWARE-OTHER Trackware deluxecommunications runtime detection - collect info (malware-other.rules) * 1:8543 <-> DISABLED <-> MALWARE-OTHER Trackware deluxecommunications runtime detection - display popup ads (malware-other.rules) * 1:8544 <-> DISABLED <-> MALWARE-OTHER Keylogger nicespy runtime detection - smtp (malware-other.rules) * 1:8548 <-> DISABLED <-> MALWARE-BACKDOOR zzmm 2.0 runtime detection - init connection (malware-backdoor.rules) * 1:8549 <-> DISABLED <-> MALWARE-BACKDOOR zxshell runtime detection - setting information retrieve (malware-backdoor.rules) * 1:9326 <-> DISABLED <-> MALWARE-OTHER netsky.p smtp propagation detection (malware-other.rules) * 1:9327 <-> DISABLED <-> MALWARE-OTHER netsky.af smtp propagation detection (malware-other.rules) * 1:9328 <-> DISABLED <-> MALWARE-OTHER zhangpo smtp propagation detection (malware-other.rules) * 1:9330 <-> DISABLED <-> MALWARE-OTHER mydoom.e smtp propagation detection (malware-other.rules) * 1:9331 <-> DISABLED <-> MALWARE-OTHER mydoom.m smtp propagation detection (malware-other.rules) * 1:9332 <-> DISABLED <-> MALWARE-OTHER mimail.a smtp propagation detection (malware-other.rules) * 1:9333 <-> DISABLED <-> MALWARE-OTHER mimail.e smtp propagation detection (malware-other.rules) * 1:9334 <-> DISABLED <-> MALWARE-OTHER lovgate.c smtp propagation detection (malware-other.rules) * 1:9335 <-> DISABLED <-> MALWARE-OTHER netsky.b smtp propagation detection (malware-other.rules) * 1:9336 <-> DISABLED <-> MALWARE-OTHER netsky.t smtp propagation detection (malware-other.rules) * 1:9337 <-> DISABLED <-> MALWARE-OTHER netsky.x smtp propagation detection (malware-other.rules) * 1:9338 <-> DISABLED <-> MALWARE-OTHER mydoom.i smtp propagation detection (malware-other.rules) * 1:9339 <-> DISABLED <-> MALWARE-OTHER klez.g web propagation detection (malware-other.rules) * 1:9340 <-> DISABLED <-> MALWARE-OTHER klez.i web propagation detection (malware-other.rules) * 1:9341 <-> DISABLED <-> MALWARE-OTHER sasser open ftp command shell (malware-other.rules) * 1:9342 <-> DISABLED <-> MALWARE-OTHER paroc.a smtp propagation detection (malware-other.rules) * 1:9343 <-> DISABLED <-> MALWARE-OTHER kadra smtp propagation detection (malware-other.rules) * 1:9344 <-> DISABLED <-> MALWARE-OTHER kindal smtp propagation detection (malware-other.rules) * 1:9345 <-> DISABLED <-> MALWARE-OTHER kipis.a smtp propagation detection (malware-other.rules) * 1:9346 <-> DISABLED <-> MALWARE-OTHER klez.b web propagation detection (malware-other.rules) * 1:9347 <-> DISABLED <-> MALWARE-OTHER klez.b netshare propagation detection (malware-other.rules) * 1:9348 <-> DISABLED <-> MALWARE-OTHER morbex smtp propagation detection (malware-other.rules) * 1:9349 <-> DISABLED <-> MALWARE-OTHER plemood smtp propagation detection (malware-other.rules) * 1:9350 <-> DISABLED <-> MALWARE-OTHER mimail.k smtp propagation detection (malware-other.rules) * 1:9351 <-> DISABLED <-> MALWARE-OTHER lovgate.a netshare propagation detection (malware-other.rules) * 1:9352 <-> DISABLED <-> MALWARE-OTHER lovgate.a smtp propagation detection (malware-other.rules) * 1:9353 <-> DISABLED <-> MALWARE-OTHER deborm.x netshare propagation detection (malware-other.rules) * 1:9354 <-> DISABLED <-> MALWARE-OTHER deborm.y netshare propagation detection (malware-other.rules) * 1:9355 <-> DISABLED <-> MALWARE-OTHER deborm.u netshare propagation detection (malware-other.rules) * 1:9356 <-> DISABLED <-> MALWARE-OTHER deborm.q netshare propagation detection (malware-other.rules) * 1:9357 <-> DISABLED <-> MALWARE-OTHER deborm.r netshare propagation detection (malware-other.rules) * 1:9358 <-> DISABLED <-> MALWARE-OTHER fizzer smtp propagation detection (malware-other.rules) * 1:9359 <-> DISABLED <-> MALWARE-OTHER zafi.b smtp propagation detection (malware-other.rules) * 1:9360 <-> DISABLED <-> MALWARE-OTHER cult.b smtp propagation detection (malware-other.rules) * 1:9361 <-> DISABLED <-> MALWARE-OTHER mimail.l smtp propagation detection (malware-other.rules) * 1:9362 <-> DISABLED <-> MALWARE-OTHER mimail.m smtp propagation detection (malware-other.rules) * 1:9363 <-> DISABLED <-> MALWARE-OTHER klez.d web propagation detection (malware-other.rules) * 1:9364 <-> DISABLED <-> MALWARE-OTHER klez.e web propagation detection (malware-other.rules) * 1:9365 <-> DISABLED <-> MALWARE-OTHER cult.c smtp propagation detection (malware-other.rules) * 1:9366 <-> DISABLED <-> MALWARE-OTHER mimail.s smtp propagation detection (malware-other.rules) * 1:9367 <-> DISABLED <-> MALWARE-OTHER anset.b smtp propagation detection (malware-other.rules) * 1:9368 <-> DISABLED <-> MALWARE-OTHER agist.a smtp propagation detection (malware-other.rules) * 1:9369 <-> DISABLED <-> MALWARE-OTHER atak.a smtp propagation detection (malware-other.rules) * 1:9370 <-> DISABLED <-> MALWARE-OTHER bagle.b smtp propagation detection (malware-other.rules) * 1:9371 <-> DISABLED <-> MALWARE-OTHER bagle.e smtp propagation detection (malware-other.rules) * 1:9372 <-> DISABLED <-> MALWARE-OTHER blebla.a smtp propagation detection (malware-other.rules) * 1:9373 <-> DISABLED <-> MALWARE-OTHER clepa smtp propagation detection (malware-other.rules) * 1:9374 <-> DISABLED <-> MALWARE-OTHER creepy.b smtp propagation detection (malware-other.rules) * 1:9375 <-> DISABLED <-> MALWARE-OTHER duksten.c smtp propagation detection (malware-other.rules) * 1:9376 <-> DISABLED <-> MALWARE-OTHER fishlet.a smtp propagation detection (malware-other.rules) * 1:9377 <-> DISABLED <-> MALWARE-OTHER mydoom.g smtp propagation detection (malware-other.rules) * 1:9378 <-> DISABLED <-> MALWARE-OTHER netsky.q smtp propagation detection (malware-other.rules) * 1:9379 <-> DISABLED <-> MALWARE-OTHER netsky.s smtp propagation detection (malware-other.rules) * 1:9380 <-> DISABLED <-> MALWARE-OTHER jitux msn messenger propagation detection (malware-other.rules) * 1:9381 <-> DISABLED <-> MALWARE-OTHER lara smtp propagation detection (malware-other.rules) * 1:9382 <-> DISABLED <-> MALWARE-OTHER fearso.c smtp propagation detection (malware-other.rules) * 1:9383 <-> DISABLED <-> MALWARE-OTHER netsky.y smtp propagation detection (malware-other.rules) * 1:9384 <-> DISABLED <-> MALWARE-OTHER beglur.a smtp propagation detection (malware-other.rules) * 1:9385 <-> DISABLED <-> MALWARE-OTHER collo.a smtp propagation detection (malware-other.rules) * 1:9386 <-> DISABLED <-> MALWARE-OTHER bagle.f smtp propagation detection (malware-other.rules) * 1:9387 <-> DISABLED <-> MALWARE-OTHER klez.j web propagation detection (malware-other.rules) * 1:9388 <-> DISABLED <-> MALWARE-OTHER mimail.g smtp propagation detection (malware-other.rules) * 1:9389 <-> DISABLED <-> MALWARE-OTHER bagle.i smtp propagation detection (malware-other.rules) * 1:9390 <-> DISABLED <-> MALWARE-OTHER deborm.d netshare propagation detection (malware-other.rules) * 1:9391 <-> DISABLED <-> MALWARE-OTHER mimail.i smtp propagation detection (malware-other.rules) * 1:9392 <-> DISABLED <-> MALWARE-OTHER bagle.j smtp propagation detection (malware-other.rules) * 1:9393 <-> DISABLED <-> MALWARE-OTHER bagle.k smtp propagation detection (malware-other.rules) * 1:9394 <-> DISABLED <-> MALWARE-OTHER bagle.n smtp propagation detection (malware-other.rules) * 1:9395 <-> DISABLED <-> MALWARE-OTHER deborm.j netshare propagation detection (malware-other.rules) * 1:9396 <-> DISABLED <-> MALWARE-OTHER deborm.t netshare propagation detection (malware-other.rules) * 1:9397 <-> DISABLED <-> MALWARE-OTHER neysid smtp propagation detection (malware-other.rules) * 1:9398 <-> DISABLED <-> MALWARE-OTHER totilix.a smtp propagation detection (malware-other.rules) * 1:9399 <-> DISABLED <-> MALWARE-OTHER hanged smtp propagation detection (malware-other.rules) * 1:9400 <-> DISABLED <-> MALWARE-OTHER abotus smtp propagation detection (malware-other.rules) * 1:9401 <-> DISABLED <-> MALWARE-OTHER gokar http propagation detection (malware-other.rules) * 1:9402 <-> DISABLED <-> MALWARE-OTHER welchia tftp propagation detection (malware-other.rules) * 1:9403 <-> DISABLED <-> MALWARE-OTHER netsky.aa smtp propagation detection (malware-other.rules) * 1:9404 <-> DISABLED <-> MALWARE-OTHER netsky.ac smtp propagation detection (malware-other.rules) * 1:9406 <-> DISABLED <-> MALWARE-OTHER lovgate.e smtp propagation detection (malware-other.rules) * 1:9407 <-> DISABLED <-> MALWARE-OTHER lovgate.b netshare propagation detection (malware-other.rules) * 1:9408 <-> DISABLED <-> MALWARE-OTHER lacrow smtp propagation detection (malware-other.rules) * 1:9409 <-> DISABLED <-> MALWARE-OTHER atak.b smtp propagation detection (malware-other.rules) * 1:9410 <-> DISABLED <-> MALWARE-OTHER netsky.z smtp propagation detection (malware-other.rules) * 1:9411 <-> DISABLED <-> MALWARE-OTHER mimail.f smtp propagation detection (malware-other.rules) * 1:9412 <-> DISABLED <-> MALWARE-OTHER sinmsn.b msn propagation detection (malware-other.rules) * 1:9413 <-> DISABLED <-> MALWARE-OTHER ganda smtp propagation detection (malware-other.rules) * 1:9414 <-> DISABLED <-> MALWARE-OTHER lovelorn.a smtp propagation detection (malware-other.rules) * 1:9415 <-> DISABLED <-> MALWARE-OTHER plexus.a smtp propagation detection (malware-other.rules) * 1:9416 <-> DISABLED <-> MALWARE-OTHER bagle.at smtp propagation detection (malware-other.rules) * 1:9417 <-> DISABLED <-> MALWARE-OTHER bagle.a smtp propagation detection (malware-other.rules) * 1:9424 <-> DISABLED <-> MALWARE-OTHER /winnt/explorer.exe unicode klez infection (malware-other.rules) * 1:9425 <-> DISABLED <-> MALWARE-OTHER netsky attachment (malware-other.rules) * 1:9426 <-> DISABLED <-> MALWARE-OTHER mydoom.ap attachment (malware-other.rules) * 1:9647 <-> DISABLED <-> MALWARE-OTHER Keylogger system surveillance pro runtime detection (malware-other.rules) * 1:9648 <-> DISABLED <-> MALWARE-OTHER Keylogger emailspypro runtime detection (malware-other.rules) * 1:9650 <-> DISABLED <-> MALWARE-OTHER Keylogger ghost Keylogger runtime detection (malware-other.rules) * 1:9653 <-> DISABLED <-> MALWARE-CNC apofis 1.0 variant outbound connection php notification (malware-cnc.rules) * 1:9655 <-> DISABLED <-> MALWARE-BACKDOOR apofis 1.0 runtime detection - remote controlling (malware-backdoor.rules) * 1:9657 <-> DISABLED <-> MALWARE-BACKDOOR bersek 1.0 runtime detection - init connection (malware-backdoor.rules) * 1:9659 <-> DISABLED <-> MALWARE-BACKDOOR bersek 1.0 runtime detection - file manage (malware-backdoor.rules) * 1:9661 <-> DISABLED <-> MALWARE-BACKDOOR bersek 1.0 runtime detection - show processes (malware-backdoor.rules) * 1:9663 <-> DISABLED <-> MALWARE-BACKDOOR bersek 1.0 runtime detection - start remote shell (malware-backdoor.rules) * 1:9665 <-> DISABLED <-> MALWARE-BACKDOOR crossbow 1.12 runtime detection - init connection (malware-backdoor.rules) * 1:9666 <-> DISABLED <-> MALWARE-BACKDOOR superra runtime detection - success init connection (malware-backdoor.rules) * 1:9667 <-> DISABLED <-> MALWARE-BACKDOOR superra runtime detection - issue remote control command (malware-backdoor.rules) * 1:9827 <-> DISABLED <-> MALWARE-OTHER Keylogger paq keylog runtime detection - smtp (malware-other.rules) * 1:9828 <-> DISABLED <-> MALWARE-OTHER Keylogger paq keylog runtime detection - ftp (malware-other.rules) * 1:9829 <-> DISABLED <-> MALWARE-OTHER Trackware relevantknowledge runtime detection (malware-other.rules) * 1:9830 <-> DISABLED <-> MALWARE-OTHER Keylogger supreme spy runtime detection (malware-other.rules) * 1:9832 <-> DISABLED <-> MALWARE-BACKDOOR ieva 1.0 runtime detection - send message (malware-backdoor.rules) * 1:9833 <-> DISABLED <-> MALWARE-BACKDOOR ieva 1.0 runtime detection - fake delete harddisk message (malware-backdoor.rules) * 1:9834 <-> DISABLED <-> MALWARE-BACKDOOR ieva 1.0 runtime detection - black screen (malware-backdoor.rules) * 1:9835 <-> DISABLED <-> MALWARE-BACKDOOR ieva 1.0 runtime detection - swap mouse (malware-backdoor.rules) * 1:9836 <-> DISABLED <-> MALWARE-BACKDOOR ieva 1.0 runtime detection - crazy mouse (malware-backdoor.rules) * 1:9838 <-> DISABLED <-> MALWARE-BACKDOOR sun shadow 1.70 runtime detection - init connection (malware-backdoor.rules) * 1:9839 <-> DISABLED <-> MALWARE-BACKDOOR sun shadow 1.70 runtime detection - keep alive (malware-backdoor.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
