Talos has added and modified multiple rules in the and malware-cnc rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:45260 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware upload attempt (malware-cnc.rules)
* 1:39361 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Batlopma (malware-cnc.rules) * 1:38304 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - JexBoss (malware-cnc.rules) * 1:38961 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - fsrhrsrg - Win.Trojan.Nemucod (malware-cnc.rules) * 1:38962 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - uguogo - Win.Trojan.Nemucod (malware-cnc.rules) * 1:38234 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.FighterPOS (malware-cnc.rules) * 1:35316 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string EI Plugin updater (malware-cnc.rules) * 1:35710 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules) * 1:36833 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozila (malware-cnc.rules) * 1:34843 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - EMERY - Win.Trojan.W97M (malware-cnc.rules) * 1:33907 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - KAIIOOOO871 - Win.Trojan.Dridex (malware-cnc.rules) * 1:33914 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Barys (malware-cnc.rules) * 1:34607 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Punkey (malware-cnc.rules) * 1:33884 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string dolit (malware-cnc.rules) * 1:33633 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Downing - Win.Trojan.Otwycal (malware-cnc.rules) * 1:33649 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Google Omaha - Win.Trojan.ExtenBro (malware-cnc.rules) * 1:33831 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent DownloadMR - Solimba (malware-cnc.rules) * 1:33522 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - DNS Changer (malware-cnc.rules) * 1:33259 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - testupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33260 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlyupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33519 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - ALIZER (malware-cnc.rules) * 1:33258 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Updates downloader - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33255 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - iMacros - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33257 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlymacros - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33256 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - macrotest - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33251 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - USER_CHECK - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33253 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - bbbbbbbbbb - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33254 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - hi - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33247 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - PPKHandler - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33252 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - WATClient - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33249 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SLSSoapClient - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33250 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Tintin - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33243 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozilla - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33248 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Peers12 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33245 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera10 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33246 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - OperaMini - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33238 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Wurst - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33244 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33240 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - FixUpdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33242 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Explorer - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33234 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2508Inst - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33239 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Installer/1.0 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33236 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2808inst - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33237 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Player - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33230 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33235 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-2 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33232 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - AppUpdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33233 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-1 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:32979 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules) * 1:33231 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox/5.0 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33047 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - realupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33207 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mazilla/5.0 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:32402 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent globalupdate - Osx.Trojan.Wirelurker (malware-cnc.rules) * 1:32980 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - multi-browser (malware-cnc.rules) * 1:32645 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RUpdate (malware-cnc.rules) * 1:32978 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules) * 1:32296 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string update - Win.Trojan.Waski (malware-cnc.rules) * 1:32455 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent VUPHTTP - Win.Trojan.Puvespia (malware-cnc.rules) * 1:32383 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - connect - Win.Backdoor.Upatre (malware-cnc.rules) * 1:32384 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - myupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:32060 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent string - httptestman - Win.Backdoor.Rabasheeta (malware-cnc.rules) * 1:32333 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string fast uax (malware-cnc.rules) * 1:32294 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent BloodguyBrowser-_- (malware-cnc.rules) * 1:32295 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string http - Win.Trojan.Waski (malware-cnc.rules) * 1:31990 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Install - Win.Backdoor.Upatre (malware-cnc.rules) * 1:32125 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - update - Win.Backdoor.Upatre (malware-cnc.rules) * 1:32030 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Decibal - Win.Trojan.Decibal (malware-cnc.rules) * 1:32052 <-> ENABLED <-> MALWARE-CNC User-Agent Xsser mRAT user-agent (malware-cnc.rules) * 1:31150 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent DefaultBotPassword - Win.Trojan.Tirabot (malware-cnc.rules) * 1:31991 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Treck - Win.Backdoor.Upatre (malware-cnc.rules) * 1:31417 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent blacksun - Win.Trojan.Blacksun (malware-cnc.rules) * 1:31557 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozilla/5.0 - Win.Trojan.Upatre (malware-cnc.rules) * 1:30518 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Neutrino/2.1 - Win.Trojan.Necurs (malware-cnc.rules) * 1:31225 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent rome0321 - Win.Trojan.Soraya (malware-cnc.rules) * 1:31090 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent hello crazyk (malware-cnc.rules) * 1:31122 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent svchost (malware-cnc.rules) * 1:30314 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent getcmd - Win.Trojan.Burnwoo (malware-cnc.rules) * 1:30918 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent Mozilla (malware-cnc.rules) * 1:30331 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ebot - Win.Trojan.Modulog (malware-cnc.rules) * 1:30344 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent EyeS_Client_1.0 - Win.Trojan.Seey (malware-cnc.rules) * 1:30290 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Browser - Win.Trojan.Bruterdep (malware-cnc.rules) * 1:30315 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent getcmdw23 - Win.Trojan.Burnwoo (malware-cnc.rules) * 1:30308 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win.Backdoor.Jolob (malware-cnc.rules) * 1:30309 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win.Backdoor.Jolob (malware-cnc.rules) * 1:29824 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - TixDll - Win.Trojan.Adload.dyhq (malware-cnc.rules) * 1:30301 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent InetAll - Win.Trojan.Pennonec (malware-cnc.rules) * 1:30210 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agnet string Win.Trojan.ZeusVM (malware-cnc.rules) * 1:30250 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - logogo.exe (malware-cnc.rules) * 1:29431 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Tirips (malware-cnc.rules) * 1:29887 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Updates downloader - Win.Trojan.Upatre (malware-cnc.rules) * 1:29652 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Truado (malware-cnc.rules) * 1:29760 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MSIE 4.01 - Win.Trojan.Careto (malware-cnc.rules) * 1:29645 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Mimunita (malware-cnc.rules) * 1:29180 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Update1.0 - Win.Trojan.Downbini (malware-cnc.rules) * 1:29371 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Dluca (malware-cnc.rules) * 1:29341 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string CustomSpy - Win.Trojan.Etek (malware-cnc.rules) * 1:29358 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Mowfote (malware-cnc.rules) * 1:29174 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string fortis (malware-cnc.rules) * 1:29139 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string HTTP 1.1 - Win.Trojan.Tapslix (malware-cnc.rules) * 1:29150 <-> ENABLED <-> MALWARE-CNC User-Agent suspicious user-agent WarpHTTP - Win.Trojan.Yohakest (malware-cnc.rules) * 1:29143 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent - Win.Trojan.Secciv (malware-cnc.rules) * 1:28558 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string getURLdown (malware-cnc.rules) * 1:28859 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent z00sAgent - Win.Trojan.Zbot (malware-cnc.rules) * 1:28860 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Nitedrem (malware-cnc.rules) * 1:27709 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string umbra (malware-cnc.rules) * 1:28852 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules) * 1:27868 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - dt12012 (malware-cnc.rules) * 1:28362 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string SUiCiDE/1.5 (malware-cnc.rules) * 1:26751 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - msctls_progress32 (malware-cnc.rules) * 1:27710 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string IExplore (malware-cnc.rules) * 1:27044 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string pb - Htbot (malware-cnc.rules) * 1:27263 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - yahoonews (malware-cnc.rules) * 1:27015 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string iexplorer (malware-cnc.rules) * 1:26702 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win (malware-cnc.rules) * 1:26577 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent Opera 10 (malware-cnc.rules) * 1:26685 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string J13A (malware-cnc.rules) * 1:26686 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alina (malware-cnc.rules) * 1:26558 <-> ENABLED <-> MALWARE-CNC User-Agent known Malicious user agent Brutus AET (malware-cnc.rules) * 1:25980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pass (malware-cnc.rules) * 1:26248 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent cibabam (malware-cnc.rules) * 1:26522 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent NOKIAN95/WEB (malware-cnc.rules) * 1:25659 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - spam_bot (malware-cnc.rules) * 1:25476 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules) * 1:25533 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - al (malware-cnc.rules) * 1:25544 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ctwopop (malware-cnc.rules) * 1:25372 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - wh (malware-cnc.rules) * 1:25260 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozila (malware-cnc.rules) * 1:25262 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string IEToolbar (malware-cnc.rules) * 1:25261 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MSIE (malware-cnc.rules) * 1:25245 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - me0hoi (malware-cnc.rules) * 1:25009 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules) * 1:25119 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - NewBrandTest (malware-cnc.rules) * 1:25243 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - 04/XP (malware-cnc.rules) * 1:24792 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Google page (malware-cnc.rules) * 1:24631 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Lizard/1.0 (malware-cnc.rules) * 1:24634 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - vaccinepc (malware-cnc.rules) * 1:24633 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - test_hInternet (malware-cnc.rules) * 1:24441 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Testing (malware-cnc.rules) * 1:24568 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Mozilla/00 (malware-cnc.rules) * 1:24575 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Opera/9.61 (malware-cnc.rules) * 1:23019 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Flame malware (malware-cnc.rules) * 1:24442 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alerter COM (malware-cnc.rules) * 1:23903 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - you (malware-cnc.rules) * 1:24111 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Post (malware-cnc.rules) * 1:21639 <-> ENABLED <-> MALWARE-CNC User-Agent known Adware user agent mus - TDSS related (malware-cnc.rules) * 1:23627 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - PoisonIvy RAT (malware-cnc.rules) * 1:21965 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VB WININET (malware-cnc.rules) * 1:22939 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent RAbcLib (malware-cnc.rules) * 1:21476 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent YZF (malware-cnc.rules) * 1:21925 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent BOT/0.1 (malware-cnc.rules) * 1:21591 <-> ENABLED <-> MALWARE-CNC User-Agent known Adware user agent Gamevance tl_v (malware-cnc.rules) * 1:21636 <-> ENABLED <-> MALWARE-CNC User-Agent known Adware user agent gbot (malware-cnc.rules) * 1:21526 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent TCYWinHTTPDownload (malware-cnc.rules) * 1:21475 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string core-project (malware-cnc.rules) * 1:21380 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - QvodDown (malware-cnc.rules) * 1:21455 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string psi (malware-cnc.rules) * 1:21469 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 1234567890 (malware-cnc.rules) * 1:21246 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string DataCha0s (malware-cnc.rules) * 1:21278 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Google Bot (malware-cnc.rules) * 1:21327 <-> ENABLED <-> MALWARE-CNC User-Agent ASafaWeb Scan (malware-cnc.rules) * 1:21175 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Win32 Amti (malware-cnc.rules) * 1:21266 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Morfeus Scanner (malware-cnc.rules) * 1:21206 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Aldi Bot (malware-cnc.rules) * 1:21225 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Flag (malware-cnc.rules) * 1:21188 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string API Guide test program (malware-cnc.rules) * 1:20230 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 0pera 10 (malware-cnc.rules) * 1:20293 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MBVDFRESCT (malware-cnc.rules) * 1:20988 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ZmEu - vulnerability scanner (malware-cnc.rules) * 1:20104 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - InfoBot (malware-cnc.rules) * 1:20231 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozilla//4.0 (malware-cnc.rules) * 1:20106 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - darkness (malware-cnc.rules) * 1:20201 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - meterpreter (malware-cnc.rules) * 1:20012 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string feranet/0.4 - Win32/Ferabsa.A (malware-cnc.rules) * 1:20105 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - IPHONE (malware-cnc.rules) * 1:20039 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Hardcore Software (malware-cnc.rules) * 1:20019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - test (malware-cnc.rules) * 1:20021 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Brontok (malware-cnc.rules) * 1:20009 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string Baby Remote - Win32/Babmote.A (malware-cnc.rules) * 1:19756 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Opera/8.89 - P2P-Worm.Win32.Palevo.ddm (malware-cnc.rules) * 1:19786 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Mozilla (malware-cnc.rules) * 1:19934 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MYURL (malware-cnc.rules) * 1:19611 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string INet - Win32.Virus.Jusabli.A (malware-cnc.rules) * 1:19485 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - RAV1 (malware-cnc.rules) * 1:19570 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ie 11.0 sp6 (malware-cnc.rules) * 1:19589 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string MacProtector (malware-cnc.rules) * 1:19372 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string javasw - Trojan.Banload (malware-cnc.rules) * 1:19480 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string STORMDDOS - Backdoor.Win32.Inject.ctt (malware-cnc.rules) * 1:19482 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ErrorFix (malware-cnc.rules) * 1:18395 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Duckling/1.0 (malware-cnc.rules) * 1:19434 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ErrCode (malware-cnc.rules) * 1:19165 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Microsoft Internet Explorer (malware-cnc.rules) * 1:19175 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent wget 3.0 (malware-cnc.rules) * 1:18391 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MyLove (malware-cnc.rules) * 1:19047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - RCleanT (malware-cnc.rules) * 1:18394 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string OCRecover (malware-cnc.rules) * 1:18393 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string vyre32 (malware-cnc.rules) * 1:18387 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string dwplayer (malware-cnc.rules) * 1:18392 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string qixi (malware-cnc.rules) * 1:18389 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 3653Client (malware-cnc.rules) * 1:18390 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Delphi 5.x (malware-cnc.rules) * 1:18382 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string WMUpdate (malware-cnc.rules) * 1:18388 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RookIE/1.0 (malware-cnc.rules) * 1:18385 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string HTTPCSDCENTER (malware-cnc.rules) * 1:18386 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string AHTTPConnection (malware-cnc.rules) * 1:18383 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string GPInstaller (malware-cnc.rules) * 1:18378 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string AutoHotkey (malware-cnc.rules) * 1:18381 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Travel Update (malware-cnc.rules) * 1:18379 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string AskInstallChecker (malware-cnc.rules) * 1:18380 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string FPUpdater (malware-cnc.rules) * 1:18377 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string malware (malware-cnc.rules) * 1:18374 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string SurfBear (malware-cnc.rules) * 1:18375 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string HTTP Wininet (malware-cnc.rules) * 1:18376 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Trololo (malware-cnc.rules) * 1:18373 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Installer (malware-cnc.rules) * 1:18369 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string iexp-get (malware-cnc.rules) * 1:18370 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozilla Windows MSIE (malware-cnc.rules) * 1:18371 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string QvodDown (malware-cnc.rules) * 1:18368 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Our_Agent (malware-cnc.rules) * 1:18365 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Agentcc (malware-cnc.rules) * 1:18366 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string OCInstaller (malware-cnc.rules) * 1:18367 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string FPRecover (malware-cnc.rules) * 1:18364 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string msndown (malware-cnc.rules) * 1:18361 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Downloader1.1 (malware-cnc.rules) * 1:18363 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string GPRecover (malware-cnc.rules) * 1:18357 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Setup Factory (malware-cnc.rules) * 1:18362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Search Toolbar 1.1 (malware-cnc.rules) * 1:18360 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Oncues (malware-cnc.rules) * 1:18358 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string NSIS_INETLOAD (malware-cnc.rules) * 1:18359 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Shareaza (malware-cnc.rules) * 1:18355 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Se2011 (malware-cnc.rules) * 1:18353 <-> ENABLED <-> MALWARE-CNC User-Agent request for known PUA user agent - SelectRebates (malware-cnc.rules) * 1:18356 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string random (malware-cnc.rules) * 1:18349 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Flipopia (malware-cnc.rules) * 1:18354 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string opera/8.11 (malware-cnc.rules) * 1:18351 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string GPUpdater (malware-cnc.rules) * 1:18352 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string PinballCorp-BSAI/VER_STR_COMMA (malware-cnc.rules) * 1:18345 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Macrovision_DM_2.4.15 (malware-cnc.rules) * 1:18350 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string GabPath (malware-cnc.rules) * 1:18348 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Opera/9.80 Pesto/2.2.15 (malware-cnc.rules) * 1:18346 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string GPRecover (malware-cnc.rules) * 1:18347 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string AutoIt (malware-cnc.rules) * 1:18340 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ClickAdsByIE 0.7.5 (malware-cnc.rules) * 1:18342 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string NSIS_DOWNLOAD (malware-cnc.rules) * 1:18343 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string WSEnrichment (malware-cnc.rules) * 1:18247 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ErrCode - W32/Fujacks.htm (malware-cnc.rules) * 1:18341 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string UtilMind HTTPGet (malware-cnc.rules) * 1:18337 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string iamx/3.11 (malware-cnc.rules) * 1:18338 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string NSISDL/1.2 (malware-cnc.rules) * 1:14059 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - CPUSH_HOMEPAGE (malware-cnc.rules) * 1:18336 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string gbot/2.3 (malware-cnc.rules) * 1:16551 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - malware (malware-cnc.rules) * 1:14060 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - CPUSH_UPDATER (malware-cnc.rules) * 1:16497 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Tear Application (malware-cnc.rules) * 1:13855 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpeedRunner (malware-cnc.rules) * 1:13932 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - opera (malware-cnc.rules) * 1:14057 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - DMFR (malware-cnc.rules) * 1:12723 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - WakeSpace (malware-cnc.rules) * 1:13931 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - PcPcUpdater (malware-cnc.rules) * 1:13782 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EzReward (malware-cnc.rules) * 1:13638 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user-agent string - Win.Adware.VirusHeat (malware-cnc.rules) * 1:13777 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SysCleaner (malware-cnc.rules) * 1:12674 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - iebar (malware-cnc.rules) * 1:11313 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spy-Locked (malware-cnc.rules) * 1:12482 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ZOMBIES_HTTP_GET (malware-cnc.rules) * 1:12371 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpamBlockerUtility (malware-cnc.rules) * 1:10179 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - BysooTB (malware-cnc.rules) * 1:11308 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpyDawn (malware-cnc.rules) * 1:6357 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Need2Find (malware-cnc.rules) * 1:6362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MGS-Internal-Web-Manager (malware-cnc.rules) * 1:6363 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAcc (malware-cnc.rules) * 1:6364 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - iMeshBar (malware-cnc.rules) * 1:6366 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - eAnthMngr (malware-cnc.rules) * 1:6394 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - CodeguruBrowser (malware-cnc.rules) * 1:6491 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - snprtzdialno (malware-cnc.rules) * 1:7135 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - IEP (malware-cnc.rules) * 1:7145 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - adfsgecoiwnf (malware-cnc.rules) * 1:7187 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules) * 1:7195 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - shprrprt-cs- (malware-cnc.rules) * 1:7511 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ed2k edonkey2000 runtime detection (malware-cnc.rules) * 1:7537 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Arrow Search (malware-cnc.rules) * 1:7540 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - http protocol (malware-cnc.rules) * 1:7572 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - DigExt (malware-cnc.rules) * 1:7582 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pcast Live (malware-cnc.rules) * 1:7587 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - URLBlaze (malware-cnc.rules) * 1:7832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Navhelper (malware-cnc.rules) * 1:42020 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules) * 1:5900 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Async HTTP Agent (malware-cnc.rules) * 1:40251 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Perseus (malware-cnc.rules) * 1:42886 <-> ENABLED <-> MALWARE-CNC User-Agent Win.Trojan.Agent malicious user agent (malware-cnc.rules) * 1:5824 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Strip-Player (malware-cnc.rules) * 1:41441 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - X-Mas (malware-cnc.rules) * 1:40212 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkshell (malware-cnc.rules) * 1:45051 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Tool.SMSBomber (malware-cnc.rules) * 1:44362 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules) * 1:5988 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ZC-Bridge (malware-cnc.rules) * 1:41457 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Elite Keylogger (malware-cnc.rules) * 1:40869 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules) * 1:42019 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules) * 1:5774 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - FSW (malware-cnc.rules) * 1:40081 <-> DISABLED <-> MALWARE-CNC User-Agent known PUA user-agent string - TopTools100 (malware-cnc.rules) * 1:6198 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SQTR_VERIFY (malware-cnc.rules) * 1:5955 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Popup Stopper (malware-cnc.rules) * 1:41318 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Visbot (malware-cnc.rules) * 1:44213 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - ace4956e-736e-11e6-9584-d7165ca591df - Win.Trojan.Tarayt (malware-cnc.rules) * 1:44886 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Volgmer (malware-cnc.rules) * 1:41656 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.MagicHound (malware-cnc.rules) * 1:6197 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - smrtshpr-cs (malware-cnc.rules) * 1:5954 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Browser Pal (malware-cnc.rules) * 1:5808 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules) * 1:5901 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - AdTools (malware-cnc.rules) * 1:40217 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - F.5.E.C (malware-cnc.rules) * 1:40528 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Instally (malware-cnc.rules) * 1:40870 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules) * 1:42831 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - micro (malware-cnc.rules) * 1:40800 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Crypton (malware-cnc.rules) * 1:45230 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules) * 1:5913 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - My Agent (malware-cnc.rules) * 1:40216 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.VBInject (malware-cnc.rules) * 1:44889 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - WidgiToolbar (malware-cnc.rules) * 1:42454 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Frethog (malware-cnc.rules) * 1:40012 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string DetoxCrypto2 (malware-cnc.rules) * 1:42830 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sublink (malware-cnc.rules) * 1:40644 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules) * 1:5789 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ActMon (malware-cnc.rules) * 1:44440 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Poison (malware-cnc.rules) * 1:45229 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules) * 1:6186 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpywareStrike (malware-cnc.rules) * 1:5857 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWebSearchSearchAssistance (malware-cnc.rules) * 1:43220 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Hotbar (malware-cnc.rules) * 1:42832 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - SessionI (malware-cnc.rules) * 1:40733 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules) * 1:41539 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Malware.DistTrack (malware-cnc.rules) * 1:39710 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string mozilla/2.0 (malware-cnc.rules) * 1:40643 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules) * 1:44773 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules) * 1:40782 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Venik (malware-cnc.rules) * 1:39886 <-> ENABLED <-> MALWARE-CNC User-Agent known Adware user-agent string - Win.Adware.Prepscram (malware-cnc.rules) * 1:42838 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Backdoor.Chopper (malware-cnc.rules) * 1:44317 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Version/100 - Win.Trojan.Tarayt (malware-cnc.rules) * 1:41403 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Simda (malware-cnc.rules) * 1:44214 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Graftor (malware-cnc.rules) * 1:5800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWay (malware-cnc.rules) * 1:5992 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Mirar_KeywordContentHijacker (malware-cnc.rules) * 1:5970 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Feat2 Updater (malware-cnc.rules) * 1:44772 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules) * 1:5978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TM_SEARCH3 (malware-cnc.rules) * 1:5986 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TeomaBar (malware-cnc.rules) * 1:5838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EI (malware-cnc.rules) * 1:5760 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - OSSProxy (malware-cnc.rules) * 1:41456 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Elite Keylogger (malware-cnc.rules) * 1:6270 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyBrowser (malware-cnc.rules) * 1:6281 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - istsvc (malware-cnc.rules) * 1:6354 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ProxyDown (malware-cnc.rules) * 1:39362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Batlopma (malware-cnc.rules) * 1:6341 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spedia (malware-cnc.rules) * 1:5770 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Casino (malware-cnc.rules) * 1:6274 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Stubby (malware-cnc.rules) * 1:40066 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Fareit (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:45260 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware upload attempt (malware-cnc.rules)
* 1:20104 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - InfoBot (malware-cnc.rules) * 1:6281 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - istsvc (malware-cnc.rules) * 1:19434 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ErrCode (malware-cnc.rules) * 1:19372 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string javasw - Trojan.Banload (malware-cnc.rules) * 1:19175 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent wget 3.0 (malware-cnc.rules) * 1:19165 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Microsoft Internet Explorer (malware-cnc.rules) * 1:19047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - RCleanT (malware-cnc.rules) * 1:18395 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Duckling/1.0 (malware-cnc.rules) * 1:18394 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string OCRecover (malware-cnc.rules) * 1:18393 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string vyre32 (malware-cnc.rules) * 1:18392 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string qixi (malware-cnc.rules) * 1:18391 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MyLove (malware-cnc.rules) * 1:18390 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Delphi 5.x (malware-cnc.rules) * 1:18389 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 3653Client (malware-cnc.rules) * 1:18388 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RookIE/1.0 (malware-cnc.rules) * 1:18387 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string dwplayer (malware-cnc.rules) * 1:18386 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string AHTTPConnection (malware-cnc.rules) * 1:18385 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string HTTPCSDCENTER (malware-cnc.rules) * 1:18383 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string GPInstaller (malware-cnc.rules) * 1:18382 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string WMUpdate (malware-cnc.rules) * 1:18381 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Travel Update (malware-cnc.rules) * 1:18380 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string FPUpdater (malware-cnc.rules) * 1:18379 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string AskInstallChecker (malware-cnc.rules) * 1:18378 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string AutoHotkey (malware-cnc.rules) * 1:18377 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string malware (malware-cnc.rules) * 1:18376 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Trololo (malware-cnc.rules) * 1:18375 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string HTTP Wininet (malware-cnc.rules) * 1:18374 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string SurfBear (malware-cnc.rules) * 1:18373 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Installer (malware-cnc.rules) * 1:18371 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string QvodDown (malware-cnc.rules) * 1:18370 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozilla Windows MSIE (malware-cnc.rules) * 1:18369 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string iexp-get (malware-cnc.rules) * 1:18368 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Our_Agent (malware-cnc.rules) * 1:18367 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string FPRecover (malware-cnc.rules) * 1:18366 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string OCInstaller (malware-cnc.rules) * 1:18365 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Agentcc (malware-cnc.rules) * 1:18364 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string msndown (malware-cnc.rules) * 1:18363 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string GPRecover (malware-cnc.rules) * 1:18362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Search Toolbar 1.1 (malware-cnc.rules) * 1:18361 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Downloader1.1 (malware-cnc.rules) * 1:18360 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Oncues (malware-cnc.rules) * 1:18359 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Shareaza (malware-cnc.rules) * 1:18358 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string NSIS_INETLOAD (malware-cnc.rules) * 1:18357 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Setup Factory (malware-cnc.rules) * 1:18356 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string random (malware-cnc.rules) * 1:18355 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Se2011 (malware-cnc.rules) * 1:18354 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string opera/8.11 (malware-cnc.rules) * 1:18353 <-> ENABLED <-> MALWARE-CNC User-Agent request for known PUA user agent - SelectRebates (malware-cnc.rules) * 1:18352 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string PinballCorp-BSAI/VER_STR_COMMA (malware-cnc.rules) * 1:18351 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string GPUpdater (malware-cnc.rules) * 1:18350 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string GabPath (malware-cnc.rules) * 1:18349 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Flipopia (malware-cnc.rules) * 1:18348 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Opera/9.80 Pesto/2.2.15 (malware-cnc.rules) * 1:18347 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string AutoIt (malware-cnc.rules) * 1:18346 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string GPRecover (malware-cnc.rules) * 1:18345 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Macrovision_DM_2.4.15 (malware-cnc.rules) * 1:18343 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string WSEnrichment (malware-cnc.rules) * 1:18342 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string NSIS_DOWNLOAD (malware-cnc.rules) * 1:18341 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string UtilMind HTTPGet (malware-cnc.rules) * 1:18340 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ClickAdsByIE 0.7.5 (malware-cnc.rules) * 1:18338 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string NSISDL/1.2 (malware-cnc.rules) * 1:18337 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string iamx/3.11 (malware-cnc.rules) * 1:18336 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string gbot/2.3 (malware-cnc.rules) * 1:18247 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ErrCode - W32/Fujacks.htm (malware-cnc.rules) * 1:16551 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - malware (malware-cnc.rules) * 1:16497 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Tear Application (malware-cnc.rules) * 1:14060 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - CPUSH_UPDATER (malware-cnc.rules) * 1:14059 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - CPUSH_HOMEPAGE (malware-cnc.rules) * 1:14057 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - DMFR (malware-cnc.rules) * 1:13932 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - opera (malware-cnc.rules) * 1:13931 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - PcPcUpdater (malware-cnc.rules) * 1:13855 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpeedRunner (malware-cnc.rules) * 1:13782 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EzReward (malware-cnc.rules) * 1:13777 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SysCleaner (malware-cnc.rules) * 1:13638 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user-agent string - Win.Adware.VirusHeat (malware-cnc.rules) * 1:12723 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - WakeSpace (malware-cnc.rules) * 1:12674 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - iebar (malware-cnc.rules) * 1:12482 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ZOMBIES_HTTP_GET (malware-cnc.rules) * 1:12371 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpamBlockerUtility (malware-cnc.rules) * 1:11313 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spy-Locked (malware-cnc.rules) * 1:11308 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpyDawn (malware-cnc.rules) * 1:10179 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - BysooTB (malware-cnc.rules) * 1:6357 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Need2Find (malware-cnc.rules) * 1:6362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MGS-Internal-Web-Manager (malware-cnc.rules) * 1:6363 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAcc (malware-cnc.rules) * 1:6364 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - iMeshBar (malware-cnc.rules) * 1:6366 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - eAnthMngr (malware-cnc.rules) * 1:6394 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - CodeguruBrowser (malware-cnc.rules) * 1:6491 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - snprtzdialno (malware-cnc.rules) * 1:7135 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - IEP (malware-cnc.rules) * 1:7145 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - adfsgecoiwnf (malware-cnc.rules) * 1:7187 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules) * 1:7195 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - shprrprt-cs- (malware-cnc.rules) * 1:7511 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ed2k edonkey2000 runtime detection (malware-cnc.rules) * 1:7537 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Arrow Search (malware-cnc.rules) * 1:7540 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - http protocol (malware-cnc.rules) * 1:7572 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - DigExt (malware-cnc.rules) * 1:7582 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pcast Live (malware-cnc.rules) * 1:7587 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - URLBlaze (malware-cnc.rules) * 1:7832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Navhelper (malware-cnc.rules) * 1:40066 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Fareit (malware-cnc.rules) * 1:40733 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules) * 1:39710 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string mozilla/2.0 (malware-cnc.rules) * 1:41539 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Malware.DistTrack (malware-cnc.rules) * 1:5988 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ZC-Bridge (malware-cnc.rules) * 1:43220 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Hotbar (malware-cnc.rules) * 1:45229 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules) * 1:6186 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpywareStrike (malware-cnc.rules) * 1:44440 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Poison (malware-cnc.rules) * 1:44772 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules) * 1:5992 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Mirar_KeywordContentHijacker (malware-cnc.rules) * 1:40216 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.VBInject (malware-cnc.rules) * 1:5808 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules) * 1:40644 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules) * 1:42454 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Frethog (malware-cnc.rules) * 1:44889 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - WidgiToolbar (malware-cnc.rules) * 1:39362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Batlopma (malware-cnc.rules) * 1:40012 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string DetoxCrypto2 (malware-cnc.rules) * 1:40870 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules) * 1:5838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EI (malware-cnc.rules) * 1:5760 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - OSSProxy (malware-cnc.rules) * 1:5800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWay (malware-cnc.rules) * 1:44317 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Version/100 - Win.Trojan.Tarayt (malware-cnc.rules) * 1:5986 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TeomaBar (malware-cnc.rules) * 1:5978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TM_SEARCH3 (malware-cnc.rules) * 1:42838 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Backdoor.Chopper (malware-cnc.rules) * 1:44773 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules) * 1:44214 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Graftor (malware-cnc.rules) * 1:41403 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Simda (malware-cnc.rules) * 1:40782 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Venik (malware-cnc.rules) * 1:40643 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules) * 1:6270 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyBrowser (malware-cnc.rules) * 1:6198 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SQTR_VERIFY (malware-cnc.rules) * 1:5774 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - FSW (malware-cnc.rules) * 1:42832 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - SessionI (malware-cnc.rules) * 1:41457 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Elite Keylogger (malware-cnc.rules) * 1:40869 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules) * 1:5789 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ActMon (malware-cnc.rules) * 1:5824 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Strip-Player (malware-cnc.rules) * 1:45051 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Tool.SMSBomber (malware-cnc.rules) * 1:44362 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules) * 1:42886 <-> ENABLED <-> MALWARE-CNC User-Agent Win.Trojan.Agent malicious user agent (malware-cnc.rules) * 1:39886 <-> ENABLED <-> MALWARE-CNC User-Agent known Adware user-agent string - Win.Adware.Prepscram (malware-cnc.rules) * 1:41441 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - X-Mas (malware-cnc.rules) * 1:41456 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Elite Keylogger (malware-cnc.rules) * 1:5970 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Feat2 Updater (malware-cnc.rules) * 1:5900 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Async HTTP Agent (malware-cnc.rules) * 1:42020 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules) * 1:40251 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Perseus (malware-cnc.rules) * 1:5770 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Casino (malware-cnc.rules) * 1:40528 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Instally (malware-cnc.rules) * 1:42019 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules) * 1:5913 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - My Agent (malware-cnc.rules) * 1:45230 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules) * 1:42831 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - micro (malware-cnc.rules) * 1:40800 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Crypton (malware-cnc.rules) * 1:40217 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - F.5.E.C (malware-cnc.rules) * 1:40212 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkshell (malware-cnc.rules) * 1:42830 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sublink (malware-cnc.rules) * 1:5954 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Browser Pal (malware-cnc.rules) * 1:6197 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - smrtshpr-cs (malware-cnc.rules) * 1:5901 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - AdTools (malware-cnc.rules) * 1:5857 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWebSearchSearchAssistance (malware-cnc.rules) * 1:41318 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Visbot (malware-cnc.rules) * 1:41656 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.MagicHound (malware-cnc.rules) * 1:44886 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Volgmer (malware-cnc.rules) * 1:5955 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Popup Stopper (malware-cnc.rules) * 1:44213 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - ace4956e-736e-11e6-9584-d7165ca591df - Win.Trojan.Tarayt (malware-cnc.rules) * 1:40081 <-> DISABLED <-> MALWARE-CNC User-Agent known PUA user-agent string - TopTools100 (malware-cnc.rules) * 1:6274 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Stubby (malware-cnc.rules) * 1:6341 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spedia (malware-cnc.rules) * 1:6354 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ProxyDown (malware-cnc.rules) * 1:39361 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Batlopma (malware-cnc.rules) * 1:19480 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string STORMDDOS - Backdoor.Win32.Inject.ctt (malware-cnc.rules) * 1:19485 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - RAV1 (malware-cnc.rules) * 1:19482 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ErrorFix (malware-cnc.rules) * 1:19570 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ie 11.0 sp6 (malware-cnc.rules) * 1:19589 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string MacProtector (malware-cnc.rules) * 1:19611 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string INet - Win32.Virus.Jusabli.A (malware-cnc.rules) * 1:19756 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Opera/8.89 - P2P-Worm.Win32.Palevo.ddm (malware-cnc.rules) * 1:19786 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Mozilla (malware-cnc.rules) * 1:19934 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MYURL (malware-cnc.rules) * 1:20009 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string Baby Remote - Win32/Babmote.A (malware-cnc.rules) * 1:20012 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string feranet/0.4 - Win32/Ferabsa.A (malware-cnc.rules) * 1:20019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - test (malware-cnc.rules) * 1:20021 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Brontok (malware-cnc.rules) * 1:20039 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Hardcore Software (malware-cnc.rules) * 1:20105 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - IPHONE (malware-cnc.rules) * 1:20106 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - darkness (malware-cnc.rules) * 1:20201 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - meterpreter (malware-cnc.rules) * 1:20230 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 0pera 10 (malware-cnc.rules) * 1:20231 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozilla//4.0 (malware-cnc.rules) * 1:20293 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MBVDFRESCT (malware-cnc.rules) * 1:20988 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ZmEu - vulnerability scanner (malware-cnc.rules) * 1:21175 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Win32 Amti (malware-cnc.rules) * 1:21188 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string API Guide test program (malware-cnc.rules) * 1:21206 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Aldi Bot (malware-cnc.rules) * 1:21225 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Flag (malware-cnc.rules) * 1:21246 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string DataCha0s (malware-cnc.rules) * 1:21266 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Morfeus Scanner (malware-cnc.rules) * 1:21278 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Google Bot (malware-cnc.rules) * 1:21327 <-> ENABLED <-> MALWARE-CNC User-Agent ASafaWeb Scan (malware-cnc.rules) * 1:21380 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - QvodDown (malware-cnc.rules) * 1:21455 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string psi (malware-cnc.rules) * 1:21469 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 1234567890 (malware-cnc.rules) * 1:21475 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string core-project (malware-cnc.rules) * 1:21476 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent YZF (malware-cnc.rules) * 1:21526 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent TCYWinHTTPDownload (malware-cnc.rules) * 1:21591 <-> ENABLED <-> MALWARE-CNC User-Agent known Adware user agent Gamevance tl_v (malware-cnc.rules) * 1:21636 <-> ENABLED <-> MALWARE-CNC User-Agent known Adware user agent gbot (malware-cnc.rules) * 1:21639 <-> ENABLED <-> MALWARE-CNC User-Agent known Adware user agent mus - TDSS related (malware-cnc.rules) * 1:21925 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent BOT/0.1 (malware-cnc.rules) * 1:21965 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VB WININET (malware-cnc.rules) * 1:22939 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent RAbcLib (malware-cnc.rules) * 1:23019 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Flame malware (malware-cnc.rules) * 1:23627 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - PoisonIvy RAT (malware-cnc.rules) * 1:23903 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - you (malware-cnc.rules) * 1:24111 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Post (malware-cnc.rules) * 1:24441 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Testing (malware-cnc.rules) * 1:24442 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alerter COM (malware-cnc.rules) * 1:24568 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Mozilla/00 (malware-cnc.rules) * 1:24575 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Opera/9.61 (malware-cnc.rules) * 1:24631 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Lizard/1.0 (malware-cnc.rules) * 1:24633 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - test_hInternet (malware-cnc.rules) * 1:24634 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - vaccinepc (malware-cnc.rules) * 1:24792 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Google page (malware-cnc.rules) * 1:25009 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules) * 1:25119 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - NewBrandTest (malware-cnc.rules) * 1:25243 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - 04/XP (malware-cnc.rules) * 1:25245 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - me0hoi (malware-cnc.rules) * 1:25260 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozila (malware-cnc.rules) * 1:25261 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MSIE (malware-cnc.rules) * 1:25262 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string IEToolbar (malware-cnc.rules) * 1:25372 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - wh (malware-cnc.rules) * 1:25476 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules) * 1:25533 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - al (malware-cnc.rules) * 1:25544 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ctwopop (malware-cnc.rules) * 1:25659 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - spam_bot (malware-cnc.rules) * 1:25980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pass (malware-cnc.rules) * 1:26248 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent cibabam (malware-cnc.rules) * 1:26522 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent NOKIAN95/WEB (malware-cnc.rules) * 1:26558 <-> ENABLED <-> MALWARE-CNC User-Agent known Malicious user agent Brutus AET (malware-cnc.rules) * 1:26577 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent Opera 10 (malware-cnc.rules) * 1:26685 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string J13A (malware-cnc.rules) * 1:26686 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alina (malware-cnc.rules) * 1:26702 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win (malware-cnc.rules) * 1:26751 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - msctls_progress32 (malware-cnc.rules) * 1:27015 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string iexplorer (malware-cnc.rules) * 1:27044 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string pb - Htbot (malware-cnc.rules) * 1:27263 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - yahoonews (malware-cnc.rules) * 1:27709 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string umbra (malware-cnc.rules) * 1:27710 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string IExplore (malware-cnc.rules) * 1:27868 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - dt12012 (malware-cnc.rules) * 1:28362 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string SUiCiDE/1.5 (malware-cnc.rules) * 1:28558 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string getURLdown (malware-cnc.rules) * 1:28852 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules) * 1:28859 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent z00sAgent - Win.Trojan.Zbot (malware-cnc.rules) * 1:28860 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Nitedrem (malware-cnc.rules) * 1:29139 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string HTTP 1.1 - Win.Trojan.Tapslix (malware-cnc.rules) * 1:29143 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent - Win.Trojan.Secciv (malware-cnc.rules) * 1:29150 <-> ENABLED <-> MALWARE-CNC User-Agent suspicious user-agent WarpHTTP - Win.Trojan.Yohakest (malware-cnc.rules) * 1:29174 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string fortis (malware-cnc.rules) * 1:29180 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Update1.0 - Win.Trojan.Downbini (malware-cnc.rules) * 1:29341 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string CustomSpy - Win.Trojan.Etek (malware-cnc.rules) * 1:29358 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Mowfote (malware-cnc.rules) * 1:29371 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Dluca (malware-cnc.rules) * 1:29431 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Tirips (malware-cnc.rules) * 1:29645 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Mimunita (malware-cnc.rules) * 1:29652 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Truado (malware-cnc.rules) * 1:29760 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MSIE 4.01 - Win.Trojan.Careto (malware-cnc.rules) * 1:29824 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - TixDll - Win.Trojan.Adload.dyhq (malware-cnc.rules) * 1:29887 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Updates downloader - Win.Trojan.Upatre (malware-cnc.rules) * 1:30210 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agnet string Win.Trojan.ZeusVM (malware-cnc.rules) * 1:30250 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - logogo.exe (malware-cnc.rules) * 1:30290 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Browser - Win.Trojan.Bruterdep (malware-cnc.rules) * 1:30301 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent InetAll - Win.Trojan.Pennonec (malware-cnc.rules) * 1:30308 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win.Backdoor.Jolob (malware-cnc.rules) * 1:30309 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win.Backdoor.Jolob (malware-cnc.rules) * 1:30314 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent getcmd - Win.Trojan.Burnwoo (malware-cnc.rules) * 1:30315 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent getcmdw23 - Win.Trojan.Burnwoo (malware-cnc.rules) * 1:30331 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ebot - Win.Trojan.Modulog (malware-cnc.rules) * 1:30344 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent EyeS_Client_1.0 - Win.Trojan.Seey (malware-cnc.rules) * 1:30518 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Neutrino/2.1 - Win.Trojan.Necurs (malware-cnc.rules) * 1:30918 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent Mozilla (malware-cnc.rules) * 1:31090 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent hello crazyk (malware-cnc.rules) * 1:31122 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent svchost (malware-cnc.rules) * 1:31150 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent DefaultBotPassword - Win.Trojan.Tirabot (malware-cnc.rules) * 1:31225 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent rome0321 - Win.Trojan.Soraya (malware-cnc.rules) * 1:31417 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent blacksun - Win.Trojan.Blacksun (malware-cnc.rules) * 1:31557 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozilla/5.0 - Win.Trojan.Upatre (malware-cnc.rules) * 1:31990 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Install - Win.Backdoor.Upatre (malware-cnc.rules) * 1:31991 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Treck - Win.Backdoor.Upatre (malware-cnc.rules) * 1:32030 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Decibal - Win.Trojan.Decibal (malware-cnc.rules) * 1:32052 <-> ENABLED <-> MALWARE-CNC User-Agent Xsser mRAT user-agent (malware-cnc.rules) * 1:32060 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent string - httptestman - Win.Backdoor.Rabasheeta (malware-cnc.rules) * 1:32125 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - update - Win.Backdoor.Upatre (malware-cnc.rules) * 1:32294 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent BloodguyBrowser-_- (malware-cnc.rules) * 1:32295 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string http - Win.Trojan.Waski (malware-cnc.rules) * 1:32296 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string update - Win.Trojan.Waski (malware-cnc.rules) * 1:32333 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string fast uax (malware-cnc.rules) * 1:32383 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - connect - Win.Backdoor.Upatre (malware-cnc.rules) * 1:32384 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - myupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:32402 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent globalupdate - Osx.Trojan.Wirelurker (malware-cnc.rules) * 1:32455 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent VUPHTTP - Win.Trojan.Puvespia (malware-cnc.rules) * 1:32645 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RUpdate (malware-cnc.rules) * 1:32978 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules) * 1:32979 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules) * 1:32980 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - multi-browser (malware-cnc.rules) * 1:33047 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - realupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33207 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mazilla/5.0 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33230 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33231 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox/5.0 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33232 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - AppUpdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33233 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-1 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33234 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2508Inst - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33235 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-2 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33236 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2808inst - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33237 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Player - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33238 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Wurst - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33239 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Installer/1.0 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33240 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - FixUpdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33242 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Explorer - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33243 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozilla - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33244 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33245 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera10 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33246 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - OperaMini - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33247 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - PPKHandler - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33248 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Peers12 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33249 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SLSSoapClient - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33250 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Tintin - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33251 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - USER_CHECK - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33252 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - WATClient - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33253 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - bbbbbbbbbb - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33254 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - hi - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33255 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - iMacros - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33256 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - macrotest - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33257 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlymacros - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33258 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Updates downloader - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33259 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - testupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33260 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlyupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33519 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - ALIZER (malware-cnc.rules) * 1:33522 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - DNS Changer (malware-cnc.rules) * 1:33633 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Downing - Win.Trojan.Otwycal (malware-cnc.rules) * 1:33649 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Google Omaha - Win.Trojan.ExtenBro (malware-cnc.rules) * 1:33831 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent DownloadMR - Solimba (malware-cnc.rules) * 1:33884 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string dolit (malware-cnc.rules) * 1:33907 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - KAIIOOOO871 - Win.Trojan.Dridex (malware-cnc.rules) * 1:33914 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Barys (malware-cnc.rules) * 1:34607 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Punkey (malware-cnc.rules) * 1:34843 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - EMERY - Win.Trojan.W97M (malware-cnc.rules) * 1:35316 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string EI Plugin updater (malware-cnc.rules) * 1:35710 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules) * 1:36833 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozila (malware-cnc.rules) * 1:38234 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.FighterPOS (malware-cnc.rules) * 1:38304 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - JexBoss (malware-cnc.rules) * 1:38961 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - fsrhrsrg - Win.Trojan.Nemucod (malware-cnc.rules) * 1:38962 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - uguogo - Win.Trojan.Nemucod (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:45260 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware upload attempt (malware-cnc.rules)
* 1:10179 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - BysooTB (malware-cnc.rules) * 1:11308 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpyDawn (malware-cnc.rules) * 1:11313 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spy-Locked (malware-cnc.rules) * 1:12371 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpamBlockerUtility (malware-cnc.rules) * 1:12482 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ZOMBIES_HTTP_GET (malware-cnc.rules) * 1:12674 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - iebar (malware-cnc.rules) * 1:12723 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - WakeSpace (malware-cnc.rules) * 1:13638 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user-agent string - Win.Adware.VirusHeat (malware-cnc.rules) * 1:13777 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SysCleaner (malware-cnc.rules) * 1:13782 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EzReward (malware-cnc.rules) * 1:13855 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpeedRunner (malware-cnc.rules) * 1:13931 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - PcPcUpdater (malware-cnc.rules) * 1:13932 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - opera (malware-cnc.rules) * 1:14057 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - DMFR (malware-cnc.rules) * 1:14059 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - CPUSH_HOMEPAGE (malware-cnc.rules) * 1:14060 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - CPUSH_UPDATER (malware-cnc.rules) * 1:16497 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Tear Application (malware-cnc.rules) * 1:16551 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - malware (malware-cnc.rules) * 1:18247 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ErrCode - W32/Fujacks.htm (malware-cnc.rules) * 1:18336 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string gbot/2.3 (malware-cnc.rules) * 1:18337 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string iamx/3.11 (malware-cnc.rules) * 1:18338 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string NSISDL/1.2 (malware-cnc.rules) * 1:18340 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ClickAdsByIE 0.7.5 (malware-cnc.rules) * 1:18341 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string UtilMind HTTPGet (malware-cnc.rules) * 1:18342 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string NSIS_DOWNLOAD (malware-cnc.rules) * 1:18343 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string WSEnrichment (malware-cnc.rules) * 1:18345 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Macrovision_DM_2.4.15 (malware-cnc.rules) * 1:18346 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string GPRecover (malware-cnc.rules) * 1:18347 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string AutoIt (malware-cnc.rules) * 1:18348 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Opera/9.80 Pesto/2.2.15 (malware-cnc.rules) * 1:18349 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Flipopia (malware-cnc.rules) * 1:18350 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string GabPath (malware-cnc.rules) * 1:18351 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string GPUpdater (malware-cnc.rules) * 1:18352 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string PinballCorp-BSAI/VER_STR_COMMA (malware-cnc.rules) * 1:18353 <-> ENABLED <-> MALWARE-CNC User-Agent request for known PUA user agent - SelectRebates (malware-cnc.rules) * 1:18354 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string opera/8.11 (malware-cnc.rules) * 1:18355 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Se2011 (malware-cnc.rules) * 1:18356 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string random (malware-cnc.rules) * 1:18357 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Setup Factory (malware-cnc.rules) * 1:18358 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string NSIS_INETLOAD (malware-cnc.rules) * 1:18359 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Shareaza (malware-cnc.rules) * 1:18360 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Oncues (malware-cnc.rules) * 1:18361 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Downloader1.1 (malware-cnc.rules) * 1:18362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Search Toolbar 1.1 (malware-cnc.rules) * 1:18363 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string GPRecover (malware-cnc.rules) * 1:18364 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string msndown (malware-cnc.rules) * 1:18365 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Agentcc (malware-cnc.rules) * 1:18366 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string OCInstaller (malware-cnc.rules) * 1:18367 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string FPRecover (malware-cnc.rules) * 1:18368 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Our_Agent (malware-cnc.rules) * 1:18369 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string iexp-get (malware-cnc.rules) * 1:18370 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozilla Windows MSIE (malware-cnc.rules) * 1:18371 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string QvodDown (malware-cnc.rules) * 1:18373 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Installer (malware-cnc.rules) * 1:18374 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string SurfBear (malware-cnc.rules) * 1:18375 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string HTTP Wininet (malware-cnc.rules) * 1:18376 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Trololo (malware-cnc.rules) * 1:18377 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string malware (malware-cnc.rules) * 1:18378 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string AutoHotkey (malware-cnc.rules) * 1:18379 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string AskInstallChecker (malware-cnc.rules) * 1:18380 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string FPUpdater (malware-cnc.rules) * 1:18381 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Travel Update (malware-cnc.rules) * 1:18382 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string WMUpdate (malware-cnc.rules) * 1:18383 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string GPInstaller (malware-cnc.rules) * 1:18385 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string HTTPCSDCENTER (malware-cnc.rules) * 1:18386 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string AHTTPConnection (malware-cnc.rules) * 1:18387 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string dwplayer (malware-cnc.rules) * 1:18388 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RookIE/1.0 (malware-cnc.rules) * 1:18389 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 3653Client (malware-cnc.rules) * 1:18390 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Delphi 5.x (malware-cnc.rules) * 1:18391 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MyLove (malware-cnc.rules) * 1:18392 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string qixi (malware-cnc.rules) * 1:18393 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string vyre32 (malware-cnc.rules) * 1:18394 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string OCRecover (malware-cnc.rules) * 1:18395 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Duckling/1.0 (malware-cnc.rules) * 1:19047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - RCleanT (malware-cnc.rules) * 1:19165 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Microsoft Internet Explorer (malware-cnc.rules) * 1:19175 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent wget 3.0 (malware-cnc.rules) * 1:19372 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string javasw - Trojan.Banload (malware-cnc.rules) * 1:19434 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ErrCode (malware-cnc.rules) * 1:19480 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string STORMDDOS - Backdoor.Win32.Inject.ctt (malware-cnc.rules) * 1:19482 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ErrorFix (malware-cnc.rules) * 1:19485 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - RAV1 (malware-cnc.rules) * 1:19570 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ie 11.0 sp6 (malware-cnc.rules) * 1:19589 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string MacProtector (malware-cnc.rules) * 1:19611 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string INet - Win32.Virus.Jusabli.A (malware-cnc.rules) * 1:19756 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Opera/8.89 - P2P-Worm.Win32.Palevo.ddm (malware-cnc.rules) * 1:19786 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Mozilla (malware-cnc.rules) * 1:19934 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MYURL (malware-cnc.rules) * 1:20009 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string Baby Remote - Win32/Babmote.A (malware-cnc.rules) * 1:20012 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string feranet/0.4 - Win32/Ferabsa.A (malware-cnc.rules) * 1:20019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - test (malware-cnc.rules) * 1:20021 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Brontok (malware-cnc.rules) * 1:20039 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Hardcore Software (malware-cnc.rules) * 1:20104 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - InfoBot (malware-cnc.rules) * 1:20105 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - IPHONE (malware-cnc.rules) * 1:20106 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - darkness (malware-cnc.rules) * 1:20201 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - meterpreter (malware-cnc.rules) * 1:20230 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 0pera 10 (malware-cnc.rules) * 1:20231 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozilla//4.0 (malware-cnc.rules) * 1:20293 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MBVDFRESCT (malware-cnc.rules) * 1:20988 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ZmEu - vulnerability scanner (malware-cnc.rules) * 1:21175 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Win32 Amti (malware-cnc.rules) * 1:21188 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string API Guide test program (malware-cnc.rules) * 1:21206 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Aldi Bot (malware-cnc.rules) * 1:21225 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Flag (malware-cnc.rules) * 1:21246 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string DataCha0s (malware-cnc.rules) * 1:21266 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Morfeus Scanner (malware-cnc.rules) * 1:21278 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Google Bot (malware-cnc.rules) * 1:21327 <-> ENABLED <-> MALWARE-CNC User-Agent ASafaWeb Scan (malware-cnc.rules) * 1:21380 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - QvodDown (malware-cnc.rules) * 1:21455 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string psi (malware-cnc.rules) * 1:21469 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 1234567890 (malware-cnc.rules) * 1:21475 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string core-project (malware-cnc.rules) * 1:21476 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent YZF (malware-cnc.rules) * 1:21526 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent TCYWinHTTPDownload (malware-cnc.rules) * 1:21591 <-> ENABLED <-> MALWARE-CNC User-Agent known Adware user agent Gamevance tl_v (malware-cnc.rules) * 1:21636 <-> ENABLED <-> MALWARE-CNC User-Agent known Adware user agent gbot (malware-cnc.rules) * 1:21639 <-> ENABLED <-> MALWARE-CNC User-Agent known Adware user agent mus - TDSS related (malware-cnc.rules) * 1:21925 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent BOT/0.1 (malware-cnc.rules) * 1:21965 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VB WININET (malware-cnc.rules) * 1:22939 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent RAbcLib (malware-cnc.rules) * 1:23019 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Flame malware (malware-cnc.rules) * 1:23627 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - PoisonIvy RAT (malware-cnc.rules) * 1:23903 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - you (malware-cnc.rules) * 1:24111 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Post (malware-cnc.rules) * 1:24441 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Testing (malware-cnc.rules) * 1:24442 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alerter COM (malware-cnc.rules) * 1:24568 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Mozilla/00 (malware-cnc.rules) * 1:24575 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Opera/9.61 (malware-cnc.rules) * 1:24631 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Lizard/1.0 (malware-cnc.rules) * 1:24633 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - test_hInternet (malware-cnc.rules) * 1:24634 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - vaccinepc (malware-cnc.rules) * 1:24792 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Google page (malware-cnc.rules) * 1:25009 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules) * 1:25119 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - NewBrandTest (malware-cnc.rules) * 1:25243 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - 04/XP (malware-cnc.rules) * 1:25245 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - me0hoi (malware-cnc.rules) * 1:25260 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozila (malware-cnc.rules) * 1:25261 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MSIE (malware-cnc.rules) * 1:25262 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string IEToolbar (malware-cnc.rules) * 1:25372 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - wh (malware-cnc.rules) * 1:25476 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules) * 1:25533 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - al (malware-cnc.rules) * 1:25544 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ctwopop (malware-cnc.rules) * 1:25659 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - spam_bot (malware-cnc.rules) * 1:25980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pass (malware-cnc.rules) * 1:26248 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent cibabam (malware-cnc.rules) * 1:26522 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent NOKIAN95/WEB (malware-cnc.rules) * 1:26558 <-> ENABLED <-> MALWARE-CNC User-Agent known Malicious user agent Brutus AET (malware-cnc.rules) * 1:26577 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent Opera 10 (malware-cnc.rules) * 1:26685 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string J13A (malware-cnc.rules) * 1:26686 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alina (malware-cnc.rules) * 1:26702 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win (malware-cnc.rules) * 1:26751 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - msctls_progress32 (malware-cnc.rules) * 1:27015 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string iexplorer (malware-cnc.rules) * 1:27044 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string pb - Htbot (malware-cnc.rules) * 1:27263 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - yahoonews (malware-cnc.rules) * 1:27709 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string umbra (malware-cnc.rules) * 1:27710 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string IExplore (malware-cnc.rules) * 1:27868 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - dt12012 (malware-cnc.rules) * 1:28362 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string SUiCiDE/1.5 (malware-cnc.rules) * 1:28558 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string getURLdown (malware-cnc.rules) * 1:28852 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules) * 1:28859 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent z00sAgent - Win.Trojan.Zbot (malware-cnc.rules) * 1:28860 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Nitedrem (malware-cnc.rules) * 1:29139 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string HTTP 1.1 - Win.Trojan.Tapslix (malware-cnc.rules) * 1:29143 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent - Win.Trojan.Secciv (malware-cnc.rules) * 1:29150 <-> ENABLED <-> MALWARE-CNC User-Agent suspicious user-agent WarpHTTP - Win.Trojan.Yohakest (malware-cnc.rules) * 1:29174 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string fortis (malware-cnc.rules) * 1:29180 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Update1.0 - Win.Trojan.Downbini (malware-cnc.rules) * 1:29341 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string CustomSpy - Win.Trojan.Etek (malware-cnc.rules) * 1:29358 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Mowfote (malware-cnc.rules) * 1:29371 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Dluca (malware-cnc.rules) * 1:29431 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Tirips (malware-cnc.rules) * 1:29645 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Mimunita (malware-cnc.rules) * 1:29652 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Truado (malware-cnc.rules) * 1:29760 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MSIE 4.01 - Win.Trojan.Careto (malware-cnc.rules) * 1:29824 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - TixDll - Win.Trojan.Adload.dyhq (malware-cnc.rules) * 1:29887 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Updates downloader - Win.Trojan.Upatre (malware-cnc.rules) * 1:30210 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agnet string Win.Trojan.ZeusVM (malware-cnc.rules) * 1:30250 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - logogo.exe (malware-cnc.rules) * 1:30290 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Browser - Win.Trojan.Bruterdep (malware-cnc.rules) * 1:30301 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent InetAll - Win.Trojan.Pennonec (malware-cnc.rules) * 1:30308 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win.Backdoor.Jolob (malware-cnc.rules) * 1:30309 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win.Backdoor.Jolob (malware-cnc.rules) * 1:30314 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent getcmd - Win.Trojan.Burnwoo (malware-cnc.rules) * 1:30315 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent getcmdw23 - Win.Trojan.Burnwoo (malware-cnc.rules) * 1:30331 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ebot - Win.Trojan.Modulog (malware-cnc.rules) * 1:30344 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent EyeS_Client_1.0 - Win.Trojan.Seey (malware-cnc.rules) * 1:30518 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Neutrino/2.1 - Win.Trojan.Necurs (malware-cnc.rules) * 1:30918 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent Mozilla (malware-cnc.rules) * 1:31090 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent hello crazyk (malware-cnc.rules) * 1:31122 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent svchost (malware-cnc.rules) * 1:31150 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent DefaultBotPassword - Win.Trojan.Tirabot (malware-cnc.rules) * 1:31225 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent rome0321 - Win.Trojan.Soraya (malware-cnc.rules) * 1:31417 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent blacksun - Win.Trojan.Blacksun (malware-cnc.rules) * 1:31557 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozilla/5.0 - Win.Trojan.Upatre (malware-cnc.rules) * 1:31990 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Install - Win.Backdoor.Upatre (malware-cnc.rules) * 1:31991 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Treck - Win.Backdoor.Upatre (malware-cnc.rules) * 1:32030 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Decibal - Win.Trojan.Decibal (malware-cnc.rules) * 1:32052 <-> ENABLED <-> MALWARE-CNC User-Agent Xsser mRAT user-agent (malware-cnc.rules) * 1:32060 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent string - httptestman - Win.Backdoor.Rabasheeta (malware-cnc.rules) * 1:32125 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - update - Win.Backdoor.Upatre (malware-cnc.rules) * 1:32294 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent BloodguyBrowser-_- (malware-cnc.rules) * 1:32295 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string http - Win.Trojan.Waski (malware-cnc.rules) * 1:32296 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string update - Win.Trojan.Waski (malware-cnc.rules) * 1:32333 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string fast uax (malware-cnc.rules) * 1:32383 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - connect - Win.Backdoor.Upatre (malware-cnc.rules) * 1:32384 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - myupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:32402 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent globalupdate - Osx.Trojan.Wirelurker (malware-cnc.rules) * 1:32455 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent VUPHTTP - Win.Trojan.Puvespia (malware-cnc.rules) * 1:32645 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RUpdate (malware-cnc.rules) * 1:32978 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules) * 1:32979 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules) * 1:32980 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - multi-browser (malware-cnc.rules) * 1:33047 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - realupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33207 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mazilla/5.0 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33230 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33231 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox/5.0 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33232 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - AppUpdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33233 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-1 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33234 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2508Inst - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33235 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-2 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33236 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2808inst - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33237 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Player - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33238 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Wurst - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33239 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Installer/1.0 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33240 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - FixUpdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33242 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Explorer - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33243 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozilla - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33244 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33245 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera10 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33246 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - OperaMini - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33247 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - PPKHandler - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33248 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Peers12 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33249 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SLSSoapClient - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33250 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Tintin - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33251 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - USER_CHECK - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33252 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - WATClient - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33253 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - bbbbbbbbbb - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33254 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - hi - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33255 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - iMacros - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33256 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - macrotest - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33257 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlymacros - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33258 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Updates downloader - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33259 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - testupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33260 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlyupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33519 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - ALIZER (malware-cnc.rules) * 1:33522 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - DNS Changer (malware-cnc.rules) * 1:33633 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Downing - Win.Trojan.Otwycal (malware-cnc.rules) * 1:33649 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Google Omaha - Win.Trojan.ExtenBro (malware-cnc.rules) * 1:33831 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent DownloadMR - Solimba (malware-cnc.rules) * 1:33884 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string dolit (malware-cnc.rules) * 1:33907 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - KAIIOOOO871 - Win.Trojan.Dridex (malware-cnc.rules) * 1:33914 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Barys (malware-cnc.rules) * 1:34607 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Punkey (malware-cnc.rules) * 1:34843 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - EMERY - Win.Trojan.W97M (malware-cnc.rules) * 1:35316 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string EI Plugin updater (malware-cnc.rules) * 1:35710 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules) * 1:36833 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozila (malware-cnc.rules) * 1:38234 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.FighterPOS (malware-cnc.rules) * 1:38304 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - JexBoss (malware-cnc.rules) * 1:38961 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - fsrhrsrg - Win.Trojan.Nemucod (malware-cnc.rules) * 1:38962 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - uguogo - Win.Trojan.Nemucod (malware-cnc.rules) * 1:7832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Navhelper (malware-cnc.rules) * 1:7587 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - URLBlaze (malware-cnc.rules) * 1:7582 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pcast Live (malware-cnc.rules) * 1:7572 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - DigExt (malware-cnc.rules) * 1:7540 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - http protocol (malware-cnc.rules) * 1:7537 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Arrow Search (malware-cnc.rules) * 1:7511 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ed2k edonkey2000 runtime detection (malware-cnc.rules) * 1:7195 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - shprrprt-cs- (malware-cnc.rules) * 1:7187 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules) * 1:7145 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - adfsgecoiwnf (malware-cnc.rules) * 1:7135 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - IEP (malware-cnc.rules) * 1:6491 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - snprtzdialno (malware-cnc.rules) * 1:6394 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - CodeguruBrowser (malware-cnc.rules) * 1:6366 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - eAnthMngr (malware-cnc.rules) * 1:6364 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - iMeshBar (malware-cnc.rules) * 1:6363 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAcc (malware-cnc.rules) * 1:6362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MGS-Internal-Web-Manager (malware-cnc.rules) * 1:6357 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Need2Find (malware-cnc.rules) * 1:6354 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ProxyDown (malware-cnc.rules) * 1:6341 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spedia (malware-cnc.rules) * 1:6281 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - istsvc (malware-cnc.rules) * 1:6274 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Stubby (malware-cnc.rules) * 1:6270 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyBrowser (malware-cnc.rules) * 1:6198 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SQTR_VERIFY (malware-cnc.rules) * 1:6197 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - smrtshpr-cs (malware-cnc.rules) * 1:6186 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpywareStrike (malware-cnc.rules) * 1:5992 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Mirar_KeywordContentHijacker (malware-cnc.rules) * 1:5988 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ZC-Bridge (malware-cnc.rules) * 1:5986 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TeomaBar (malware-cnc.rules) * 1:5978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TM_SEARCH3 (malware-cnc.rules) * 1:5970 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Feat2 Updater (malware-cnc.rules) * 1:5955 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Popup Stopper (malware-cnc.rules) * 1:5954 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Browser Pal (malware-cnc.rules) * 1:5913 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - My Agent (malware-cnc.rules) * 1:5901 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - AdTools (malware-cnc.rules) * 1:5900 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Async HTTP Agent (malware-cnc.rules) * 1:5857 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWebSearchSearchAssistance (malware-cnc.rules) * 1:5838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EI (malware-cnc.rules) * 1:5824 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Strip-Player (malware-cnc.rules) * 1:5808 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules) * 1:5800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWay (malware-cnc.rules) * 1:5789 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ActMon (malware-cnc.rules) * 1:5774 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - FSW (malware-cnc.rules) * 1:5770 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Casino (malware-cnc.rules) * 1:5760 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - OSSProxy (malware-cnc.rules) * 1:45230 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules) * 1:45229 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules) * 1:45051 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Tool.SMSBomber (malware-cnc.rules) * 1:44889 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - WidgiToolbar (malware-cnc.rules) * 1:44886 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Volgmer (malware-cnc.rules) * 1:44773 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules) * 1:44772 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules) * 1:44440 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Poison (malware-cnc.rules) * 1:44362 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules) * 1:44317 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Version/100 - Win.Trojan.Tarayt (malware-cnc.rules) * 1:44214 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Graftor (malware-cnc.rules) * 1:44213 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - ace4956e-736e-11e6-9584-d7165ca591df - Win.Trojan.Tarayt (malware-cnc.rules) * 1:43220 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Hotbar (malware-cnc.rules) * 1:42886 <-> ENABLED <-> MALWARE-CNC User-Agent Win.Trojan.Agent malicious user agent (malware-cnc.rules) * 1:42838 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Backdoor.Chopper (malware-cnc.rules) * 1:42832 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - SessionI (malware-cnc.rules) * 1:42831 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - micro (malware-cnc.rules) * 1:42830 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sublink (malware-cnc.rules) * 1:42454 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Frethog (malware-cnc.rules) * 1:42020 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules) * 1:42019 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules) * 1:41656 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.MagicHound (malware-cnc.rules) * 1:41539 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Malware.DistTrack (malware-cnc.rules) * 1:41457 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Elite Keylogger (malware-cnc.rules) * 1:41456 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Elite Keylogger (malware-cnc.rules) * 1:41441 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - X-Mas (malware-cnc.rules) * 1:41403 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Simda (malware-cnc.rules) * 1:41318 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Visbot (malware-cnc.rules) * 1:40870 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules) * 1:40869 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules) * 1:40800 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Crypton (malware-cnc.rules) * 1:40782 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Venik (malware-cnc.rules) * 1:40733 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules) * 1:40644 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules) * 1:40643 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules) * 1:40528 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Instally (malware-cnc.rules) * 1:40251 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Perseus (malware-cnc.rules) * 1:40217 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - F.5.E.C (malware-cnc.rules) * 1:40216 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.VBInject (malware-cnc.rules) * 1:40212 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkshell (malware-cnc.rules) * 1:40081 <-> DISABLED <-> MALWARE-CNC User-Agent known PUA user-agent string - TopTools100 (malware-cnc.rules) * 1:40066 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Fareit (malware-cnc.rules) * 1:40012 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string DetoxCrypto2 (malware-cnc.rules) * 1:39886 <-> ENABLED <-> MALWARE-CNC User-Agent known Adware user-agent string - Win.Adware.Prepscram (malware-cnc.rules) * 1:39361 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Batlopma (malware-cnc.rules) * 1:39710 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string mozilla/2.0 (malware-cnc.rules) * 1:39362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Batlopma (malware-cnc.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
