Talos has added and modified multiple rules in the app-detect, browser-ie, browser-other, browser-webkit, exploit-kit, file-flash, file-identify, file-multimedia, file-office, file-other, file-pdf, indicator-compromise, malware-backdoor, malware-cnc, malware-other, malware-tools, netbios, os-mobile, os-windows, policy-other, protocol-imap, protocol-other, protocol-pop, protocol-telnet, protocol-voip, pua-adware, pua-other, pua-toolbars, server-mail, server-mysql, server-oracle, server-other and sql rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53970 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules) * 1:53969 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules) * 1:53968 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules) * 1:53967 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules) * 1:53966 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784063-0 download attempt (malware-other.rules) * 1:53965 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784063-0 download attempt (malware-other.rules) * 1:53964 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784064-0 download attempt (malware-other.rules) * 1:53963 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784064-0 download attempt (malware-other.rules) * 1:53962 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7783851-0 download attempt (malware-other.rules) * 1:53961 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7783851-0 download attempt (malware-other.rules) * 1:53960 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif malicious outbound connection attempt - gravity generated detection (malware-other.rules) * 1:53985 <-> ENABLED <-> INDICATOR-COMPROMISE msiexec.exe command execution over DNS attempt (indicator-compromise.rules) * 1:53984 <-> DISABLED <-> OS-WINDOWS Windows print spooler elevation of privilege attempt (os-windows.rules) * 1:53983 <-> ENABLED <-> OS-WINDOWS Windows print spooler elevation of privilege attempt (os-windows.rules) * 1:53982 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Palevo-7785322-0 download attempt (malware-other.rules) * 1:53981 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Palevo-7785322-0 download attempt (malware-other.rules) * 1:53980 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-7784396-0 download attempt (malware-other.rules) * 1:53979 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-7784396-0 download attempt (malware-other.rules) * 1:53978 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules) * 1:53977 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules) * 1:53976 <-> DISABLED <-> BROWSER-WEBKIT WebKit use-after-free remote code execution attempt (browser-webkit.rules) * 1:53975 <-> DISABLED <-> INDICATOR-COMPROMISE CobaltStrike multiple large DNS TXT query responses (indicator-compromise.rules) * 1:53974 <-> DISABLED <-> MALWARE-OTHER CobaltStrike powershell web delivery attempt (malware-other.rules) * 1:53973 <-> DISABLED <-> MALWARE-OTHER CobaltStrike powershell web delivery attempt (malware-other.rules) * 1:53972 <-> ENABLED <-> MALWARE-OTHER CobaltStrike beacon.dll DNS download attempt (malware-other.rules) * 1:53971 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andariel outbound connection attempt (malware-cnc.rules)
* 1:12142 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - init connection (malware-backdoor.rules) * 1:12135 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - fun (malware-other.rules) * 1:12133 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - open url (malware-other.rules) * 1:12131 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - keylogging (malware-other.rules) * 1:12129 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - get sys info (malware-other.rules) * 1:12054 <-> ENABLED <-> MALWARE-BACKDOOR tron runtime detection - init connection - flowbit set (malware-backdoor.rules) * 1:11953 <-> ENABLED <-> MALWARE-BACKDOOR supervisor plus runtime detection (malware-backdoor.rules) * 1:11835 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules) * 1:11322 <-> ENABLED <-> MALWARE-BACKDOOR sohoanywhere runtime detection (malware-backdoor.rules) * 1:11004 <-> ENABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication request detected (protocol-imap.rules) * 1:10462 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - explorer (malware-backdoor.rules) * 1:10460 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - get system info (malware-backdoor.rules) * 1:10455 <-> ENABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (malware-backdoor.rules) * 1:10450 <-> ENABLED <-> MALWARE-BACKDOOR only 1 rat runtime detection - control command (malware-backdoor.rules) * 1:10110 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.1.2 runtime detection (malware-backdoor.rules) * 1:10104 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules) * 1:10103 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules) * 1:10099 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules) * 1:10097 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules) * 1:12240 <-> ENABLED <-> MALWARE-BACKDOOR genie 1.7 runtime detection - init connection (malware-backdoor.rules) * 1:12237 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - ftp (malware-backdoor.rules) * 1:12235 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with password (malware-backdoor.rules) * 1:12233 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with no password (malware-backdoor.rules) * 1:12182 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules) * 1:12163 <-> ENABLED <-> MALWARE-BACKDOOR cobra uploader 1.0 runtime detection (malware-backdoor.rules) * 1:12161 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules) * 1:12160 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules) * 1:12157 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules) * 1:12156 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules) * 1:12154 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules) * 1:12153 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules) * 1:12150 <-> ENABLED <-> MALWARE-BACKDOOR cafeini 1.0 runtime detection - init connection (malware-backdoor.rules) * 1:12148 <-> ENABLED <-> MALWARE-BACKDOOR back orifice 2006 - v1.1.5 runtime detection - init connection (malware-backdoor.rules) * 1:12146 <-> ENABLED <-> MALWARE-BACKDOOR blue eye 1.0b runtime detection - init connection (malware-backdoor.rules) * 1:12144 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - rpc setup (malware-backdoor.rules) * 1:12242 <-> ENABLED <-> MALWARE-BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (malware-backdoor.rules) * 1:12283 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules) * 1:13479 <-> ENABLED <-> MALWARE-OTHER Keylogger findnot guarddog 4.0 runtime detection (malware-other.rules) * 1:13465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file download request (file-identify.rules) * 1:13346 <-> ENABLED <-> PUA-ADWARE Snoopware remote desktop inspector outbound connection - init connection (pua-adware.rules) * 1:13280 <-> ENABLED <-> MALWARE-OTHER Keylogger email spy monitor 6.9 runtime detection (malware-other.rules) * 1:13278 <-> ENABLED <-> MALWARE-OTHER Keylogger advanced spy 4.0 runtime detection (malware-other.rules) * 1:13247 <-> ENABLED <-> MALWARE-BACKDOOR yuri 1.2 runtime detection - init connection (malware-backdoor.rules) * 1:13243 <-> ENABLED <-> MALWARE-OTHER Keylogger computer monitor 1.1 by lastcomfort runtime detection (malware-other.rules) * 1:13236 <-> ENABLED <-> MALWARE-OTHER Keylogger active Keylogger 3.9.2 runtime detection (malware-other.rules) * 1:12972 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player asf/wmv/wma file magic detected (file-identify.rules) * 1:12792 <-> ENABLED <-> MALWARE-OTHER Keylogger spy lantern Keylogger pro 6.0 runtime detection (malware-other.rules) * 1:12760 <-> ENABLED <-> MALWARE-OTHER Keylogger powered Keylogger 2.2 runtime detection (malware-other.rules) * 1:12758 <-> ENABLED <-> MALWARE-OTHER Keylogger/RAT digi watcher 2.32 runtime detection (malware-other.rules) * 1:12726 <-> ENABLED <-> MALWARE-BACKDOOR bandook 1.35 runtime detection (malware-backdoor.rules) * 1:12724 <-> ENABLED <-> MALWARE-BACKDOOR dark moon 4.11 runtime detection (malware-backdoor.rules) * 1:12699 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.3.0 runtime detection - init connection (malware-backdoor.rules) * 1:12455 <-> ENABLED <-> FILE-IDENTIFY SAP Crystal Reports file download request (file-identify.rules) * 1:12454 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules) * 1:12377 <-> ENABLED <-> MALWARE-BACKDOOR shark 2.3.2 runtime detection (malware-backdoor.rules) * 1:12375 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - login & remote control (malware-backdoor.rules) * 1:12373 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - initial connection (malware-backdoor.rules) * 1:12297 <-> ENABLED <-> MALWARE-BACKDOOR bifrost v1.2.1 runtime detection (malware-backdoor.rules) * 1:14018 <-> ENABLED <-> FILE-IDENTIFY PLS multimedia playlist file download request (file-identify.rules) * 1:14017 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file download request (file-identify.rules) * 1:13983 <-> ENABLED <-> FILE-IDENTIFY EPS file download request (file-identify.rules) * 1:13943 <-> ENABLED <-> PUA-ADWARE Trickler dropper agent.rqg outbound connection (pua-adware.rules) * 1:13938 <-> ENABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant outbound connection (pua-adware.rules) * 1:13915 <-> ENABLED <-> FILE-IDENTIFY BAK file download request (file-identify.rules) * 1:13898 <-> ENABLED <-> APP-DETECT Apple iTunes client request for server info (app-detect.rules) * 1:13801 <-> ENABLED <-> FILE-IDENTIFY RTF file download request (file-identify.rules) * 1:13797 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules) * 1:13767 <-> ENABLED <-> MALWARE-OTHER Keylogger cyber sitter runtime detection (malware-other.rules) * 1:13585 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules) * 1:13584 <-> ENABLED <-> FILE-IDENTIFY CSV file download request (file-identify.rules) * 1:13583 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file download request (file-identify.rules) * 1:13515 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime user agent (file-multimedia.rules) * 1:13506 <-> ENABLED <-> MALWARE-BACKDOOR evilotus 1.3.2 runtime detection - init connection (malware-backdoor.rules) * 1:13483 <-> ENABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - updates automatically (pua-toolbars.rules) * 1:14264 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player playlist download (file-identify.rules) * 1:15463 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:15444 <-> ENABLED <-> FILE-IDENTIFY Core Audio Format file download request (file-identify.rules) * 1:15427 <-> ENABLED <-> FILE-IDENTIFY SVG file download request (file-identify.rules) * 1:15426 <-> ENABLED <-> FILE-IDENTIFY MAKI file download request (file-identify.rules) * 1:15385 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file download request (file-identify.rules) * 1:15361 <-> ENABLED <-> FILE-PDF pdf file sent via email (file-pdf.rules) * 1:15326 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules) * 1:15325 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules) * 1:15324 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules) * 1:15323 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules) * 1:15322 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules) * 1:15321 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules) * 1:15320 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules) * 1:15319 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules) * 1:15294 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file download request (file-identify.rules) * 1:15240 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules) * 1:15239 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules) * 1:15237 <-> ENABLED <-> FILE-IDENTIFY Java .class file download request (file-identify.rules) * 1:15158 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file download request (file-identify.rules) * 1:15079 <-> ENABLED <-> FILE-IDENTIFY WAV file download request (file-identify.rules) * 1:15013 <-> ENABLED <-> FILE-IDENTIFY PDF file download request (file-identify.rules) * 1:16061 <-> ENABLED <-> FILE-IDENTIFY X PixMap file download request (file-identify.rules) * 1:15987 <-> ENABLED <-> FILE-IDENTIFY DXF file download request (file-identify.rules) * 1:15945 <-> ENABLED <-> FILE-IDENTIFY RSS file download request (file-identify.rules) * 1:15922 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules) * 1:15921 <-> ENABLED <-> FILE-IDENTIFY Microsoft multimedia format file download request (file-identify.rules) * 1:15900 <-> ENABLED <-> FILE-IDENTIFY Audio Interchange file download request (file-identify.rules) * 1:15870 <-> ENABLED <-> FILE-IDENTIFY 4XM file download request (file-identify.rules) * 1:15865 <-> ENABLED <-> FILE-IDENTIFY MP4 file download request (file-identify.rules) * 1:15587 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules) * 1:15586 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules) * 1:15582 <-> ENABLED <-> FILE-IDENTIFY ARJ format file download request (file-identify.rules) * 1:15518 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file download request (file-identify.rules) * 1:15516 <-> ENABLED <-> FILE-IDENTIFY AVI multimedia file download request (file-identify.rules) * 1:15483 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:15468 <-> ENABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat dll request (browser-ie.rules) * 1:15464 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:16143 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules) * 1:16755 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand create tree attempt (netbios.rules) * 1:16754 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand andx create tree attempt (netbios.rules) * 1:16742 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file download request (file-identify.rules) * 1:16691 <-> ENABLED <-> FILE-IDENTIFY PLF playlist file download request (file-identify.rules) * 1:16630 <-> ENABLED <-> FILE-IDENTIFY DAT file download request (file-identify.rules) * 1:16594 <-> ENABLED <-> PROTOCOL-POP STAT command (protocol-pop.rules) * 1:16556 <-> ENABLED <-> FILE-OTHER 2imaegshack/lmageshack IM worm get request attempt (file-other.rules) * 1:16538 <-> ENABLED <-> NETBIOS NT QUERY SECURITY DESC flowbit (netbios.rules) * 1:16529 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16478 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerBF file download request (file-identify.rules) * 1:16477 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerZ file download request (file-identify.rules) * 1:16476 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducer file download request (file-identify.rules) * 1:16474 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules) * 1:16473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker project file download request (file-identify.rules) * 1:16407 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16406 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16381 <-> ENABLED <-> NETBIOS SMB session negotiation request (netbios.rules) * 1:16286 <-> ENABLED <-> FILE-IDENTIFY TrueType font file download request (file-identify.rules) * 1:16254 <-> ENABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (pua-adware.rules) * 1:16219 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules) * 1:16205 <-> ENABLED <-> FILE-IDENTIFY BMP file download request (file-identify.rules) * 1:17394 <-> ENABLED <-> FILE-IDENTIFY GIF file download request (file-identify.rules) * 1:17380 <-> ENABLED <-> FILE-IDENTIFY PNG file download request (file-identify.rules) * 1:17370 <-> ENABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules) * 1:17364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Help Workshop CNT Help file download request (file-identify.rules) * 1:17359 <-> ENABLED <-> FILE-IDENTIFY XBM image file download request (file-identify.rules) * 1:17332 <-> ENABLED <-> SERVER-MAIL Content-Disposition attachment (server-mail.rules) * 1:17327 <-> ENABLED <-> SERVER-MAIL Qualcomm WorldMail Server Response (server-mail.rules) * 1:17314 <-> ENABLED <-> FILE-IDENTIFY OLE document file magic detected (file-identify.rules) * 1:17259 <-> ENABLED <-> FILE-IDENTIFY MOV file download request (file-identify.rules) * 1:17241 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media wmv file download request (file-identify.rules) * 1:17230 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules) * 1:17229 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules) * 1:17151 <-> ENABLED <-> NETBIOS SMB negotiate protocol request - ascii strings (netbios.rules) * 1:17116 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASX file download request (file-identify.rules) * 1:16757 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode create tree attempt (netbios.rules) * 1:16756 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode andx create tree attempt (netbios.rules) * 1:17396 <-> ENABLED <-> SERVER-OTHER VNC client authentication response (server-other.rules) * 1:17418 <-> ENABLED <-> SERVER-ORACLE Oracle connection established (server-oracle.rules) * 1:17426 <-> ENABLED <-> FILE-IDENTIFY RAT file download request (file-identify.rules) * 1:17441 <-> ENABLED <-> FILE-IDENTIFY LNK file download request (file-identify.rules) * 1:17508 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file download request (file-identify.rules) * 1:17447 <-> ENABLED <-> SERVER-WEBAPP 407 Proxy Authentication Required (server-webapp.rules) * 1:17534 <-> ENABLED <-> SERVER-OTHER IPP Application Content (server-other.rules) * 1:17509 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Manifest file download request (file-identify.rules) * 1:17540 <-> ENABLED <-> FILE-IDENTIFY LZH file download request (file-identify.rules) * 1:17552 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file download request (file-identify.rules) * 1:17547 <-> ENABLED <-> FILE-IDENTIFY SMIL file download request (file-identify.rules) * 1:17598 <-> ENABLED <-> SERVER-OTHER IBM DB2 Universal Database accsec command without rdbnam (server-other.rules) * 1:17600 <-> ENABLED <-> FILE-IDENTIFY XUL file download request (file-identify.rules) * 1:17679 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules) * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (file-identify.rules) * 1:17733 <-> ENABLED <-> FILE-IDENTIFY XML file download request (file-identify.rules) * 1:17739 <-> ENABLED <-> FILE-IDENTIFY FlashPix file download request (file-identify.rules) * 1:17745 <-> ENABLED <-> NETBIOS SMB TRANS2 Find_First2 request attempt (netbios.rules) * 1:17751 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file download request (file-identify.rules) * 1:17801 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules) * 1:17802 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules) * 1:17809 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime qt file download request (file-identify.rules) * 1:18234 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules) * 1:18273 <-> ENABLED <-> FILE-IDENTIFY BAT file download request (file-identify.rules) * 1:18274 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Mail file download request (file-identify.rules) * 1:18516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules) * 1:18593 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file download request (file-identify.rules) * 1:18675 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules) * 1:19128 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules) * 1:19129 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules) * 1:19166 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules) * 1:19190 <-> ENABLED <-> NETBIOS SMB-DS Trans2 Distributed File System GET_DFS_REFERRAL request (netbios.rules) * 1:19211 <-> ENABLED <-> FILE-IDENTIFY ZIP archive file download request (file-identify.rules) * 1:19215 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file download request (file-identify.rules) * 1:19218 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules) * 1:20501 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:19224 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex wrf file download request (file-identify.rules) * 1:19252 <-> ENABLED <-> FILE-IDENTIFY language.engtesselate.ln file download request (file-identify.rules) * 1:19289 <-> ENABLED <-> FILE-IDENTIFY MHTML file download request (file-identify.rules) * 1:19299 <-> ENABLED <-> SERVER-OTHER banner.txt access - possible compromised multi-mesh injection server (server-other.rules) * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:19324 <-> ENABLED <-> MALWARE-OTHER Keylogger WL-Keylogger inbound connection (malware-other.rules) * 1:19326 <-> ENABLED <-> PUA-ADWARE Classroom Spy Professional outbound connection - initial connection (pua-adware.rules) * 1:19392 <-> ENABLED <-> MALWARE-OTHER Keylogger Monitor.win32.perflogger (malware-other.rules) * 1:19422 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules) * 1:19423 <-> ENABLED <-> FILE-IDENTIFY MKV file download request (file-identify.rules) * 1:19424 <-> ENABLED <-> FILE-IDENTIFY MKA file download request (file-identify.rules) * 1:19425 <-> ENABLED <-> FILE-IDENTIFY MKS file download request (file-identify.rules) * 1:19430 <-> ENABLED <-> FILE-IDENTIFY MIDI file download request (file-identify.rules) * 1:19816 <-> ENABLED <-> NETBIOS Juniper NeoterisSetupService named pipe access attempt (netbios.rules) * 1:19899 <-> ENABLED <-> MALWARE-OTHER Tong Keylogger outbound connectiooutbound connection (malware-other.rules) * 1:19907 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules) * 1:20032 <-> ENABLED <-> FILE-IDENTIFY MIME file type file download request (file-identify.rules) * 1:20223 <-> ENABLED <-> FILE-IDENTIFY SMI file download request (file-identify.rules) * 1:20225 <-> ENABLED <-> FILE-OTHER SMI file download request (file-other.rules) * 1:20260 <-> ENABLED <-> FILE-IDENTIFY Microsoft Client Agent Helper JAR file download request (file-identify.rules) * 1:20269 <-> ENABLED <-> FILE-IDENTIFY FON font file download request (file-identify.rules) * 1:20274 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP NetShareEnumAll request (netbios.rules) * 1:20282 <-> ENABLED <-> FILE-IDENTIFY S3M file download request (file-identify.rules) * 1:20287 <-> ENABLED <-> FILE-IDENTIFY QCP file download request (file-identify.rules) * 1:20450 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules) * 1:20451 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules) * 1:20453 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (file-identify.rules) * 1:20454 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (file-identify.rules) * 1:20455 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (file-identify.rules) * 1:20502 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20456 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules) * 1:20458 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (file-identify.rules) * 1:20459 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules) * 1:20460 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:20461 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (file-identify.rules) * 1:20462 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules) * 1:20463 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20464 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20465 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20466 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20467 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20468 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20469 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20471 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules) * 1:20472 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules) * 1:20474 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (file-identify.rules) * 1:20475 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules) * 1:20476 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules) * 1:20477 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules) * 1:20478 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules) * 1:20479 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (file-identify.rules) * 1:20480 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules) * 1:20481 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:20483 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:20484 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (file-identify.rules) * 1:20485 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules) * 1:20486 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules) * 1:20487 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (file-identify.rules) * 1:20488 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (file-identify.rules) * 1:20489 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules) * 1:20490 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (file-identify.rules) * 1:20491 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (file-identify.rules) * 1:20492 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules) * 1:20493 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules) * 1:20494 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules) * 1:20495 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20497 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20500 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20503 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20507 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20511 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules) * 1:20512 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules) * 1:20513 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules) * 1:20514 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules) * 1:20515 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (file-identify.rules) * 1:20516 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules) * 1:20518 <-> ENABLED <-> FILE-IDENTIFY rmf file download request (file-identify.rules) * 1:20519 <-> ENABLED <-> FILE-IDENTIFY vmd file download request (file-identify.rules) * 1:20520 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (file-identify.rules) * 1:20521 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules) * 1:20522 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules) * 1:20544 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player FLV file download request (file-identify.rules) * 1:20554 <-> ENABLED <-> PUA-OTHER Microsoft MSN Messenger and Windows Live Messenger Code Execution attempt (pua-other.rules) * 1:20563 <-> ENABLED <-> FILE-IDENTIFY amf file download request (file-identify.rules) * 1:20564 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules) * 1:20588 <-> ENABLED <-> FILE-IDENTIFY CDR file download request (file-identify.rules) * 1:20589 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (file-identify.rules) * 1:20621 <-> ENABLED <-> FILE-IDENTIFY JAR file download request (file-identify.rules) * 1:20723 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file download request (file-identify.rules) * 1:20733 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file download request (file-identify.rules) * 1:20750 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules) * 1:20751 <-> ENABLED <-> FILE-IDENTIFY webm file download request (file-identify.rules) * 1:20792 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:20793 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:20795 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules) * 1:20796 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules) * 1:20798 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20799 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20800 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules) * 1:20801 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules) * 1:20839 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file download request (file-identify.rules) * 1:20840 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file download request (file-identify.rules) * 1:20841 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file download request (file-identify.rules) * 1:20848 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules) * 1:20849 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules) * 1:20852 <-> ENABLED <-> FILE-IDENTIFY DAZ Studio script download request (file-identify.rules) * 1:20854 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules) * 1:20855 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules) * 1:20856 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules) * 1:20857 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules) * 1:20859 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya embedded language script download request (file-identify.rules) * 1:20860 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules) * 1:20869 <-> ENABLED <-> FILE-IDENTIFY Autodesk 3D Studio Maxscript download request (file-identify.rules) * 1:20871 <-> ENABLED <-> SERVER-WEBAPP Worldweaver DX Studio Player shell.execute command execution attempt (server-webapp.rules) * 1:20874 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup initialization packet (server-other.rules) * 1:20882 <-> ENABLED <-> FILE-OFFICE Microsoft Windows embedded packager object identifier (file-office.rules) * 1:20888 <-> ENABLED <-> FILE-IDENTIFY Video Spirit visprj download attempt (file-identify.rules) * 1:20893 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules) * 1:20894 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules) * 1:20895 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules) * 1:20896 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules) * 1:20897 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules) * 1:20898 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules) * 1:20899 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules) * 1:20905 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules) * 1:20906 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules) * 1:20907 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules) * 1:20908 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules) * 1:20909 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules) * 1:20910 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules) * 1:20911 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules) * 1:20912 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules) * 1:20913 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules) * 1:20914 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules) * 1:20915 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules) * 1:20916 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules) * 1:20917 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules) * 1:20918 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules) * 1:20924 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules) * 1:20925 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules) * 1:20926 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules) * 1:20928 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:20929 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules) * 1:20930 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules) * 1:20931 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules) * 1:20932 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules) * 1:20933 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules) * 1:20934 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules) * 1:20935 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules) * 1:20936 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules) * 1:20937 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20938 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20939 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20940 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20941 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20942 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20943 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20944 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20945 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20946 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20947 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20948 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20950 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20951 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20952 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20953 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20954 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20955 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20956 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20957 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20958 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20959 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20960 <-> ENABLED <-> FILE-IDENTIFY Flac file download request (file-identify.rules) * 1:20961 <-> ENABLED <-> FILE-IDENTIFY TTE file download request (file-identify.rules) * 1:20962 <-> ENABLED <-> FILE-IDENTIFY OTF file download request (file-identify.rules) * 1:20963 <-> ENABLED <-> FILE-IDENTIFY DIB file download request (file-identify.rules) * 1:20964 <-> ENABLED <-> FILE-IDENTIFY SAMI file download request (file-identify.rules) * 1:20965 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20966 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20967 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20968 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules) * 1:20969 <-> ENABLED <-> FILE-IDENTIFY M4A file download request (file-identify.rules) * 1:20970 <-> ENABLED <-> FILE-IDENTIFY M4P file download request (file-identify.rules) * 1:20971 <-> ENABLED <-> FILE-IDENTIFY M4R file download request (file-identify.rules) * 1:20972 <-> ENABLED <-> FILE-IDENTIFY M4V file magic request (file-identify.rules) * 1:20973 <-> ENABLED <-> FILE-IDENTIFY M4B file download request (file-identify.rules) * 1:20974 <-> ENABLED <-> FILE-IDENTIFY 3GP file download request (file-identify.rules) * 1:20975 <-> ENABLED <-> FILE-IDENTIFY 3G2 file download request (file-identify.rules) * 1:20976 <-> ENABLED <-> FILE-IDENTIFY K3G file download request (file-identify.rules) * 1:20977 <-> ENABLED <-> FILE-IDENTIFY SKM file download request (file-identify.rules) * 1:20978 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules) * 1:20979 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules) * 1:20980 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules) * 1:20981 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules) * 1:20982 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:20983 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:20986 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules) * 1:20987 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules) * 1:20991 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules) * 1:20992 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules) * 1:21005 <-> ENABLED <-> MALWARE-CNC Yang Pack yg.htm download request (malware-cnc.rules) * 1:21007 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules) * 1:21008 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file download request (file-identify.rules) * 1:21009 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules) * 1:21010 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules) * 1:21011 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:21012 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file download request (file-identify.rules) * 1:21013 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules) * 1:21014 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules) * 1:21015 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules) * 1:21016 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cyb file attachment detected (file-identify.rules) * 1:21017 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file attachment detected (file-identify.rules) * 1:21018 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file download request (file-identify.rules) * 1:21035 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules) * 1:21036 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules) * 1:21052 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file download request (file-identify.rules) * 1:21053 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules) * 1:21054 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules) * 1:21059 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules) * 1:21061 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21062 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21109 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file download request (file-identify.rules) * 1:21110 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules) * 1:21111 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules) * 1:21113 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules) * 1:21152 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules) * 1:21153 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules) * 1:21174 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer realtext file download request (file-identify.rules) * 1:21282 <-> ENABLED <-> FILE-IDENTIFY XSL file download request (file-identify.rules) * 1:21283 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules) * 1:21284 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules) * 1:21285 <-> ENABLED <-> FILE-IDENTIFY XSLT file download request (file-identify.rules) * 1:21286 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules) * 1:21287 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules) * 1:21288 <-> ENABLED <-> FILE-IDENTIFY XML download detected (file-identify.rules) * 1:21295 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules) * 1:21296 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules) * 1:21345 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar request (exploit-kit.rules) * 1:21347 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - .php?page= (exploit-kit.rules) * 1:21410 <-> ENABLED <-> FILE-IDENTIFY paq8o file download request (file-identify.rules) * 1:21411 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules) * 1:21412 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules) * 1:21432 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules) * 1:21433 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules) * 1:21434 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mentor variant outbound connection (malware-cnc.rules) * 1:21480 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:21498 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:21499 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules) * 1:21500 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules) * 1:21573 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file download request (file-identify.rules) * 1:21574 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules) * 1:21575 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules) * 1:21584 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file download request (file-identify.rules) * 1:21585 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules) * 1:21586 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules) * 1:21611 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules) * 1:21612 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules) * 1:21613 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules) * 1:21614 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules) * 1:21615 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules) * 1:21616 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules) * 1:21617 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules) * 1:21618 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules) * 1:21620 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules) * 1:21621 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules) * 1:21623 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules) * 1:21624 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules) * 1:21625 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules) * 1:21626 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules) * 1:21627 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules) * 1:21628 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules) * 1:21648 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21649 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21650 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules) * 1:21651 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21652 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21659 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page Requested - /Home/index.php (exploit-kit.rules) * 1:21660 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page Requested - /Index/index.php (exploit-kit.rules) * 1:21687 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules) * 1:21688 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules) * 1:21691 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules) * 1:21692 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules) * 1:21693 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules) * 1:21694 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules) * 1:21695 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules) * 1:21696 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules) * 1:21697 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules) * 1:21698 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules) * 1:21699 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules) * 1:21700 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules) * 1:21701 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:21702 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:21703 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21704 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21705 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:21706 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:21707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:21708 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:21709 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules) * 1:21710 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules) * 1:21711 <-> ENABLED <-> FILE-IDENTIFY PFA file download request (file-identify.rules) * 1:21712 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules) * 1:21713 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules) * 1:21714 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules) * 1:21715 <-> ENABLED <-> FILE-IDENTIFY PFB file download request (file-identify.rules) * 1:21716 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules) * 1:21717 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules) * 1:21718 <-> ENABLED <-> FILE-IDENTIFY PFM file download request (file-identify.rules) * 1:21719 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules) * 1:21720 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules) * 1:21721 <-> ENABLED <-> FILE-IDENTIFY AFM file download request (file-identify.rules) * 1:21722 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules) * 1:21723 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules) * 1:21724 <-> ENABLED <-> FILE-IDENTIFY ANI file download request (file-identify.rules) * 1:21725 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules) * 1:21726 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules) * 1:21727 <-> ENABLED <-> FILE-IDENTIFY ANI file magic detection (file-identify.rules) * 1:21728 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21729 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21730 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21731 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21732 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21733 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21734 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21735 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21736 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21737 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21738 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21739 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules) * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules) * 1:21742 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:21743 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:21744 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21745 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21746 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules) * 1:21747 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules) * 1:21748 <-> ENABLED <-> FILE-IDENTIFY HPJ file download request (file-identify.rules) * 1:21749 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules) * 1:21750 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules) * 1:21751 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules) * 1:21802 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file download request (file-identify.rules) * 1:21803 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules) * 1:21804 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules) * 1:21807 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file download request (file-identify.rules) * 1:21808 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules) * 1:21809 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules) * 1:21810 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules) * 1:21811 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file download request (file-identify.rules) * 1:21812 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules) * 1:21813 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules) * 1:21814 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules) * 1:21815 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules) * 1:21816 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules) * 1:21854 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules) * 1:21855 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules) * 1:21856 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:21857 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:21861 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules) * 1:21862 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules) * 1:21863 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules) * 1:21864 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules) * 1:21865 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21866 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21867 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21868 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21870 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules) * 1:21871 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules) * 1:21872 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules) * 1:21873 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules) * 1:21886 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules) * 1:21887 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules) * 1:21888 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules) * 1:21889 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules) * 1:21890 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21891 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21892 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21893 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21894 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules) * 1:21895 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules) * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21931 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules) * 1:21939 <-> ENABLED <-> PROTOCOL-TELNET RuggedCom telnet initial banner (protocol-telnet.rules) * 1:21999 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file magic detection (file-identify.rules) * 1:22013 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file download request (file-identify.rules) * 1:22014 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (file-identify.rules) * 1:22015 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (file-identify.rules) * 1:22016 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (file-identify.rules) * 1:22017 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file download request (file-identify.rules) * 1:22018 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (file-identify.rules) * 1:22019 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (file-identify.rules) * 1:22020 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (file-identify.rules) * 1:22021 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file download request (file-identify.rules) * 1:22022 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (file-identify.rules) * 1:22023 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (file-identify.rules) * 1:22024 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (file-identify.rules) * 1:22025 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file download request (file-identify.rules) * 1:22026 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (file-identify.rules) * 1:22027 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (file-identify.rules) * 1:22028 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (file-identify.rules) * 1:22043 <-> ENABLED <-> FILE-IDENTIFY XM file download request (file-identify.rules) * 1:22044 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (file-identify.rules) * 1:22045 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (file-identify.rules) * 1:22046 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (file-identify.rules) * 1:22082 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file download request (file-identify.rules) * 1:22083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file attachment detected (file-identify.rules) * 1:22084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file attachment detected (file-identify.rules) * 1:22943 <-> ENABLED <-> FILE-IDENTIFY NAB file download request (file-identify.rules) * 1:22944 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules) * 1:22945 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules) * 1:22946 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules) * 1:22955 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules) * 1:22956 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules) * 1:22961 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules) * 1:22962 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules) * 1:22963 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RMP file attachment detected (file-identify.rules) * 1:22964 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RMP file attachment detected (file-identify.rules) * 1:22965 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules) * 1:22966 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules) * 1:22967 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules) * 1:22968 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules) * 1:22969 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules) * 1:22970 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules) * 1:22971 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file attachment detected (file-identify.rules) * 1:22972 <-> ENABLED <-> FILE-IDENTIFY m3u playlist file file attachment detected (file-identify.rules) * 1:22973 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules) * 1:22974 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules) * 1:22975 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules) * 1:22976 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules) * 1:22977 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules) * 1:22978 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules) * 1:22979 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules) * 1:22980 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules) * 1:22981 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules) * 1:22982 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules) * 1:22983 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules) * 1:22984 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules) * 1:22985 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules) * 1:22986 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules) * 1:22987 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules) * 1:22988 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules) * 1:22989 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules) * 1:22990 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules) * 1:22991 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules) * 1:22992 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules) * 1:22993 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules) * 1:22994 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules) * 1:22995 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules) * 1:22996 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules) * 1:22997 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules) * 1:22998 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules) * 1:22999 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules) * 1:23000 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules) * 1:23001 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules) * 1:23002 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules) * 1:23003 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules) * 1:23011 <-> ENABLED <-> FILE-IDENTIFY Collada file download request (file-identify.rules) * 1:23012 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules) * 1:23013 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules) * 1:23167 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file download request (file-identify.rules) * 1:23168 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules) * 1:23169 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules) * 1:23188 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23189 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23190 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23191 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23192 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23193 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23194 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23195 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23196 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23197 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23198 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23199 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23200 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23201 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23202 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23205 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23206 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23207 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23208 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk Manager Interface initial banner (protocol-voip.rules) * 1:23224 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit landing page Requested - 8Digit.html (exploit-kit.rules) * 1:23319 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (file-identify.rules) * 1:23320 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (file-identify.rules) * 1:23321 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (file-identify.rules) * 1:23322 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (file-identify.rules) * 1:23347 <-> ENABLED <-> FILE-IDENTIFY Lotus file download request (file-identify.rules) * 1:23348 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules) * 1:23349 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules) * 1:23393 <-> ENABLED <-> SQL IBM SolidDB initial banner (sql.rules) * 1:23474 <-> ENABLED <-> FILE-IDENTIFY PLP file download request (file-identify.rules) * 1:23475 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (file-identify.rules) * 1:23476 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (file-identify.rules) * 1:23477 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (file-identify.rules) * 1:23486 <-> ENABLED <-> FILE-IDENTIFY JOB file download request (file-identify.rules) * 1:23487 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules) * 1:23488 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules) * 1:23496 <-> ENABLED <-> FILE-IDENTIFY CUR file download request (file-identify.rules) * 1:23497 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules) * 1:23498 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules) * 1:23605 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.xx - v2.xx file magic detected (file-identify.rules) * 1:23616 <-> ENABLED <-> APP-DETECT Amazon Kindle 3.0 User-Agent string requested (app-detect.rules) * 1:23637 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules) * 1:23638 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules) * 1:23639 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules) * 1:23640 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules) * 1:23642 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (file-identify.rules) * 1:23643 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (file-identify.rules) * 1:23644 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (file-identify.rules) * 1:23645 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules) * 1:23646 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (file-identify.rules) * 1:23647 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules) * 1:23648 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:23649 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (file-identify.rules) * 1:23650 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules) * 1:23651 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23652 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23653 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23654 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23655 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23656 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23657 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23658 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules) * 1:23659 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules) * 1:23660 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (file-identify.rules) * 1:23661 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules) * 1:23662 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules) * 1:23663 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules) * 1:23664 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules) * 1:23665 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (file-identify.rules) * 1:23666 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:23667 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:23668 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (file-identify.rules) * 1:23669 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules) * 1:23670 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules) * 1:23671 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (file-identify.rules) * 1:23672 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (file-identify.rules) * 1:23673 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules) * 1:23674 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (file-identify.rules) * 1:23675 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (file-identify.rules) * 1:23676 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules) * 1:23677 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules) * 1:23678 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules) * 1:23679 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23680 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23681 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23682 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23683 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23684 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23685 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23687 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23688 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules) * 1:23689 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules) * 1:23690 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules) * 1:23691 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules) * 1:23692 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (file-identify.rules) * 1:23693 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules) * 1:23694 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (file-identify.rules) * 1:23695 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules) * 1:23696 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules) * 1:23697 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules) * 1:23698 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules) * 1:23701 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules) * 1:23703 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules) * 1:23707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules) * 1:23709 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules) * 1:23710 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules) * 1:23711 <-> ENABLED <-> FILE-IDENTIFY OLE Document file magic detected (file-identify.rules) * 1:23712 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules) * 1:23720 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules) * 1:23721 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules) * 1:23723 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules) * 1:23724 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules) * 1:23725 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules) * 1:23726 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules) * 1:23727 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules) * 1:23728 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules) * 1:23729 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules) * 1:23730 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules) * 1:23731 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (file-identify.rules) * 1:23732 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player .asf file magic detected (file-identify.rules) * 1:23733 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules) * 1:23734 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules) * 1:23735 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules) * 1:23736 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules) * 1:23737 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:23738 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23739 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23740 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23741 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23742 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23743 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23744 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23745 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23746 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23747 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23748 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules) * 1:23749 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules) * 1:23750 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules) * 1:23751 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:23752 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules) * 1:23753 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules) * 1:23754 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules) * 1:23755 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules) * 1:23758 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:23759 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:23760 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules) * 1:23761 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules) * 1:23762 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules) * 1:23763 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules) * 1:23764 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules) * 1:23765 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules) * 1:23769 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (file-identify.rules) * 1:23770 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (file-identify.rules) * 1:23771 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (file-identify.rules) * 1:23772 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (file-identify.rules) * 1:23773 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (file-identify.rules) * 1:23774 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules) * 1:23775 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (file-identify.rules) * 1:23776 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (file-identify.rules) * 1:23777 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.xx - v2.xx file magic detected (file-identify.rules) * 1:23807 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23808 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23809 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23810 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23811 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23812 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23813 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23814 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23815 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23816 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23817 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23818 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23819 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23820 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23821 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23822 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules) * 1:23823 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules) * 1:23839 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules) * 1:23849 <-> ENABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules) * 1:23969 <-> ENABLED <-> OS-MOBILE Android SMSZombie APK file download (os-mobile.rules) * 1:24004 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:24005 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:24045 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file download request (file-identify.rules) * 1:24046 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (file-identify.rules) * 1:24047 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (file-identify.rules) * 1:24048 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file download request (file-identify.rules) * 1:24049 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (file-identify.rules) * 1:24050 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (file-identify.rules) * 1:24074 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules) * 1:24075 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules) * 1:24076 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules) * 1:24078 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules) * 1:24079 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules) * 1:24080 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:24081 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:24089 <-> ENABLED <-> OS-WINDOWS Microsoft WebDAV PROPFIND request (os-windows.rules) * 1:24100 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules) * 1:24101 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules) * 1:2419 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .ram playlist file download request (file-identify.rules) * 1:24190 <-> ENABLED <-> FILE-IDENTIFY X PixMap file magic detected (file-identify.rules) * 1:2420 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rmp playlist file download request (file-identify.rules) * 1:24206 <-> ENABLED <-> FILE-IDENTIFY LZH archive file magic detected (file-identify.rules) * 1:24213 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24218 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:24219 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:2422 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rt playlist file download request (file-identify.rules) * 1:2423 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rp playlist file download request (file-identify.rules) * 1:24284 <-> ENABLED <-> FILE-OFFICE Microsoft Office Drawing object code execution attempt (file-office.rules) * 1:24313 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent request attempt (server-webapp.rules) * 1:24359 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules) * 1:2436 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file download request (file-identify.rules) * 1:24406 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MiniFlame variant outbound connection (malware-cnc.rules) * 1:24407 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MiniFlame variant outbound connection (malware-cnc.rules) * 1:24412 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules) * 1:24413 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules) * 1:24453 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules) * 1:24454 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules) * 1:24455 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24456 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24457 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24458 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24459 <-> ENABLED <-> FILE-IDENTIFY PSD file download request (file-identify.rules) * 1:24460 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (file-identify.rules) * 1:24461 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (file-identify.rules) * 1:24462 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (file-identify.rules) * 1:24463 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:24464 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:24465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules) * 1:24466 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (file-identify.rules) * 1:24467 <-> ENABLED <-> FILE-IDENTIFY XCF file download request (file-identify.rules) * 1:24468 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (file-identify.rules) * 1:24469 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (file-identify.rules) * 1:24470 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (file-identify.rules) * 1:24471 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (file-identify.rules) * 1:24472 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules) * 1:24473 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules) * 1:24483 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:24484 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:24554 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules) * 1:24555 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules) * 1:24599 <-> ENABLED <-> FILE-IDENTIFY Alt-N MDaemon IMAP Server (file-identify.rules) * 1:24651 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file download request (file-identify.rules) * 1:24708 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file download request (file-identify.rules) * 1:24709 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules) * 1:24710 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules) * 1:24719 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP call state message offhook (protocol-voip.rules) * 1:24816 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24817 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24818 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules) * 1:24819 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules) * 1:24820 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file download request (file-identify.rules) * 1:24821 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules) * 1:24822 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules) * 1:24824 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file download request (file-identify.rules) * 1:24825 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules) * 1:24826 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules) * 1:24901 <-> ENABLED <-> FILE-IDENTIFY JNLP file download request (file-identify.rules) * 1:24902 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules) * 1:24903 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules) * 1:24972 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 find file and directory info request (netbios.rules) * 1:25014 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file magic detected (file-identify.rules) * 1:25032 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file download request (file-identify.rules) * 1:25033 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules) * 1:25034 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules) * 1:25041 <-> ENABLED <-> EXPLOIT-KIT Java User-Agent flowbit set (exploit-kit.rules) * 1:25062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (file-identify.rules) * 1:25305 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file magic detected (file-identify.rules) * 1:25306 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file download request (file-identify.rules) * 1:25307 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules) * 1:25308 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules) * 1:25373 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file download request (file-identify.rules) * 1:25374 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (file-identify.rules) * 1:25375 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (file-identify.rules) * 1:25516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (file-identify.rules) * 1:25517 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (file-identify.rules) * 1:25602 <-> ENABLED <-> SERVER-OTHER Sybase Open Server TDS login request (server-other.rules) * 1:25604 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file download request (file-identify.rules) * 1:25605 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (file-identify.rules) * 1:25606 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (file-identify.rules) * 1:25680 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player embedded compact font detected (file-identify.rules) * 1:25682 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player embedded compact font detected (file-identify.rules) * 1:25928 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25929 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25930 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25931 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25932 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25933 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25934 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25935 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25936 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25937 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25938 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25939 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25940 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25941 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25942 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25943 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25944 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25945 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:26057 <-> ENABLED <-> FILE-IDENTIFY ZIP file download detected (file-identify.rules) * 1:26058 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:26059 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:26060 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules) * 1:26061 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:26062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:26063 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file download request (file-identify.rules) * 1:26064 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file attachment detected (file-identify.rules) * 1:26065 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file attachment detected (file-identify.rules) * 1:26083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:26084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:26085 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:26126 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file download request (file-identify.rules) * 1:26127 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules) * 1:26128 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules) * 1:26206 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file download request (file-identify.rules) * 1:26207 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (file-identify.rules) * 1:26208 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (file-identify.rules) * 1:26251 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:26429 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP malformed onStatus message type confusion attempt (file-flash.rules) * 1:26458 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file download request (file-identify.rules) * 1:26465 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules) * 1:26466 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules) * 1:26492 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file download request (file-identify.rules) * 1:26493 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules) * 1:26494 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules) * 1:26514 <-> ENABLED <-> FILE-IDENTIFY maplet file download attempt (file-identify.rules) * 1:26515 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (file-identify.rules) * 1:26516 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (file-identify.rules) * 1:26517 <-> ENABLED <-> FILE-IDENTIFY maplet bin file download attempt (file-identify.rules) * 1:26644 <-> ENABLED <-> SERVER-OTHER SSL TLS DEFLATE compression detected (server-other.rules) * 1:26902 <-> ENABLED <-> FILE-IDENTIFY Android APK download request (file-identify.rules) * 1:26903 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (file-identify.rules) * 1:26904 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (file-identify.rules) * 1:27022 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules) * 1:27121 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules) * 1:27275 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules) * 1:27276 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules) * 1:27277 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file download request (file-identify.rules) * 1:27542 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules) * 1:27543 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules) * 1:28367 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules) * 1:28368 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules) * 1:28369 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules) * 1:28370 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules) * 1:28382 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index file download request (file-identify.rules) * 1:28383 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (file-identify.rules) * 1:28384 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (file-identify.rules) * 1:28425 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules) * 1:28497 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file magic detected (file-identify.rules) * 1:28507 <-> ENABLED <-> FILE-IDENTIFY Microsoft Write file download file attachment detected (file-identify.rules) * 1:28508 <-> ENABLED <-> FILE-IDENTIFY Microsoft Write file download file attachment detected (file-identify.rules) * 1:28570 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules) * 1:28571 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules) * 1:28572 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules) * 1:28573 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules) * 1:28574 <-> ENABLED <-> FILE-IDENTIFY FDF file download request (file-identify.rules) * 1:28610 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit exploit payload retreive attempt (exploit-kit.rules) * 1:28894 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules) * 1:28895 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules) * 1:28896 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file attachment detected (file-identify.rules) * 1:28897 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules) * 1:28898 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules) * 1:28899 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules) * 1:28900 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules) * 1:28901 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file download request (file-identify.rules) * 1:29006 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (file-identify.rules) * 1:29007 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (file-identify.rules) * 1:29008 <-> ENABLED <-> FILE-IDENTIFY XWD image file download request (file-identify.rules) * 1:29162 <-> ENABLED <-> FILE-IDENTIFY CIS file download request (file-identify.rules) * 1:29274 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules) * 1:29275 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules) * 1:29276 <-> ENABLED <-> FILE-IDENTIFY XFDL file download request (file-identify.rules) * 1:29384 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file download request (file-identify.rules) * 1:29385 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules) * 1:29386 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules) * 1:29405 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules) * 1:29406 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules) * 1:29407 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file download request (file-identify.rules) * 1:29439 <-> ENABLED <-> FILE-IDENTIFY MSI file download request (file-identify.rules) * 1:29514 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules) * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29612 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules) * 1:29613 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules) * 1:29614 <-> ENABLED <-> FILE-IDENTIFY XPS file download request (file-identify.rules) * 1:29752 <-> ENABLED <-> SERVER-WEBAPP HP Intelligent Management Center SOM authentication bypass attempt (server-webapp.rules) * 1:30014 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules) * 1:30015 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules) * 1:30016 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules) * 1:30017 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules) * 1:30018 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file download request (file-identify.rules) * 1:30532 <-> ENABLED <-> FILE-MULTIMEDIA CoCSoft Stream Download session (file-multimedia.rules) * 1:30756 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:30757 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:30758 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:30759 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:30760 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file download request (file-identify.rules) * 1:30969 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Internet Explorer landing page (exploit-kit.rules) * 1:30972 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Silverlight landing page (exploit-kit.rules) * 1:3135 <-> ENABLED <-> NETBIOS SMB Trans2 QUERY_FILE_INFO attempt (netbios.rules) * 1:3136 <-> ENABLED <-> NETBIOS SMB Trans2 QUERY_FILE_INFO andx attempt (netbios.rules) * 1:3137 <-> ENABLED <-> NETBIOS SMB-DS Trans2 QUERY_FILE_INFO attempt (netbios.rules) * 1:3138 <-> ENABLED <-> NETBIOS SMB-DS Trans2 QUERY_FILE_INFO andx attempt (netbios.rules) * 1:3139 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 attempt (netbios.rules) * 1:3140 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 andx attempt (netbios.rules) * 1:3141 <-> ENABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 attempt (netbios.rules) * 1:3142 <-> ENABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 andx attempt (netbios.rules) * 1:31481 <-> ENABLED <-> SERVER-OTHER OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31482 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31483 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31484 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31591 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules) * 1:31675 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules) * 1:31676 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules) * 1:31702 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:31703 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:31773 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31774 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31775 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31776 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules) * 1:31871 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules) * 1:32005 <-> ENABLED <-> MALWARE-BACKDOOR AlienSpy RAT outbound connection (malware-backdoor.rules) * 1:32134 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules) * 1:32135 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules) * 1:32165 <-> ENABLED <-> FILE-IDENTIFY SVG file magic detected (file-identify.rules) * 1:32251 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules) * 1:32252 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules) * 1:32253 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file download request (file-identify.rules) * 1:32345 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules) * 1:32378 <-> ENABLED <-> FILE-IDENTIFY bmp file attachment detected (file-identify.rules) * 1:32380 <-> ENABLED <-> FILE-IDENTIFY dib file attachment detected (file-identify.rules) * 1:32525 <-> ENABLED <-> BROWSER-OTHER FreeBSD tnftp client detected (browser-other.rules) * 1:32616 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (file-identify.rules) * 1:32617 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (file-identify.rules) * 1:32618 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file download request (file-identify.rules) * 1:32877 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules) * 1:32878 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules) * 1:32880 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound payload request (exploit-kit.rules) * 1:32945 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (file-identify.rules) * 1:32946 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (file-identify.rules) * 1:32947 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file download request (file-identify.rules) * 1:33026 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules) * 1:33027 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules) * 1:33028 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file download request (file-identify.rules) * 1:33221 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules) * 1:33640 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file download request (file-identify.rules) * 1:33641 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (file-identify.rules) * 1:33642 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (file-identify.rules) * 1:33666 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file download request (file-identify.rules) * 1:33667 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (file-identify.rules) * 1:33668 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (file-identify.rules) * 1:33825 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules) * 1:34395 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules) * 1:34396 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules) * 1:34397 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download request (file-identify.rules) * 1:34398 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download attempt (file-identify.rules) * 1:34629 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules) * 1:34630 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules) * 1:34631 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file download request (file-identify.rules) * 1:35247 <-> ENABLED <-> FILE-IDENTIFY GNI file download request (file-identify.rules) * 1:35248 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (file-identify.rules) * 1:35249 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (file-identify.rules) * 1:35250 <-> ENABLED <-> FILE-IDENTIFY GNI file magic detected (file-identify.rules) * 1:35432 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules) * 1:35433 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules) * 1:35455 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules) * 1:35456 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules) * 1:35457 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules) * 1:35458 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules) * 1:35459 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file download request (file-identify.rules) * 1:3551 <-> ENABLED <-> FILE-IDENTIFY HTA file download request (file-identify.rules) * 1:35688 <-> ENABLED <-> PROTOCOL-OTHER MiniUPNP rootdesc.xml file request (protocol-other.rules) * 1:35795 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (file-identify.rules) * 1:35796 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (file-identify.rules) * 1:35797 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file download request (file-identify.rules) * 1:35852 <-> ENABLED <-> FILE-IDENTIFY JPEG file upload detected (file-identify.rules) * 1:35979 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file download request (file-identify.rules) * 1:35980 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (file-identify.rules) * 1:35981 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (file-identify.rules) * 1:36058 <-> ENABLED <-> FILE-IDENTIFY OLE Document upload detected (file-identify.rules) * 1:36531 <-> ENABLED <-> FILE-IDENTIFY Oracle Java JMX management loading mlet detected (file-identify.rules) * 1:3665 <-> ENABLED <-> SERVER-MYSQL server greeting (server-mysql.rules) * 1:36711 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file attachment detected (file-identify.rules) * 1:36748 <-> ENABLED <-> FILE-IDENTIFY TTF file attachment detected (file-identify.rules) * 1:36815 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO incoming token detected (server-other.rules) * 1:36816 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 IAKERB outbound token detected (server-other.rules) * 1:37418 <-> ENABLED <-> MALWARE-BACKDOOR Adzok RAT inbound connection (malware-backdoor.rules) * 1:37546 <-> ENABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager connection attempt (server-other.rules) * 1:37784 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules) * 1:37785 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules) * 1:37786 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules) * 1:37787 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules) * 1:37788 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file download request (file-identify.rules) * 1:38291 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (file-identify.rules) * 1:38292 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (file-identify.rules) * 1:38306 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (file-identify.rules) * 1:38307 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (file-identify.rules) * 1:38461 <-> ENABLED <-> OS-WINDOWS DCERPC Bind auth level packet privacy connection detected (os-windows.rules) * 1:38851 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file download request (file-identify.rules) * 1:38852 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (file-identify.rules) * 1:38853 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (file-identify.rules) * 1:38854 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (file-identify.rules) * 1:38855 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (file-identify.rules) * 1:38862 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file download request (file-identify.rules) * 1:38863 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules) * 1:38864 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules) * 1:38865 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules) * 1:38866 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules) * 1:39776 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (file-identify.rules) * 1:39777 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (file-identify.rules) * 1:39778 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file download request (file-identify.rules) * 1:39903 <-> ENABLED <-> FILE-OFFICE Microsoft Windows RTF file with embedded object package SMTP upload attempt (file-office.rules) * 1:40017 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file download request (file-identify.rules) * 1:40018 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules) * 1:40019 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules) * 1:40020 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules) * 1:40021 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules) * 1:40035 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules) * 1:40036 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules) * 1:40065 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NFS Server NULL pointer dereference denial-of-service attempt (os-windows.rules) * 1:40118 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file download request (file-identify.rules) * 1:40119 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file attachment detected (file-identify.rules) * 1:40120 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file attachment detected (file-identify.rules) * 1:40387 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (file-identify.rules) * 1:40388 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (file-identify.rules) * 1:40389 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (file-identify.rules) * 1:40390 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (file-identify.rules) * 1:40391 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file download request (file-identify.rules) * 1:40891 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file download request (file-identify.rules) * 1:40892 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (file-identify.rules) * 1:40893 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (file-identify.rules) * 1:40908 <-> ENABLED <-> SERVER-OTHER Foscam C1 backdoor account ftp login attempt (server-other.rules) * 1:40979 <-> ENABLED <-> FILE-IDENTIFY ico file download request (file-identify.rules) * 1:40980 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules) * 1:40981 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules) * 1:41081 <-> ENABLED <-> SERVER-OTHER Tarantool initial connection banner detected (server-other.rules) * 1:4143 <-> ENABLED <-> SERVER-OTHER lpd receive printer job cascade adaptor protocol request (server-other.rules) * 1:42072 <-> DISABLED <-> SERVER-WEBAPP Aultware pwStore denial of service attempt (server-webapp.rules) * 1:42223 <-> ENABLED <-> FILE-IDENTIFY AOP file download request (file-identify.rules) * 1:42256 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB anonymous user session setup request detected (os-windows.rules) * 1:42257 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (file-identify.rules) * 1:42258 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:42259 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:42260 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:42261 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (file-identify.rules) * 1:42262 <-> ENABLED <-> FILE-IDENTIFY ISO file download request (file-identify.rules) * 1:42332 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant ping command (malware-cnc.rules) * 1:42363 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:42364 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:42365 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:42366 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:42367 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:42368 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:42369 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:42370 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:42371 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:42918 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:43002 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules) * 1:43003 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules) * 1:43067 <-> ENABLED <-> PROTOCOL-IMAP IMAP CRAM-MD5 authentication attempt (protocol-imap.rules) * 1:43080 <-> ENABLED <-> BROWSER-OTHER Foscam IP Camera User-Agent string detected (browser-other.rules) * 1:43099 <-> ENABLED <-> SERVER-WEBAPP Simple SCADA web-socket connection initialization attempt (server-webapp.rules) * 1:43363 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:43364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:43891 <-> ENABLED <-> MALWARE-OTHER Win.Malware.Emotet variant lateral propagation (malware-other.rules) * 1:44030 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint ppt file attachment detected file attachment detected (file-identify.rules) * 1:44165 <-> ENABLED <-> SERVER-WEBAPP websocket protocol upgrade request detected (server-webapp.rules) * 1:44231 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word doc file attachment detected (file-identify.rules) * 1:44275 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:44441 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (file-identify.rules) * 1:44442 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (file-identify.rules) * 1:45515 <-> ENABLED <-> NETBIOS SMB SESSION_SETUP subcommand detected (netbios.rules) * 1:46367 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file download detected (file-identify.rules) * 1:46393 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file detected (file-identify.rules) * 1:46394 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file attachment detected (file-identify.rules) * 1:48553 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file download request (file-identify.rules) * 1:48554 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules) * 1:48555 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules) * 1:48556 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules) * 1:49495 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:49497 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:49512 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49513 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49514 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49515 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49516 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49517 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49518 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49519 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49520 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49791 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49792 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49793 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49794 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:50870 <-> ENABLED <-> APP-DETECT Quagga password challenge detected (app-detect.rules) * 1:50874 <-> ENABLED <-> FILE-IDENTIFY Fax Cover Page file magic detected (file-identify.rules) * 1:50875 <-> ENABLED <-> FILE-IDENTIFY Fax Cover Page file magic detected (file-identify.rules) * 1:51024 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:51268 <-> ENABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 download load file attempt (file-other.rules) * 1:51992 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:51993 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:51994 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:52056 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules) * 1:53213 <-> ENABLED <-> PROTOCOL-OTHER MQTT Connect control packet detected (protocol-other.rules) * 1:53861 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Astaroth outbound beacon (malware-cnc.rules) * 1:6010 <-> ENABLED <-> SERVER-OTHER VERITAS NetBackup vnetd connection attempt (server-other.rules) * 1:6469 <-> ENABLED <-> SERVER-OTHER RealVNC connection attempt (server-other.rules) * 1:6472 <-> ENABLED <-> MALWARE-BACKDOOR bugs runtime detection - file manager client-to-server (malware-backdoor.rules) * 1:7106 <-> ENABLED <-> MALWARE-BACKDOOR girlfriend runtime detection (malware-backdoor.rules) * 1:7111 <-> ENABLED <-> MALWARE-BACKDOOR fearless lite 1.01 runtime detection (malware-backdoor.rules) * 1:7506 <-> ENABLED <-> MALWARE-TOOLS Hacker-Tool coma runtime detection - init connection - flowbit set (malware-tools.rules) * 1:7641 <-> ENABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client-to-server (malware-backdoor.rules) * 1:8355 <-> ENABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection (malware-other.rules) * 1:8445 <-> ENABLED <-> FILE-OFFICE Microsoft Windows RTF file with embedded object package download attempt (file-office.rules) * 1:9845 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53964 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784064-0 download attempt (malware-other.rules) * 1:53965 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784063-0 download attempt (malware-other.rules) * 1:53983 <-> ENABLED <-> OS-WINDOWS Windows print spooler elevation of privilege attempt (os-windows.rules) * 1:53973 <-> DISABLED <-> MALWARE-OTHER CobaltStrike powershell web delivery attempt (malware-other.rules) * 1:53969 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules) * 1:53967 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules) * 1:53980 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-7784396-0 download attempt (malware-other.rules) * 1:53979 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-7784396-0 download attempt (malware-other.rules) * 1:53976 <-> DISABLED <-> BROWSER-WEBKIT WebKit use-after-free remote code execution attempt (browser-webkit.rules) * 1:53960 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif malicious outbound connection attempt - gravity generated detection (malware-other.rules) * 1:53981 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Palevo-7785322-0 download attempt (malware-other.rules) * 1:53978 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules) * 1:53966 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784063-0 download attempt (malware-other.rules) * 1:53974 <-> DISABLED <-> MALWARE-OTHER CobaltStrike powershell web delivery attempt (malware-other.rules) * 1:53972 <-> ENABLED <-> MALWARE-OTHER CobaltStrike beacon.dll DNS download attempt (malware-other.rules) * 1:53982 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Palevo-7785322-0 download attempt (malware-other.rules) * 1:53963 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784064-0 download attempt (malware-other.rules) * 1:53968 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules) * 1:53971 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andariel outbound connection attempt (malware-cnc.rules) * 1:53984 <-> DISABLED <-> OS-WINDOWS Windows print spooler elevation of privilege attempt (os-windows.rules) * 1:53977 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules) * 1:53962 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7783851-0 download attempt (malware-other.rules) * 1:53975 <-> DISABLED <-> INDICATOR-COMPROMISE CobaltStrike multiple large DNS TXT query responses (indicator-compromise.rules) * 1:53961 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7783851-0 download attempt (malware-other.rules) * 1:53985 <-> ENABLED <-> INDICATOR-COMPROMISE msiexec.exe command execution over DNS attempt (indicator-compromise.rules) * 1:53970 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules)
* 1:25945 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25944 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:26059 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:26058 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:26057 <-> ENABLED <-> FILE-IDENTIFY ZIP file download detected (file-identify.rules) * 1:26060 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules) * 1:26061 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:26062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:26063 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file download request (file-identify.rules) * 1:26064 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file attachment detected (file-identify.rules) * 1:26065 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file attachment detected (file-identify.rules) * 1:26083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:26084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:26085 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:26126 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file download request (file-identify.rules) * 1:26127 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules) * 1:26128 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules) * 1:26206 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file download request (file-identify.rules) * 1:26207 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (file-identify.rules) * 1:26208 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (file-identify.rules) * 1:26251 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:26429 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP malformed onStatus message type confusion attempt (file-flash.rules) * 1:26458 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file download request (file-identify.rules) * 1:26465 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules) * 1:26466 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules) * 1:26492 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file download request (file-identify.rules) * 1:26493 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules) * 1:26494 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules) * 1:26514 <-> ENABLED <-> FILE-IDENTIFY maplet file download attempt (file-identify.rules) * 1:26515 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (file-identify.rules) * 1:26516 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (file-identify.rules) * 1:26517 <-> ENABLED <-> FILE-IDENTIFY maplet bin file download attempt (file-identify.rules) * 1:26644 <-> ENABLED <-> SERVER-OTHER SSL TLS DEFLATE compression detected (server-other.rules) * 1:26902 <-> ENABLED <-> FILE-IDENTIFY Android APK download request (file-identify.rules) * 1:26903 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (file-identify.rules) * 1:26904 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (file-identify.rules) * 1:27022 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules) * 1:27121 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules) * 1:27275 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules) * 1:27276 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules) * 1:27277 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file download request (file-identify.rules) * 1:27542 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules) * 1:27543 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules) * 1:28367 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules) * 1:28368 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules) * 1:28369 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules) * 1:28370 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules) * 1:28382 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index file download request (file-identify.rules) * 1:28383 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (file-identify.rules) * 1:28384 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (file-identify.rules) * 1:28425 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules) * 1:28497 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file magic detected (file-identify.rules) * 1:28507 <-> ENABLED <-> FILE-IDENTIFY Microsoft Write file download file attachment detected (file-identify.rules) * 1:28508 <-> ENABLED <-> FILE-IDENTIFY Microsoft Write file download file attachment detected (file-identify.rules) * 1:28570 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules) * 1:28571 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules) * 1:28572 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules) * 1:28573 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules) * 1:28574 <-> ENABLED <-> FILE-IDENTIFY FDF file download request (file-identify.rules) * 1:28610 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit exploit payload retreive attempt (exploit-kit.rules) * 1:28894 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules) * 1:28895 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules) * 1:28896 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file attachment detected (file-identify.rules) * 1:28897 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules) * 1:28898 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules) * 1:28899 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules) * 1:28900 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules) * 1:28901 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file download request (file-identify.rules) * 1:29006 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (file-identify.rules) * 1:29007 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (file-identify.rules) * 1:29008 <-> ENABLED <-> FILE-IDENTIFY XWD image file download request (file-identify.rules) * 1:29162 <-> ENABLED <-> FILE-IDENTIFY CIS file download request (file-identify.rules) * 1:29274 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules) * 1:29275 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules) * 1:29276 <-> ENABLED <-> FILE-IDENTIFY XFDL file download request (file-identify.rules) * 1:29384 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file download request (file-identify.rules) * 1:29385 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules) * 1:29386 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules) * 1:29405 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules) * 1:29406 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules) * 1:29407 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file download request (file-identify.rules) * 1:29439 <-> ENABLED <-> FILE-IDENTIFY MSI file download request (file-identify.rules) * 1:29514 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules) * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29612 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules) * 1:29613 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules) * 1:29614 <-> ENABLED <-> FILE-IDENTIFY XPS file download request (file-identify.rules) * 1:29752 <-> ENABLED <-> SERVER-WEBAPP HP Intelligent Management Center SOM authentication bypass attempt (server-webapp.rules) * 1:30014 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules) * 1:30015 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules) * 1:30016 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules) * 1:30017 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules) * 1:30018 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file download request (file-identify.rules) * 1:30532 <-> ENABLED <-> FILE-MULTIMEDIA CoCSoft Stream Download session (file-multimedia.rules) * 1:30756 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:30757 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:30758 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:30759 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:30760 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file download request (file-identify.rules) * 1:30969 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Internet Explorer landing page (exploit-kit.rules) * 1:30972 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Silverlight landing page (exploit-kit.rules) * 1:3135 <-> ENABLED <-> NETBIOS SMB Trans2 QUERY_FILE_INFO attempt (netbios.rules) * 1:3136 <-> ENABLED <-> NETBIOS SMB Trans2 QUERY_FILE_INFO andx attempt (netbios.rules) * 1:3137 <-> ENABLED <-> NETBIOS SMB-DS Trans2 QUERY_FILE_INFO attempt (netbios.rules) * 1:3138 <-> ENABLED <-> NETBIOS SMB-DS Trans2 QUERY_FILE_INFO andx attempt (netbios.rules) * 1:3139 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 attempt (netbios.rules) * 1:3140 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 andx attempt (netbios.rules) * 1:3141 <-> ENABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 attempt (netbios.rules) * 1:3142 <-> ENABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 andx attempt (netbios.rules) * 1:31481 <-> ENABLED <-> SERVER-OTHER OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31482 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31483 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31484 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31591 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules) * 1:31675 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules) * 1:31676 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules) * 1:31702 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:31703 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:31773 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31774 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31775 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31776 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules) * 1:31871 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules) * 1:32005 <-> ENABLED <-> MALWARE-BACKDOOR AlienSpy RAT outbound connection (malware-backdoor.rules) * 1:32134 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules) * 1:32135 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules) * 1:32165 <-> ENABLED <-> FILE-IDENTIFY SVG file magic detected (file-identify.rules) * 1:32251 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules) * 1:32252 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules) * 1:32253 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file download request (file-identify.rules) * 1:32345 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules) * 1:32378 <-> ENABLED <-> FILE-IDENTIFY bmp file attachment detected (file-identify.rules) * 1:32380 <-> ENABLED <-> FILE-IDENTIFY dib file attachment detected (file-identify.rules) * 1:32525 <-> ENABLED <-> BROWSER-OTHER FreeBSD tnftp client detected (browser-other.rules) * 1:32616 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (file-identify.rules) * 1:32617 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (file-identify.rules) * 1:32618 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file download request (file-identify.rules) * 1:32877 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules) * 1:32878 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules) * 1:32880 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound payload request (exploit-kit.rules) * 1:32945 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (file-identify.rules) * 1:32946 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (file-identify.rules) * 1:32947 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file download request (file-identify.rules) * 1:33026 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules) * 1:33027 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules) * 1:33028 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file download request (file-identify.rules) * 1:33221 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules) * 1:33640 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file download request (file-identify.rules) * 1:33641 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (file-identify.rules) * 1:33642 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (file-identify.rules) * 1:33666 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file download request (file-identify.rules) * 1:33667 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (file-identify.rules) * 1:33668 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (file-identify.rules) * 1:33825 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules) * 1:34395 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules) * 1:34396 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules) * 1:34397 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download request (file-identify.rules) * 1:34398 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download attempt (file-identify.rules) * 1:34629 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules) * 1:34630 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules) * 1:34631 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file download request (file-identify.rules) * 1:35247 <-> ENABLED <-> FILE-IDENTIFY GNI file download request (file-identify.rules) * 1:35248 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (file-identify.rules) * 1:35249 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (file-identify.rules) * 1:35250 <-> ENABLED <-> FILE-IDENTIFY GNI file magic detected (file-identify.rules) * 1:35432 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules) * 1:35433 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules) * 1:35455 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules) * 1:35456 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules) * 1:35457 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules) * 1:35458 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules) * 1:35459 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file download request (file-identify.rules) * 1:3551 <-> ENABLED <-> FILE-IDENTIFY HTA file download request (file-identify.rules) * 1:35688 <-> ENABLED <-> PROTOCOL-OTHER MiniUPNP rootdesc.xml file request (protocol-other.rules) * 1:35795 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (file-identify.rules) * 1:35796 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (file-identify.rules) * 1:35797 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file download request (file-identify.rules) * 1:35852 <-> ENABLED <-> FILE-IDENTIFY JPEG file upload detected (file-identify.rules) * 1:35979 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file download request (file-identify.rules) * 1:35980 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (file-identify.rules) * 1:35981 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (file-identify.rules) * 1:36058 <-> ENABLED <-> FILE-IDENTIFY OLE Document upload detected (file-identify.rules) * 1:36531 <-> ENABLED <-> FILE-IDENTIFY Oracle Java JMX management loading mlet detected (file-identify.rules) * 1:3665 <-> ENABLED <-> SERVER-MYSQL server greeting (server-mysql.rules) * 1:36711 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file attachment detected (file-identify.rules) * 1:36748 <-> ENABLED <-> FILE-IDENTIFY TTF file attachment detected (file-identify.rules) * 1:36815 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO incoming token detected (server-other.rules) * 1:36816 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 IAKERB outbound token detected (server-other.rules) * 1:37418 <-> ENABLED <-> MALWARE-BACKDOOR Adzok RAT inbound connection (malware-backdoor.rules) * 1:37546 <-> ENABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager connection attempt (server-other.rules) * 1:37784 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules) * 1:37785 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules) * 1:37786 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules) * 1:37787 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules) * 1:37788 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file download request (file-identify.rules) * 1:38291 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (file-identify.rules) * 1:38292 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (file-identify.rules) * 1:38306 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (file-identify.rules) * 1:38307 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (file-identify.rules) * 1:38461 <-> ENABLED <-> OS-WINDOWS DCERPC Bind auth level packet privacy connection detected (os-windows.rules) * 1:38851 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file download request (file-identify.rules) * 1:38852 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (file-identify.rules) * 1:38853 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (file-identify.rules) * 1:38854 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (file-identify.rules) * 1:38855 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (file-identify.rules) * 1:38862 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file download request (file-identify.rules) * 1:38863 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules) * 1:38864 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules) * 1:38865 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules) * 1:38866 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules) * 1:39776 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (file-identify.rules) * 1:39777 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (file-identify.rules) * 1:39778 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file download request (file-identify.rules) * 1:39903 <-> ENABLED <-> FILE-OFFICE Microsoft Windows RTF file with embedded object package SMTP upload attempt (file-office.rules) * 1:40017 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file download request (file-identify.rules) * 1:40018 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules) * 1:40019 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules) * 1:40020 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules) * 1:40021 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules) * 1:40035 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules) * 1:40036 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules) * 1:40065 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NFS Server NULL pointer dereference denial-of-service attempt (os-windows.rules) * 1:40118 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file download request (file-identify.rules) * 1:40119 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file attachment detected (file-identify.rules) * 1:40120 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file attachment detected (file-identify.rules) * 1:40387 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (file-identify.rules) * 1:40388 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (file-identify.rules) * 1:40389 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (file-identify.rules) * 1:40390 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (file-identify.rules) * 1:40391 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file download request (file-identify.rules) * 1:40891 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file download request (file-identify.rules) * 1:40892 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (file-identify.rules) * 1:40893 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (file-identify.rules) * 1:40908 <-> ENABLED <-> SERVER-OTHER Foscam C1 backdoor account ftp login attempt (server-other.rules) * 1:40979 <-> ENABLED <-> FILE-IDENTIFY ico file download request (file-identify.rules) * 1:40980 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules) * 1:40981 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules) * 1:41081 <-> ENABLED <-> SERVER-OTHER Tarantool initial connection banner detected (server-other.rules) * 1:4143 <-> ENABLED <-> SERVER-OTHER lpd receive printer job cascade adaptor protocol request (server-other.rules) * 1:42072 <-> DISABLED <-> SERVER-WEBAPP Aultware pwStore denial of service attempt (server-webapp.rules) * 1:42223 <-> ENABLED <-> FILE-IDENTIFY AOP file download request (file-identify.rules) * 1:42256 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB anonymous user session setup request detected (os-windows.rules) * 1:42257 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (file-identify.rules) * 1:42258 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:42259 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:42260 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:42261 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (file-identify.rules) * 1:42262 <-> ENABLED <-> FILE-IDENTIFY ISO file download request (file-identify.rules) * 1:42332 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant ping command (malware-cnc.rules) * 1:42363 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:42364 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:42365 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:42366 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:42367 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:42368 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:42369 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:42370 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:42371 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:42918 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:43002 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules) * 1:43003 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules) * 1:43067 <-> ENABLED <-> PROTOCOL-IMAP IMAP CRAM-MD5 authentication attempt (protocol-imap.rules) * 1:43080 <-> ENABLED <-> BROWSER-OTHER Foscam IP Camera User-Agent string detected (browser-other.rules) * 1:43099 <-> ENABLED <-> SERVER-WEBAPP Simple SCADA web-socket connection initialization attempt (server-webapp.rules) * 1:43363 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:43364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:43891 <-> ENABLED <-> MALWARE-OTHER Win.Malware.Emotet variant lateral propagation (malware-other.rules) * 1:44030 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint ppt file attachment detected file attachment detected (file-identify.rules) * 1:44165 <-> ENABLED <-> SERVER-WEBAPP websocket protocol upgrade request detected (server-webapp.rules) * 1:44231 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word doc file attachment detected (file-identify.rules) * 1:44275 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:44441 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (file-identify.rules) * 1:44442 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (file-identify.rules) * 1:45515 <-> ENABLED <-> NETBIOS SMB SESSION_SETUP subcommand detected (netbios.rules) * 1:46367 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file download detected (file-identify.rules) * 1:46393 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file detected (file-identify.rules) * 1:46394 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file attachment detected (file-identify.rules) * 1:48553 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file download request (file-identify.rules) * 1:48554 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules) * 1:48555 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules) * 1:48556 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules) * 1:49495 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:49497 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:49512 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49513 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49514 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49515 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49516 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49517 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49518 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49519 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49520 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49791 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49792 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49793 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49794 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:50870 <-> ENABLED <-> APP-DETECT Quagga password challenge detected (app-detect.rules) * 1:50874 <-> ENABLED <-> FILE-IDENTIFY Fax Cover Page file magic detected (file-identify.rules) * 1:50875 <-> ENABLED <-> FILE-IDENTIFY Fax Cover Page file magic detected (file-identify.rules) * 1:51024 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:51268 <-> ENABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 download load file attempt (file-other.rules) * 1:51992 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:51993 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:51994 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:52056 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules) * 1:53213 <-> ENABLED <-> PROTOCOL-OTHER MQTT Connect control packet detected (protocol-other.rules) * 1:53861 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Astaroth outbound beacon (malware-cnc.rules) * 1:6010 <-> ENABLED <-> SERVER-OTHER VERITAS NetBackup vnetd connection attempt (server-other.rules) * 1:6469 <-> ENABLED <-> SERVER-OTHER RealVNC connection attempt (server-other.rules) * 1:6472 <-> ENABLED <-> MALWARE-BACKDOOR bugs runtime detection - file manager client-to-server (malware-backdoor.rules) * 1:7106 <-> ENABLED <-> MALWARE-BACKDOOR girlfriend runtime detection (malware-backdoor.rules) * 1:7111 <-> ENABLED <-> MALWARE-BACKDOOR fearless lite 1.01 runtime detection (malware-backdoor.rules) * 1:7506 <-> ENABLED <-> MALWARE-TOOLS Hacker-Tool coma runtime detection - init connection - flowbit set (malware-tools.rules) * 1:7641 <-> ENABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client-to-server (malware-backdoor.rules) * 1:8355 <-> ENABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection (malware-other.rules) * 1:8445 <-> ENABLED <-> FILE-OFFICE Microsoft Windows RTF file with embedded object package download attempt (file-office.rules) * 1:9845 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules) * 1:10097 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules) * 1:10099 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules) * 1:10103 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules) * 1:10104 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules) * 1:10110 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.1.2 runtime detection (malware-backdoor.rules) * 1:10450 <-> ENABLED <-> MALWARE-BACKDOOR only 1 rat runtime detection - control command (malware-backdoor.rules) * 1:10455 <-> ENABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (malware-backdoor.rules) * 1:10460 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - get system info (malware-backdoor.rules) * 1:10462 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - explorer (malware-backdoor.rules) * 1:11004 <-> ENABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication request detected (protocol-imap.rules) * 1:11322 <-> ENABLED <-> MALWARE-BACKDOOR sohoanywhere runtime detection (malware-backdoor.rules) * 1:11835 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules) * 1:11953 <-> ENABLED <-> MALWARE-BACKDOOR supervisor plus runtime detection (malware-backdoor.rules) * 1:12054 <-> ENABLED <-> MALWARE-BACKDOOR tron runtime detection - init connection - flowbit set (malware-backdoor.rules) * 1:12129 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - get sys info (malware-other.rules) * 1:12131 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - keylogging (malware-other.rules) * 1:12133 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - open url (malware-other.rules) * 1:12135 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - fun (malware-other.rules) * 1:12142 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - init connection (malware-backdoor.rules) * 1:12144 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - rpc setup (malware-backdoor.rules) * 1:12146 <-> ENABLED <-> MALWARE-BACKDOOR blue eye 1.0b runtime detection - init connection (malware-backdoor.rules) * 1:12148 <-> ENABLED <-> MALWARE-BACKDOOR back orifice 2006 - v1.1.5 runtime detection - init connection (malware-backdoor.rules) * 1:12150 <-> ENABLED <-> MALWARE-BACKDOOR cafeini 1.0 runtime detection - init connection (malware-backdoor.rules) * 1:12153 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules) * 1:12154 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules) * 1:12156 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules) * 1:12157 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules) * 1:12160 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules) * 1:12161 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules) * 1:12163 <-> ENABLED <-> MALWARE-BACKDOOR cobra uploader 1.0 runtime detection (malware-backdoor.rules) * 1:12182 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules) * 1:12233 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with no password (malware-backdoor.rules) * 1:12235 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with password (malware-backdoor.rules) * 1:12237 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - ftp (malware-backdoor.rules) * 1:12240 <-> ENABLED <-> MALWARE-BACKDOOR genie 1.7 runtime detection - init connection (malware-backdoor.rules) * 1:12242 <-> ENABLED <-> MALWARE-BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (malware-backdoor.rules) * 1:12283 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules) * 1:12297 <-> ENABLED <-> MALWARE-BACKDOOR bifrost v1.2.1 runtime detection (malware-backdoor.rules) * 1:12373 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - initial connection (malware-backdoor.rules) * 1:12375 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - login & remote control (malware-backdoor.rules) * 1:12377 <-> ENABLED <-> MALWARE-BACKDOOR shark 2.3.2 runtime detection (malware-backdoor.rules) * 1:12454 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules) * 1:12455 <-> ENABLED <-> FILE-IDENTIFY SAP Crystal Reports file download request (file-identify.rules) * 1:12699 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.3.0 runtime detection - init connection (malware-backdoor.rules) * 1:12724 <-> ENABLED <-> MALWARE-BACKDOOR dark moon 4.11 runtime detection (malware-backdoor.rules) * 1:12726 <-> ENABLED <-> MALWARE-BACKDOOR bandook 1.35 runtime detection (malware-backdoor.rules) * 1:12758 <-> ENABLED <-> MALWARE-OTHER Keylogger/RAT digi watcher 2.32 runtime detection (malware-other.rules) * 1:12760 <-> ENABLED <-> MALWARE-OTHER Keylogger powered Keylogger 2.2 runtime detection (malware-other.rules) * 1:12792 <-> ENABLED <-> MALWARE-OTHER Keylogger spy lantern Keylogger pro 6.0 runtime detection (malware-other.rules) * 1:12972 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player asf/wmv/wma file magic detected (file-identify.rules) * 1:13236 <-> ENABLED <-> MALWARE-OTHER Keylogger active Keylogger 3.9.2 runtime detection (malware-other.rules) * 1:13243 <-> ENABLED <-> MALWARE-OTHER Keylogger computer monitor 1.1 by lastcomfort runtime detection (malware-other.rules) * 1:13247 <-> ENABLED <-> MALWARE-BACKDOOR yuri 1.2 runtime detection - init connection (malware-backdoor.rules) * 1:13278 <-> ENABLED <-> MALWARE-OTHER Keylogger advanced spy 4.0 runtime detection (malware-other.rules) * 1:13280 <-> ENABLED <-> MALWARE-OTHER Keylogger email spy monitor 6.9 runtime detection (malware-other.rules) * 1:13346 <-> ENABLED <-> PUA-ADWARE Snoopware remote desktop inspector outbound connection - init connection (pua-adware.rules) * 1:13465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file download request (file-identify.rules) * 1:13479 <-> ENABLED <-> MALWARE-OTHER Keylogger findnot guarddog 4.0 runtime detection (malware-other.rules) * 1:13483 <-> ENABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - updates automatically (pua-toolbars.rules) * 1:13506 <-> ENABLED <-> MALWARE-BACKDOOR evilotus 1.3.2 runtime detection - init connection (malware-backdoor.rules) * 1:13515 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime user agent (file-multimedia.rules) * 1:13583 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file download request (file-identify.rules) * 1:13584 <-> ENABLED <-> FILE-IDENTIFY CSV file download request (file-identify.rules) * 1:13585 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules) * 1:13767 <-> ENABLED <-> MALWARE-OTHER Keylogger cyber sitter runtime detection (malware-other.rules) * 1:13797 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules) * 1:13801 <-> ENABLED <-> FILE-IDENTIFY RTF file download request (file-identify.rules) * 1:13898 <-> ENABLED <-> APP-DETECT Apple iTunes client request for server info (app-detect.rules) * 1:13915 <-> ENABLED <-> FILE-IDENTIFY BAK file download request (file-identify.rules) * 1:13938 <-> ENABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant outbound connection (pua-adware.rules) * 1:13943 <-> ENABLED <-> PUA-ADWARE Trickler dropper agent.rqg outbound connection (pua-adware.rules) * 1:13983 <-> ENABLED <-> FILE-IDENTIFY EPS file download request (file-identify.rules) * 1:14017 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file download request (file-identify.rules) * 1:14018 <-> ENABLED <-> FILE-IDENTIFY PLS multimedia playlist file download request (file-identify.rules) * 1:14264 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player playlist download (file-identify.rules) * 1:15013 <-> ENABLED <-> FILE-IDENTIFY PDF file download request (file-identify.rules) * 1:15079 <-> ENABLED <-> FILE-IDENTIFY WAV file download request (file-identify.rules) * 1:15158 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file download request (file-identify.rules) * 1:15237 <-> ENABLED <-> FILE-IDENTIFY Java .class file download request (file-identify.rules) * 1:15239 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules) * 1:15240 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules) * 1:15294 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file download request (file-identify.rules) * 1:15319 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules) * 1:15320 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules) * 1:15321 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules) * 1:15322 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules) * 1:15323 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules) * 1:15324 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules) * 1:15325 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules) * 1:15326 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules) * 1:15361 <-> ENABLED <-> FILE-PDF pdf file sent via email (file-pdf.rules) * 1:15385 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file download request (file-identify.rules) * 1:15426 <-> ENABLED <-> FILE-IDENTIFY MAKI file download request (file-identify.rules) * 1:15427 <-> ENABLED <-> FILE-IDENTIFY SVG file download request (file-identify.rules) * 1:15444 <-> ENABLED <-> FILE-IDENTIFY Core Audio Format file download request (file-identify.rules) * 1:15463 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:15464 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:15468 <-> ENABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat dll request (browser-ie.rules) * 1:15483 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:15516 <-> ENABLED <-> FILE-IDENTIFY AVI multimedia file download request (file-identify.rules) * 1:15518 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file download request (file-identify.rules) * 1:15582 <-> ENABLED <-> FILE-IDENTIFY ARJ format file download request (file-identify.rules) * 1:15586 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules) * 1:15587 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules) * 1:15865 <-> ENABLED <-> FILE-IDENTIFY MP4 file download request (file-identify.rules) * 1:15870 <-> ENABLED <-> FILE-IDENTIFY 4XM file download request (file-identify.rules) * 1:15900 <-> ENABLED <-> FILE-IDENTIFY Audio Interchange file download request (file-identify.rules) * 1:15921 <-> ENABLED <-> FILE-IDENTIFY Microsoft multimedia format file download request (file-identify.rules) * 1:15922 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules) * 1:15945 <-> ENABLED <-> FILE-IDENTIFY RSS file download request (file-identify.rules) * 1:15987 <-> ENABLED <-> FILE-IDENTIFY DXF file download request (file-identify.rules) * 1:16061 <-> ENABLED <-> FILE-IDENTIFY X PixMap file download request (file-identify.rules) * 1:16143 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules) * 1:16205 <-> ENABLED <-> FILE-IDENTIFY BMP file download request (file-identify.rules) * 1:16219 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules) * 1:16254 <-> ENABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (pua-adware.rules) * 1:16286 <-> ENABLED <-> FILE-IDENTIFY TrueType font file download request (file-identify.rules) * 1:16381 <-> ENABLED <-> NETBIOS SMB session negotiation request (netbios.rules) * 1:16406 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16407 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker project file download request (file-identify.rules) * 1:16474 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules) * 1:16476 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducer file download request (file-identify.rules) * 1:16477 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerZ file download request (file-identify.rules) * 1:16478 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerBF file download request (file-identify.rules) * 1:16529 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16538 <-> ENABLED <-> NETBIOS NT QUERY SECURITY DESC flowbit (netbios.rules) * 1:16556 <-> ENABLED <-> FILE-OTHER 2imaegshack/lmageshack IM worm get request attempt (file-other.rules) * 1:16594 <-> ENABLED <-> PROTOCOL-POP STAT command (protocol-pop.rules) * 1:16630 <-> ENABLED <-> FILE-IDENTIFY DAT file download request (file-identify.rules) * 1:16691 <-> ENABLED <-> FILE-IDENTIFY PLF playlist file download request (file-identify.rules) * 1:16742 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file download request (file-identify.rules) * 1:16754 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand andx create tree attempt (netbios.rules) * 1:16755 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand create tree attempt (netbios.rules) * 1:16756 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode andx create tree attempt (netbios.rules) * 1:16757 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode create tree attempt (netbios.rules) * 1:17116 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASX file download request (file-identify.rules) * 1:17151 <-> ENABLED <-> NETBIOS SMB negotiate protocol request - ascii strings (netbios.rules) * 1:17229 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules) * 1:17230 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules) * 1:17241 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media wmv file download request (file-identify.rules) * 1:17259 <-> ENABLED <-> FILE-IDENTIFY MOV file download request (file-identify.rules) * 1:17314 <-> ENABLED <-> FILE-IDENTIFY OLE document file magic detected (file-identify.rules) * 1:17327 <-> ENABLED <-> SERVER-MAIL Qualcomm WorldMail Server Response (server-mail.rules) * 1:17332 <-> ENABLED <-> SERVER-MAIL Content-Disposition attachment (server-mail.rules) * 1:17359 <-> ENABLED <-> FILE-IDENTIFY XBM image file download request (file-identify.rules) * 1:17364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Help Workshop CNT Help file download request (file-identify.rules) * 1:17370 <-> ENABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules) * 1:17380 <-> ENABLED <-> FILE-IDENTIFY PNG file download request (file-identify.rules) * 1:17394 <-> ENABLED <-> FILE-IDENTIFY GIF file download request (file-identify.rules) * 1:17396 <-> ENABLED <-> SERVER-OTHER VNC client authentication response (server-other.rules) * 1:17418 <-> ENABLED <-> SERVER-ORACLE Oracle connection established (server-oracle.rules) * 1:17426 <-> ENABLED <-> FILE-IDENTIFY RAT file download request (file-identify.rules) * 1:17441 <-> ENABLED <-> FILE-IDENTIFY LNK file download request (file-identify.rules) * 1:17447 <-> ENABLED <-> SERVER-WEBAPP 407 Proxy Authentication Required (server-webapp.rules) * 1:17508 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file download request (file-identify.rules) * 1:17509 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Manifest file download request (file-identify.rules) * 1:17534 <-> ENABLED <-> SERVER-OTHER IPP Application Content (server-other.rules) * 1:17540 <-> ENABLED <-> FILE-IDENTIFY LZH file download request (file-identify.rules) * 1:17547 <-> ENABLED <-> FILE-IDENTIFY SMIL file download request (file-identify.rules) * 1:17552 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file download request (file-identify.rules) * 1:17598 <-> ENABLED <-> SERVER-OTHER IBM DB2 Universal Database accsec command without rdbnam (server-other.rules) * 1:17600 <-> ENABLED <-> FILE-IDENTIFY XUL file download request (file-identify.rules) * 1:17679 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules) * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (file-identify.rules) * 1:17733 <-> ENABLED <-> FILE-IDENTIFY XML file download request (file-identify.rules) * 1:17739 <-> ENABLED <-> FILE-IDENTIFY FlashPix file download request (file-identify.rules) * 1:17745 <-> ENABLED <-> NETBIOS SMB TRANS2 Find_First2 request attempt (netbios.rules) * 1:17751 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file download request (file-identify.rules) * 1:17801 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules) * 1:17802 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules) * 1:17809 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime qt file download request (file-identify.rules) * 1:18234 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules) * 1:18273 <-> ENABLED <-> FILE-IDENTIFY BAT file download request (file-identify.rules) * 1:18274 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Mail file download request (file-identify.rules) * 1:18516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules) * 1:18593 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file download request (file-identify.rules) * 1:18675 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules) * 1:19128 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules) * 1:19129 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules) * 1:19166 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules) * 1:19190 <-> ENABLED <-> NETBIOS SMB-DS Trans2 Distributed File System GET_DFS_REFERRAL request (netbios.rules) * 1:19211 <-> ENABLED <-> FILE-IDENTIFY ZIP archive file download request (file-identify.rules) * 1:19215 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file download request (file-identify.rules) * 1:19218 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules) * 1:19224 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex wrf file download request (file-identify.rules) * 1:19252 <-> ENABLED <-> FILE-IDENTIFY language.engtesselate.ln file download request (file-identify.rules) * 1:19289 <-> ENABLED <-> FILE-IDENTIFY MHTML file download request (file-identify.rules) * 1:19299 <-> ENABLED <-> SERVER-OTHER banner.txt access - possible compromised multi-mesh injection server (server-other.rules) * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:19324 <-> ENABLED <-> MALWARE-OTHER Keylogger WL-Keylogger inbound connection (malware-other.rules) * 1:19326 <-> ENABLED <-> PUA-ADWARE Classroom Spy Professional outbound connection - initial connection (pua-adware.rules) * 1:19392 <-> ENABLED <-> MALWARE-OTHER Keylogger Monitor.win32.perflogger (malware-other.rules) * 1:19422 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules) * 1:19423 <-> ENABLED <-> FILE-IDENTIFY MKV file download request (file-identify.rules) * 1:19424 <-> ENABLED <-> FILE-IDENTIFY MKA file download request (file-identify.rules) * 1:19425 <-> ENABLED <-> FILE-IDENTIFY MKS file download request (file-identify.rules) * 1:19430 <-> ENABLED <-> FILE-IDENTIFY MIDI file download request (file-identify.rules) * 1:19816 <-> ENABLED <-> NETBIOS Juniper NeoterisSetupService named pipe access attempt (netbios.rules) * 1:19899 <-> ENABLED <-> MALWARE-OTHER Tong Keylogger outbound connectiooutbound connection (malware-other.rules) * 1:19907 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules) * 1:20032 <-> ENABLED <-> FILE-IDENTIFY MIME file type file download request (file-identify.rules) * 1:20223 <-> ENABLED <-> FILE-IDENTIFY SMI file download request (file-identify.rules) * 1:20225 <-> ENABLED <-> FILE-OTHER SMI file download request (file-other.rules) * 1:20260 <-> ENABLED <-> FILE-IDENTIFY Microsoft Client Agent Helper JAR file download request (file-identify.rules) * 1:20269 <-> ENABLED <-> FILE-IDENTIFY FON font file download request (file-identify.rules) * 1:20274 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP NetShareEnumAll request (netbios.rules) * 1:20282 <-> ENABLED <-> FILE-IDENTIFY S3M file download request (file-identify.rules) * 1:20287 <-> ENABLED <-> FILE-IDENTIFY QCP file download request (file-identify.rules) * 1:20450 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules) * 1:20451 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules) * 1:20453 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (file-identify.rules) * 1:20454 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (file-identify.rules) * 1:20455 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (file-identify.rules) * 1:20456 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules) * 1:20458 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (file-identify.rules) * 1:20459 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules) * 1:20460 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:20461 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (file-identify.rules) * 1:20462 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules) * 1:20463 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20464 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20465 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20466 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20467 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20468 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20469 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20471 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules) * 1:20472 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules) * 1:20474 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (file-identify.rules) * 1:20475 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules) * 1:20476 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules) * 1:20477 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules) * 1:20478 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules) * 1:20479 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (file-identify.rules) * 1:20480 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules) * 1:20481 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:20483 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:20484 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (file-identify.rules) * 1:20485 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules) * 1:20486 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules) * 1:20487 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (file-identify.rules) * 1:20488 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (file-identify.rules) * 1:20489 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules) * 1:20490 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (file-identify.rules) * 1:20491 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (file-identify.rules) * 1:20492 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules) * 1:20493 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules) * 1:20494 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules) * 1:20495 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20497 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20500 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20501 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20502 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20503 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20507 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20511 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules) * 1:20512 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules) * 1:20513 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules) * 1:20514 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules) * 1:20515 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (file-identify.rules) * 1:20516 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules) * 1:20518 <-> ENABLED <-> FILE-IDENTIFY rmf file download request (file-identify.rules) * 1:20519 <-> ENABLED <-> FILE-IDENTIFY vmd file download request (file-identify.rules) * 1:20520 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (file-identify.rules) * 1:20521 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules) * 1:20522 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules) * 1:20544 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player FLV file download request (file-identify.rules) * 1:20554 <-> ENABLED <-> PUA-OTHER Microsoft MSN Messenger and Windows Live Messenger Code Execution attempt (pua-other.rules) * 1:20563 <-> ENABLED <-> FILE-IDENTIFY amf file download request (file-identify.rules) * 1:20564 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules) * 1:20588 <-> ENABLED <-> FILE-IDENTIFY CDR file download request (file-identify.rules) * 1:20589 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (file-identify.rules) * 1:20621 <-> ENABLED <-> FILE-IDENTIFY JAR file download request (file-identify.rules) * 1:20723 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file download request (file-identify.rules) * 1:20733 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file download request (file-identify.rules) * 1:20750 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules) * 1:20751 <-> ENABLED <-> FILE-IDENTIFY webm file download request (file-identify.rules) * 1:20792 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:20793 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:20795 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules) * 1:20796 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules) * 1:20798 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20799 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20800 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules) * 1:20801 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules) * 1:20839 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file download request (file-identify.rules) * 1:20840 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file download request (file-identify.rules) * 1:20841 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file download request (file-identify.rules) * 1:20848 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules) * 1:20849 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules) * 1:20852 <-> ENABLED <-> FILE-IDENTIFY DAZ Studio script download request (file-identify.rules) * 1:20854 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules) * 1:20855 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules) * 1:20856 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules) * 1:20857 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules) * 1:20859 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya embedded language script download request (file-identify.rules) * 1:20860 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules) * 1:20869 <-> ENABLED <-> FILE-IDENTIFY Autodesk 3D Studio Maxscript download request (file-identify.rules) * 1:20871 <-> ENABLED <-> SERVER-WEBAPP Worldweaver DX Studio Player shell.execute command execution attempt (server-webapp.rules) * 1:20874 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup initialization packet (server-other.rules) * 1:20882 <-> ENABLED <-> FILE-OFFICE Microsoft Windows embedded packager object identifier (file-office.rules) * 1:20888 <-> ENABLED <-> FILE-IDENTIFY Video Spirit visprj download attempt (file-identify.rules) * 1:20893 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules) * 1:20894 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules) * 1:20895 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules) * 1:20896 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules) * 1:20897 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules) * 1:20898 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules) * 1:20899 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules) * 1:20905 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules) * 1:20906 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules) * 1:20907 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules) * 1:20908 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules) * 1:20909 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules) * 1:20910 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules) * 1:20911 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules) * 1:20912 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules) * 1:20913 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules) * 1:20914 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules) * 1:20915 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules) * 1:20916 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules) * 1:20917 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules) * 1:20918 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules) * 1:20924 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules) * 1:20925 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules) * 1:20926 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules) * 1:20928 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:20929 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules) * 1:20930 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules) * 1:20931 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules) * 1:20932 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules) * 1:20933 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules) * 1:20934 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules) * 1:20935 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules) * 1:20936 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules) * 1:20937 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20938 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20939 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20940 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20941 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20942 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20943 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20944 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20945 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20946 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20947 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20948 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20950 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20951 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20952 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20953 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20954 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20955 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20956 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20957 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20958 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20959 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20960 <-> ENABLED <-> FILE-IDENTIFY Flac file download request (file-identify.rules) * 1:20961 <-> ENABLED <-> FILE-IDENTIFY TTE file download request (file-identify.rules) * 1:20962 <-> ENABLED <-> FILE-IDENTIFY OTF file download request (file-identify.rules) * 1:20963 <-> ENABLED <-> FILE-IDENTIFY DIB file download request (file-identify.rules) * 1:20964 <-> ENABLED <-> FILE-IDENTIFY SAMI file download request (file-identify.rules) * 1:20965 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20966 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20967 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20968 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules) * 1:20969 <-> ENABLED <-> FILE-IDENTIFY M4A file download request (file-identify.rules) * 1:20970 <-> ENABLED <-> FILE-IDENTIFY M4P file download request (file-identify.rules) * 1:20971 <-> ENABLED <-> FILE-IDENTIFY M4R file download request (file-identify.rules) * 1:20972 <-> ENABLED <-> FILE-IDENTIFY M4V file magic request (file-identify.rules) * 1:20973 <-> ENABLED <-> FILE-IDENTIFY M4B file download request (file-identify.rules) * 1:20974 <-> ENABLED <-> FILE-IDENTIFY 3GP file download request (file-identify.rules) * 1:20975 <-> ENABLED <-> FILE-IDENTIFY 3G2 file download request (file-identify.rules) * 1:20976 <-> ENABLED <-> FILE-IDENTIFY K3G file download request (file-identify.rules) * 1:20977 <-> ENABLED <-> FILE-IDENTIFY SKM file download request (file-identify.rules) * 1:20978 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules) * 1:20979 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules) * 1:20980 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules) * 1:20981 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules) * 1:20982 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:20983 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:20986 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules) * 1:20987 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules) * 1:20991 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules) * 1:20992 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules) * 1:21005 <-> ENABLED <-> MALWARE-CNC Yang Pack yg.htm download request (malware-cnc.rules) * 1:21007 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules) * 1:21008 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file download request (file-identify.rules) * 1:21009 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules) * 1:21010 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules) * 1:21011 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:21012 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file download request (file-identify.rules) * 1:21013 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules) * 1:21014 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules) * 1:21015 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules) * 1:21016 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cyb file attachment detected (file-identify.rules) * 1:21017 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file attachment detected (file-identify.rules) * 1:21018 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file download request (file-identify.rules) * 1:21035 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules) * 1:21036 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules) * 1:21052 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file download request (file-identify.rules) * 1:21053 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules) * 1:21054 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules) * 1:21059 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules) * 1:21061 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21062 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21109 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file download request (file-identify.rules) * 1:21110 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules) * 1:21111 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules) * 1:21113 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules) * 1:21152 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules) * 1:21153 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules) * 1:21174 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer realtext file download request (file-identify.rules) * 1:21282 <-> ENABLED <-> FILE-IDENTIFY XSL file download request (file-identify.rules) * 1:21283 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules) * 1:21284 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules) * 1:21285 <-> ENABLED <-> FILE-IDENTIFY XSLT file download request (file-identify.rules) * 1:21286 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules) * 1:21287 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules) * 1:21288 <-> ENABLED <-> FILE-IDENTIFY XML download detected (file-identify.rules) * 1:21295 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules) * 1:21296 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules) * 1:21345 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar request (exploit-kit.rules) * 1:21347 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - .php?page= (exploit-kit.rules) * 1:21410 <-> ENABLED <-> FILE-IDENTIFY paq8o file download request (file-identify.rules) * 1:21411 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules) * 1:21412 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules) * 1:21432 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules) * 1:21433 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules) * 1:21434 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mentor variant outbound connection (malware-cnc.rules) * 1:21480 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:21498 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:21499 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules) * 1:21500 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules) * 1:21573 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file download request (file-identify.rules) * 1:21574 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules) * 1:21575 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules) * 1:21584 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file download request (file-identify.rules) * 1:21585 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules) * 1:21586 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules) * 1:21611 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules) * 1:21612 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules) * 1:21613 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules) * 1:21614 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules) * 1:21615 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules) * 1:21616 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules) * 1:21617 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules) * 1:21618 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules) * 1:21620 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules) * 1:21621 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules) * 1:21623 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules) * 1:21624 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules) * 1:21625 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules) * 1:21626 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules) * 1:21627 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules) * 1:21628 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules) * 1:21648 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21649 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21650 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules) * 1:21651 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21652 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21659 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page Requested - /Home/index.php (exploit-kit.rules) * 1:21660 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page Requested - /Index/index.php (exploit-kit.rules) * 1:21687 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules) * 1:21688 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules) * 1:21691 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules) * 1:21692 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules) * 1:21693 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules) * 1:21694 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules) * 1:21695 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules) * 1:21696 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules) * 1:21697 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules) * 1:21698 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules) * 1:21699 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules) * 1:21700 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules) * 1:21701 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:21702 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:21703 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21704 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21705 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:21706 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:21707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:21708 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:21709 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules) * 1:21710 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules) * 1:21711 <-> ENABLED <-> FILE-IDENTIFY PFA file download request (file-identify.rules) * 1:21712 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules) * 1:21713 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules) * 1:21714 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules) * 1:21715 <-> ENABLED <-> FILE-IDENTIFY PFB file download request (file-identify.rules) * 1:21716 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules) * 1:21717 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules) * 1:21718 <-> ENABLED <-> FILE-IDENTIFY PFM file download request (file-identify.rules) * 1:21719 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules) * 1:21720 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules) * 1:21721 <-> ENABLED <-> FILE-IDENTIFY AFM file download request (file-identify.rules) * 1:21722 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules) * 1:21723 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules) * 1:21724 <-> ENABLED <-> FILE-IDENTIFY ANI file download request (file-identify.rules) * 1:21725 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules) * 1:21726 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules) * 1:21727 <-> ENABLED <-> FILE-IDENTIFY ANI file magic detection (file-identify.rules) * 1:21728 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21729 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21730 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21731 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21732 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21733 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21734 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21735 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21736 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21737 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21738 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21739 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules) * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules) * 1:21742 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:21743 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:21744 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21745 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21746 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules) * 1:21747 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules) * 1:21748 <-> ENABLED <-> FILE-IDENTIFY HPJ file download request (file-identify.rules) * 1:21749 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules) * 1:21750 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules) * 1:21751 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules) * 1:21802 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file download request (file-identify.rules) * 1:21803 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules) * 1:21804 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules) * 1:21807 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file download request (file-identify.rules) * 1:21808 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules) * 1:21809 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules) * 1:21810 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules) * 1:21811 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file download request (file-identify.rules) * 1:21812 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules) * 1:21813 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules) * 1:21814 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules) * 1:21815 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules) * 1:21816 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules) * 1:21854 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules) * 1:21855 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules) * 1:21856 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:21857 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:21861 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules) * 1:21862 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules) * 1:21863 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules) * 1:21864 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules) * 1:21865 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21866 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21867 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21868 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21870 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules) * 1:21871 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules) * 1:21872 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules) * 1:21873 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules) * 1:21886 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules) * 1:21887 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules) * 1:21888 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules) * 1:21889 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules) * 1:21890 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21891 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21892 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21893 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21894 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules) * 1:21895 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules) * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21931 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules) * 1:21939 <-> ENABLED <-> PROTOCOL-TELNET RuggedCom telnet initial banner (protocol-telnet.rules) * 1:21999 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file magic detection (file-identify.rules) * 1:22013 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file download request (file-identify.rules) * 1:22014 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (file-identify.rules) * 1:22015 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (file-identify.rules) * 1:22016 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (file-identify.rules) * 1:22017 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file download request (file-identify.rules) * 1:22018 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (file-identify.rules) * 1:22019 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (file-identify.rules) * 1:22020 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (file-identify.rules) * 1:22021 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file download request (file-identify.rules) * 1:22022 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (file-identify.rules) * 1:22023 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (file-identify.rules) * 1:22024 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (file-identify.rules) * 1:22025 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file download request (file-identify.rules) * 1:22026 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (file-identify.rules) * 1:22027 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (file-identify.rules) * 1:22028 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (file-identify.rules) * 1:22043 <-> ENABLED <-> FILE-IDENTIFY XM file download request (file-identify.rules) * 1:22044 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (file-identify.rules) * 1:22045 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (file-identify.rules) * 1:22046 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (file-identify.rules) * 1:22082 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file download request (file-identify.rules) * 1:22083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file attachment detected (file-identify.rules) * 1:22084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file attachment detected (file-identify.rules) * 1:22943 <-> ENABLED <-> FILE-IDENTIFY NAB file download request (file-identify.rules) * 1:22944 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules) * 1:22945 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules) * 1:22946 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules) * 1:22955 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules) * 1:22956 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules) * 1:22961 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules) * 1:22962 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules) * 1:22963 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RMP file attachment detected (file-identify.rules) * 1:22964 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RMP file attachment detected (file-identify.rules) * 1:22965 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules) * 1:22966 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules) * 1:22967 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules) * 1:22968 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules) * 1:22969 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules) * 1:22970 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules) * 1:22971 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file attachment detected (file-identify.rules) * 1:22972 <-> ENABLED <-> FILE-IDENTIFY m3u playlist file file attachment detected (file-identify.rules) * 1:22973 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules) * 1:22974 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules) * 1:22975 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules) * 1:22976 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules) * 1:22977 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules) * 1:22978 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules) * 1:22979 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules) * 1:22980 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules) * 1:22981 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules) * 1:22982 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules) * 1:22983 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules) * 1:22984 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules) * 1:22985 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules) * 1:22986 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules) * 1:22987 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules) * 1:22988 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules) * 1:22989 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules) * 1:22990 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules) * 1:22991 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules) * 1:22992 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules) * 1:22993 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules) * 1:22994 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules) * 1:22995 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules) * 1:22996 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules) * 1:22997 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules) * 1:22998 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules) * 1:22999 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules) * 1:23000 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules) * 1:23001 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules) * 1:23002 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules) * 1:23003 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules) * 1:23011 <-> ENABLED <-> FILE-IDENTIFY Collada file download request (file-identify.rules) * 1:23012 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules) * 1:23013 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules) * 1:23167 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file download request (file-identify.rules) * 1:23168 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules) * 1:23169 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules) * 1:23188 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23189 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23190 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23191 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23192 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23193 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23194 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23195 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23196 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23197 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23198 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23199 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23200 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23201 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23202 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23205 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23206 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23207 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23208 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk Manager Interface initial banner (protocol-voip.rules) * 1:23224 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit landing page Requested - 8Digit.html (exploit-kit.rules) * 1:23319 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (file-identify.rules) * 1:23320 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (file-identify.rules) * 1:23321 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (file-identify.rules) * 1:23322 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (file-identify.rules) * 1:23347 <-> ENABLED <-> FILE-IDENTIFY Lotus file download request (file-identify.rules) * 1:23348 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules) * 1:23349 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules) * 1:23393 <-> ENABLED <-> SQL IBM SolidDB initial banner (sql.rules) * 1:23474 <-> ENABLED <-> FILE-IDENTIFY PLP file download request (file-identify.rules) * 1:23475 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (file-identify.rules) * 1:23476 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (file-identify.rules) * 1:23477 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (file-identify.rules) * 1:23486 <-> ENABLED <-> FILE-IDENTIFY JOB file download request (file-identify.rules) * 1:23487 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules) * 1:23488 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules) * 1:23496 <-> ENABLED <-> FILE-IDENTIFY CUR file download request (file-identify.rules) * 1:23497 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules) * 1:23498 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules) * 1:23605 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.xx - v2.xx file magic detected (file-identify.rules) * 1:23616 <-> ENABLED <-> APP-DETECT Amazon Kindle 3.0 User-Agent string requested (app-detect.rules) * 1:23637 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules) * 1:23638 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules) * 1:23639 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules) * 1:23640 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules) * 1:23642 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (file-identify.rules) * 1:23643 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (file-identify.rules) * 1:23644 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (file-identify.rules) * 1:23645 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules) * 1:23646 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (file-identify.rules) * 1:23647 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules) * 1:23648 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:23649 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (file-identify.rules) * 1:23650 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules) * 1:23651 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23652 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23653 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23654 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23655 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23656 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23657 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23658 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules) * 1:23659 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules) * 1:23660 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (file-identify.rules) * 1:23661 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules) * 1:23662 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules) * 1:23663 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules) * 1:23664 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules) * 1:23665 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (file-identify.rules) * 1:23666 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:23667 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:23668 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (file-identify.rules) * 1:23669 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules) * 1:23670 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules) * 1:23671 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (file-identify.rules) * 1:23672 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (file-identify.rules) * 1:23673 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules) * 1:23674 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (file-identify.rules) * 1:23675 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (file-identify.rules) * 1:23676 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules) * 1:23677 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules) * 1:23678 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules) * 1:23679 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23680 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23681 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23682 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23683 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23684 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23685 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23687 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23688 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules) * 1:23689 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules) * 1:23690 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules) * 1:23691 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules) * 1:23692 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (file-identify.rules) * 1:23693 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules) * 1:23694 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (file-identify.rules) * 1:23695 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules) * 1:23696 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules) * 1:23697 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules) * 1:23698 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules) * 1:23701 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules) * 1:23703 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules) * 1:23707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules) * 1:23709 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules) * 1:23710 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules) * 1:23711 <-> ENABLED <-> FILE-IDENTIFY OLE Document file magic detected (file-identify.rules) * 1:23712 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules) * 1:23720 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules) * 1:23721 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules) * 1:23723 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules) * 1:23724 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules) * 1:23725 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules) * 1:23726 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules) * 1:23727 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules) * 1:23728 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules) * 1:23729 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules) * 1:23730 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules) * 1:23731 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (file-identify.rules) * 1:23732 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player .asf file magic detected (file-identify.rules) * 1:23733 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules) * 1:23734 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules) * 1:23735 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules) * 1:23736 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules) * 1:23737 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:23738 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23739 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23740 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23741 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23742 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23743 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23744 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23745 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23746 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23747 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23748 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules) * 1:23749 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules) * 1:23750 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules) * 1:23751 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:23752 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules) * 1:23753 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules) * 1:23754 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules) * 1:23755 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules) * 1:23758 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:23759 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:23760 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules) * 1:23761 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules) * 1:23762 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules) * 1:23763 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules) * 1:23764 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules) * 1:23765 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules) * 1:23769 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (file-identify.rules) * 1:23770 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (file-identify.rules) * 1:23771 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (file-identify.rules) * 1:23772 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (file-identify.rules) * 1:23773 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (file-identify.rules) * 1:23774 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules) * 1:23775 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (file-identify.rules) * 1:23776 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (file-identify.rules) * 1:23777 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.xx - v2.xx file magic detected (file-identify.rules) * 1:23807 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23808 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23809 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23810 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23811 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23812 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23813 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23814 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23815 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23816 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23817 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23818 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23819 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23820 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23821 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23822 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules) * 1:23823 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules) * 1:23839 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules) * 1:23849 <-> ENABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules) * 1:23969 <-> ENABLED <-> OS-MOBILE Android SMSZombie APK file download (os-mobile.rules) * 1:24004 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:24005 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:24045 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file download request (file-identify.rules) * 1:24046 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (file-identify.rules) * 1:24047 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (file-identify.rules) * 1:24048 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file download request (file-identify.rules) * 1:24049 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (file-identify.rules) * 1:24050 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (file-identify.rules) * 1:24074 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules) * 1:24075 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules) * 1:24076 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules) * 1:24078 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules) * 1:24079 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules) * 1:24080 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:24081 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:24089 <-> ENABLED <-> OS-WINDOWS Microsoft WebDAV PROPFIND request (os-windows.rules) * 1:24100 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules) * 1:24101 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules) * 1:2419 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .ram playlist file download request (file-identify.rules) * 1:24190 <-> ENABLED <-> FILE-IDENTIFY X PixMap file magic detected (file-identify.rules) * 1:2420 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rmp playlist file download request (file-identify.rules) * 1:24206 <-> ENABLED <-> FILE-IDENTIFY LZH archive file magic detected (file-identify.rules) * 1:24213 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24218 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:24219 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:2422 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rt playlist file download request (file-identify.rules) * 1:2423 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rp playlist file download request (file-identify.rules) * 1:24284 <-> ENABLED <-> FILE-OFFICE Microsoft Office Drawing object code execution attempt (file-office.rules) * 1:24313 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent request attempt (server-webapp.rules) * 1:24359 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules) * 1:2436 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file download request (file-identify.rules) * 1:24406 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MiniFlame variant outbound connection (malware-cnc.rules) * 1:24407 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MiniFlame variant outbound connection (malware-cnc.rules) * 1:24412 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules) * 1:24413 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules) * 1:24453 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules) * 1:24454 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules) * 1:24455 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24456 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24457 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24458 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24459 <-> ENABLED <-> FILE-IDENTIFY PSD file download request (file-identify.rules) * 1:24460 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (file-identify.rules) * 1:24461 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (file-identify.rules) * 1:24462 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (file-identify.rules) * 1:24463 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:24464 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:24465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules) * 1:24466 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (file-identify.rules) * 1:24467 <-> ENABLED <-> FILE-IDENTIFY XCF file download request (file-identify.rules) * 1:24468 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (file-identify.rules) * 1:24469 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (file-identify.rules) * 1:24470 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (file-identify.rules) * 1:24471 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (file-identify.rules) * 1:24472 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules) * 1:24473 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules) * 1:24483 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:24484 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:24554 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules) * 1:24555 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules) * 1:24599 <-> ENABLED <-> FILE-IDENTIFY Alt-N MDaemon IMAP Server (file-identify.rules) * 1:24651 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file download request (file-identify.rules) * 1:24708 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file download request (file-identify.rules) * 1:24709 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules) * 1:24710 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules) * 1:24719 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP call state message offhook (protocol-voip.rules) * 1:24816 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24817 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24818 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules) * 1:24819 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules) * 1:24820 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file download request (file-identify.rules) * 1:24821 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules) * 1:24822 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules) * 1:24824 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file download request (file-identify.rules) * 1:24825 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules) * 1:24826 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules) * 1:24901 <-> ENABLED <-> FILE-IDENTIFY JNLP file download request (file-identify.rules) * 1:24902 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules) * 1:24903 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules) * 1:24972 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 find file and directory info request (netbios.rules) * 1:25014 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file magic detected (file-identify.rules) * 1:25032 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file download request (file-identify.rules) * 1:25033 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules) * 1:25034 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules) * 1:25041 <-> ENABLED <-> EXPLOIT-KIT Java User-Agent flowbit set (exploit-kit.rules) * 1:25062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (file-identify.rules) * 1:25305 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file magic detected (file-identify.rules) * 1:25306 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file download request (file-identify.rules) * 1:25307 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules) * 1:25308 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules) * 1:25373 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file download request (file-identify.rules) * 1:25374 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (file-identify.rules) * 1:25375 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (file-identify.rules) * 1:25516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (file-identify.rules) * 1:25517 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (file-identify.rules) * 1:25602 <-> ENABLED <-> SERVER-OTHER Sybase Open Server TDS login request (server-other.rules) * 1:25604 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file download request (file-identify.rules) * 1:25605 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (file-identify.rules) * 1:25606 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (file-identify.rules) * 1:25680 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player embedded compact font detected (file-identify.rules) * 1:25682 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player embedded compact font detected (file-identify.rules) * 1:25928 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25929 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25930 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25931 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25932 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25933 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25934 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25935 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25936 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25937 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25938 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25939 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25940 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25941 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25942 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25943 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53979 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-7784396-0 download attempt (malware-other.rules) * 1:53978 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules) * 1:53977 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules) * 1:53963 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784064-0 download attempt (malware-other.rules) * 1:53983 <-> ENABLED <-> OS-WINDOWS Windows print spooler elevation of privilege attempt (os-windows.rules) * 1:53974 <-> DISABLED <-> MALWARE-OTHER CobaltStrike powershell web delivery attempt (malware-other.rules) * 1:53960 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif malicious outbound connection attempt - gravity generated detection (malware-other.rules) * 1:53984 <-> DISABLED <-> OS-WINDOWS Windows print spooler elevation of privilege attempt (os-windows.rules) * 1:53972 <-> ENABLED <-> MALWARE-OTHER CobaltStrike beacon.dll DNS download attempt (malware-other.rules) * 1:53967 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules) * 1:53968 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules) * 1:53982 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Palevo-7785322-0 download attempt (malware-other.rules) * 1:53971 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andariel outbound connection attempt (malware-cnc.rules) * 1:53973 <-> DISABLED <-> MALWARE-OTHER CobaltStrike powershell web delivery attempt (malware-other.rules) * 1:53985 <-> ENABLED <-> INDICATOR-COMPROMISE msiexec.exe command execution over DNS attempt (indicator-compromise.rules) * 1:53966 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784063-0 download attempt (malware-other.rules) * 1:53969 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules) * 1:53976 <-> DISABLED <-> BROWSER-WEBKIT WebKit use-after-free remote code execution attempt (browser-webkit.rules) * 1:53970 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules) * 1:53962 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7783851-0 download attempt (malware-other.rules) * 1:53975 <-> DISABLED <-> INDICATOR-COMPROMISE CobaltStrike multiple large DNS TXT query responses (indicator-compromise.rules) * 1:53965 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784063-0 download attempt (malware-other.rules) * 1:53961 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7783851-0 download attempt (malware-other.rules) * 1:53980 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-7784396-0 download attempt (malware-other.rules) * 1:53981 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Palevo-7785322-0 download attempt (malware-other.rules) * 1:53964 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784064-0 download attempt (malware-other.rules)
* 1:26514 <-> ENABLED <-> FILE-IDENTIFY maplet file download attempt (file-identify.rules) * 1:26494 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules) * 1:26058 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:27543 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules) * 1:26059 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:26061 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:26062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:27542 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules) * 1:26063 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file download request (file-identify.rules) * 1:26064 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file attachment detected (file-identify.rules) * 1:29274 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules) * 1:26065 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file attachment detected (file-identify.rules) * 1:27276 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules) * 1:26083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:26084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:27275 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules) * 1:27121 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules) * 1:27022 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules) * 1:26904 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (file-identify.rules) * 1:26903 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (file-identify.rules) * 1:26902 <-> ENABLED <-> FILE-IDENTIFY Android APK download request (file-identify.rules) * 1:26085 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:28370 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules) * 1:26126 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file download request (file-identify.rules) * 1:26127 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules) * 1:26128 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules) * 1:26206 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file download request (file-identify.rules) * 1:28369 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules) * 1:26207 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (file-identify.rules) * 1:26208 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (file-identify.rules) * 1:26251 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:26429 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP malformed onStatus message type confusion attempt (file-flash.rules) * 1:28368 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules) * 1:26458 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file download request (file-identify.rules) * 1:26465 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules) * 1:26466 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules) * 1:26492 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file download request (file-identify.rules) * 1:28367 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules) * 1:26493 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules) * 1:28895 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules) * 1:28894 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules) * 1:28610 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit exploit payload retreive attempt (exploit-kit.rules) * 1:28574 <-> ENABLED <-> FILE-IDENTIFY FDF file download request (file-identify.rules) * 1:28573 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules) * 1:28572 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules) * 1:28571 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules) * 1:28570 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules) * 1:28508 <-> ENABLED <-> FILE-IDENTIFY Microsoft Write file download file attachment detected (file-identify.rules) * 1:28507 <-> ENABLED <-> FILE-IDENTIFY Microsoft Write file download file attachment detected (file-identify.rules) * 1:28497 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file magic detected (file-identify.rules) * 1:28425 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules) * 1:28384 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (file-identify.rules) * 1:28383 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (file-identify.rules) * 1:28382 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index file download request (file-identify.rules) * 1:26517 <-> ENABLED <-> FILE-IDENTIFY maplet bin file download attempt (file-identify.rules) * 1:26644 <-> ENABLED <-> SERVER-OTHER SSL TLS DEFLATE compression detected (server-other.rules) * 1:26516 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (file-identify.rules) * 1:26515 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (file-identify.rules) * 1:26060 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules) * 1:29162 <-> ENABLED <-> FILE-IDENTIFY CIS file download request (file-identify.rules) * 1:29008 <-> ENABLED <-> FILE-IDENTIFY XWD image file download request (file-identify.rules) * 1:29007 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (file-identify.rules) * 1:29006 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (file-identify.rules) * 1:28901 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file download request (file-identify.rules) * 1:28900 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules) * 1:27277 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file download request (file-identify.rules) * 1:28899 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules) * 1:28898 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules) * 1:28897 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules) * 1:28896 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file attachment detected (file-identify.rules) * 1:29384 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file download request (file-identify.rules) * 1:29276 <-> ENABLED <-> FILE-IDENTIFY XFDL file download request (file-identify.rules) * 1:29275 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules) * 1:29386 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules) * 1:29385 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules) * 1:29407 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file download request (file-identify.rules) * 1:29406 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules) * 1:42262 <-> ENABLED <-> FILE-IDENTIFY ISO file download request (file-identify.rules) * 1:42261 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (file-identify.rules) * 1:42260 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:42259 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:42258 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:42257 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (file-identify.rules) * 1:42256 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB anonymous user session setup request detected (os-windows.rules) * 1:42223 <-> ENABLED <-> FILE-IDENTIFY AOP file download request (file-identify.rules) * 1:42072 <-> DISABLED <-> SERVER-WEBAPP Aultware pwStore denial of service attempt (server-webapp.rules) * 1:4143 <-> ENABLED <-> SERVER-OTHER lpd receive printer job cascade adaptor protocol request (server-other.rules) * 1:41081 <-> ENABLED <-> SERVER-OTHER Tarantool initial connection banner detected (server-other.rules) * 1:40981 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules) * 1:40980 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules) * 1:40979 <-> ENABLED <-> FILE-IDENTIFY ico file download request (file-identify.rules) * 1:40908 <-> ENABLED <-> SERVER-OTHER Foscam C1 backdoor account ftp login attempt (server-other.rules) * 1:40893 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (file-identify.rules) * 1:44165 <-> ENABLED <-> SERVER-WEBAPP websocket protocol upgrade request detected (server-webapp.rules) * 1:44030 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint ppt file attachment detected file attachment detected (file-identify.rules) * 1:43891 <-> ENABLED <-> MALWARE-OTHER Win.Malware.Emotet variant lateral propagation (malware-other.rules) * 1:43364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:43363 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:43099 <-> ENABLED <-> SERVER-WEBAPP Simple SCADA web-socket connection initialization attempt (server-webapp.rules) * 1:43080 <-> ENABLED <-> BROWSER-OTHER Foscam IP Camera User-Agent string detected (browser-other.rules) * 1:43067 <-> ENABLED <-> PROTOCOL-IMAP IMAP CRAM-MD5 authentication attempt (protocol-imap.rules) * 1:43003 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules) * 1:43002 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules) * 1:42918 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:42371 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:42370 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:42369 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:42368 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:42367 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:46367 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file download detected (file-identify.rules) * 1:45515 <-> ENABLED <-> NETBIOS SMB SESSION_SETUP subcommand detected (netbios.rules) * 1:44442 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (file-identify.rules) * 1:44441 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (file-identify.rules) * 1:44275 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:44231 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word doc file attachment detected (file-identify.rules) * 1:46393 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file detected (file-identify.rules) * 1:46394 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file attachment detected (file-identify.rules) * 1:48553 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file download request (file-identify.rules) * 1:8445 <-> ENABLED <-> FILE-OFFICE Microsoft Windows RTF file with embedded object package download attempt (file-office.rules) * 1:50875 <-> ENABLED <-> FILE-IDENTIFY Fax Cover Page file magic detected (file-identify.rules) * 1:50874 <-> ENABLED <-> FILE-IDENTIFY Fax Cover Page file magic detected (file-identify.rules) * 1:50870 <-> ENABLED <-> APP-DETECT Quagga password challenge detected (app-detect.rules) * 1:49794 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49793 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49792 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49791 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49520 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49519 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49518 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49517 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49516 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49515 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49514 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49513 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49512 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49497 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:49495 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:48556 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules) * 1:48555 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules) * 1:48554 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules) * 1:8355 <-> ENABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection (malware-other.rules) * 1:7641 <-> ENABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client-to-server (malware-backdoor.rules) * 1:7506 <-> ENABLED <-> MALWARE-TOOLS Hacker-Tool coma runtime detection - init connection - flowbit set (malware-tools.rules) * 1:7111 <-> ENABLED <-> MALWARE-BACKDOOR fearless lite 1.01 runtime detection (malware-backdoor.rules) * 1:7106 <-> ENABLED <-> MALWARE-BACKDOOR girlfriend runtime detection (malware-backdoor.rules) * 1:6472 <-> ENABLED <-> MALWARE-BACKDOOR bugs runtime detection - file manager client-to-server (malware-backdoor.rules) * 1:6469 <-> ENABLED <-> SERVER-OTHER RealVNC connection attempt (server-other.rules) * 1:6010 <-> ENABLED <-> SERVER-OTHER VERITAS NetBackup vnetd connection attempt (server-other.rules) * 1:53861 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Astaroth outbound beacon (malware-cnc.rules) * 1:53213 <-> ENABLED <-> PROTOCOL-OTHER MQTT Connect control packet detected (protocol-other.rules) * 1:52056 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules) * 1:51994 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:51993 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:51992 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:51268 <-> ENABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 download load file attempt (file-other.rules) * 1:51024 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:9845 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules) * 1:25945 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:40019 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules) * 1:40018 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules) * 1:40017 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file download request (file-identify.rules) * 1:39903 <-> ENABLED <-> FILE-OFFICE Microsoft Windows RTF file with embedded object package SMTP upload attempt (file-office.rules) * 1:39778 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file download request (file-identify.rules) * 1:39777 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (file-identify.rules) * 1:39776 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (file-identify.rules) * 1:29405 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules) * 1:29514 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules) * 1:29439 <-> ENABLED <-> FILE-IDENTIFY MSI file download request (file-identify.rules) * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:3138 <-> ENABLED <-> NETBIOS SMB-DS Trans2 QUERY_FILE_INFO andx attempt (netbios.rules) * 1:3137 <-> ENABLED <-> NETBIOS SMB-DS Trans2 QUERY_FILE_INFO attempt (netbios.rules) * 1:3136 <-> ENABLED <-> NETBIOS SMB Trans2 QUERY_FILE_INFO andx attempt (netbios.rules) * 1:3135 <-> ENABLED <-> NETBIOS SMB Trans2 QUERY_FILE_INFO attempt (netbios.rules) * 1:30972 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Silverlight landing page (exploit-kit.rules) * 1:30969 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Internet Explorer landing page (exploit-kit.rules) * 1:30760 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file download request (file-identify.rules) * 1:30759 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:30758 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:30757 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:30756 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:30532 <-> ENABLED <-> FILE-MULTIMEDIA CoCSoft Stream Download session (file-multimedia.rules) * 1:30018 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file download request (file-identify.rules) * 1:30017 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules) * 1:30016 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules) * 1:30015 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules) * 1:30014 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules) * 1:29752 <-> ENABLED <-> SERVER-WEBAPP HP Intelligent Management Center SOM authentication bypass attempt (server-webapp.rules) * 1:29614 <-> ENABLED <-> FILE-IDENTIFY XPS file download request (file-identify.rules) * 1:29613 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules) * 1:29612 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules) * 1:31775 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31774 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31773 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31703 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:31702 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:31676 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules) * 1:31675 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules) * 1:31591 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules) * 1:31484 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31483 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31482 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31481 <-> ENABLED <-> SERVER-OTHER OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:3142 <-> ENABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 andx attempt (netbios.rules) * 1:3141 <-> ENABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 attempt (netbios.rules) * 1:3140 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 andx attempt (netbios.rules) * 1:3139 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 attempt (netbios.rules) * 1:32945 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (file-identify.rules) * 1:32880 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound payload request (exploit-kit.rules) * 1:32878 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules) * 1:32877 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules) * 1:32618 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file download request (file-identify.rules) * 1:32617 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (file-identify.rules) * 1:32616 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (file-identify.rules) * 1:32525 <-> ENABLED <-> BROWSER-OTHER FreeBSD tnftp client detected (browser-other.rules) * 1:32380 <-> ENABLED <-> FILE-IDENTIFY dib file attachment detected (file-identify.rules) * 1:32378 <-> ENABLED <-> FILE-IDENTIFY bmp file attachment detected (file-identify.rules) * 1:32345 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules) * 1:32253 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file download request (file-identify.rules) * 1:32252 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules) * 1:32251 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules) * 1:32165 <-> ENABLED <-> FILE-IDENTIFY SVG file magic detected (file-identify.rules) * 1:32135 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules) * 1:32134 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules) * 1:32005 <-> ENABLED <-> MALWARE-BACKDOOR AlienSpy RAT outbound connection (malware-backdoor.rules) * 1:31871 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules) * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules) * 1:31776 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:34398 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download attempt (file-identify.rules) * 1:34397 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download request (file-identify.rules) * 1:34396 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules) * 1:34395 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules) * 1:33825 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules) * 1:33668 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (file-identify.rules) * 1:33667 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (file-identify.rules) * 1:33666 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file download request (file-identify.rules) * 1:33642 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (file-identify.rules) * 1:33641 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (file-identify.rules) * 1:33640 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file download request (file-identify.rules) * 1:33221 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules) * 1:33028 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file download request (file-identify.rules) * 1:33027 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules) * 1:33026 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules) * 1:32947 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file download request (file-identify.rules) * 1:32946 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (file-identify.rules) * 1:34629 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules) * 1:34630 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules) * 1:35432 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules) * 1:35250 <-> ENABLED <-> FILE-IDENTIFY GNI file magic detected (file-identify.rules) * 1:35249 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (file-identify.rules) * 1:35248 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (file-identify.rules) * 1:35247 <-> ENABLED <-> FILE-IDENTIFY GNI file download request (file-identify.rules) * 1:34631 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file download request (file-identify.rules) * 1:35457 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules) * 1:35456 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules) * 1:35455 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules) * 1:35433 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules) * 1:35458 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules) * 1:35796 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (file-identify.rules) * 1:35795 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (file-identify.rules) * 1:35688 <-> ENABLED <-> PROTOCOL-OTHER MiniUPNP rootdesc.xml file request (protocol-other.rules) * 1:3551 <-> ENABLED <-> FILE-IDENTIFY HTA file download request (file-identify.rules) * 1:35459 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file download request (file-identify.rules) * 1:35980 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (file-identify.rules) * 1:35979 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file download request (file-identify.rules) * 1:35852 <-> ENABLED <-> FILE-IDENTIFY JPEG file upload detected (file-identify.rules) * 1:35797 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file download request (file-identify.rules) * 1:35981 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (file-identify.rules) * 1:38852 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (file-identify.rules) * 1:38851 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file download request (file-identify.rules) * 1:38461 <-> ENABLED <-> OS-WINDOWS DCERPC Bind auth level packet privacy connection detected (os-windows.rules) * 1:38307 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (file-identify.rules) * 1:38306 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (file-identify.rules) * 1:38292 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (file-identify.rules) * 1:38291 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (file-identify.rules) * 1:37788 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file download request (file-identify.rules) * 1:37787 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules) * 1:37786 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules) * 1:37785 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules) * 1:37784 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules) * 1:37546 <-> ENABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager connection attempt (server-other.rules) * 1:37418 <-> ENABLED <-> MALWARE-BACKDOOR Adzok RAT inbound connection (malware-backdoor.rules) * 1:36816 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 IAKERB outbound token detected (server-other.rules) * 1:36815 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO incoming token detected (server-other.rules) * 1:36748 <-> ENABLED <-> FILE-IDENTIFY TTF file attachment detected (file-identify.rules) * 1:36711 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file attachment detected (file-identify.rules) * 1:3665 <-> ENABLED <-> SERVER-MYSQL server greeting (server-mysql.rules) * 1:36531 <-> ENABLED <-> FILE-IDENTIFY Oracle Java JMX management loading mlet detected (file-identify.rules) * 1:36058 <-> ENABLED <-> FILE-IDENTIFY OLE Document upload detected (file-identify.rules) * 1:38866 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules) * 1:38865 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules) * 1:38864 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules) * 1:38863 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules) * 1:38862 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file download request (file-identify.rules) * 1:38855 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (file-identify.rules) * 1:38854 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (file-identify.rules) * 1:38853 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (file-identify.rules) * 1:25944 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:26057 <-> ENABLED <-> FILE-IDENTIFY ZIP file download detected (file-identify.rules) * 1:40891 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file download request (file-identify.rules) * 1:40391 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file download request (file-identify.rules) * 1:40390 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (file-identify.rules) * 1:40389 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (file-identify.rules) * 1:40388 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (file-identify.rules) * 1:40387 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (file-identify.rules) * 1:40120 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file attachment detected (file-identify.rules) * 1:40119 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file attachment detected (file-identify.rules) * 1:40118 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file download request (file-identify.rules) * 1:40065 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NFS Server NULL pointer dereference denial-of-service attempt (os-windows.rules) * 1:40036 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules) * 1:40035 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules) * 1:40021 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules) * 1:40020 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules) * 1:40892 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (file-identify.rules) * 1:42366 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:42365 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:42364 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:42363 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:42332 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant ping command (malware-cnc.rules) * 1:10099 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules) * 1:10103 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules) * 1:10104 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules) * 1:10110 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.1.2 runtime detection (malware-backdoor.rules) * 1:10450 <-> ENABLED <-> MALWARE-BACKDOOR only 1 rat runtime detection - control command (malware-backdoor.rules) * 1:10455 <-> ENABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (malware-backdoor.rules) * 1:10460 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - get system info (malware-backdoor.rules) * 1:10462 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - explorer (malware-backdoor.rules) * 1:11004 <-> ENABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication request detected (protocol-imap.rules) * 1:11322 <-> ENABLED <-> MALWARE-BACKDOOR sohoanywhere runtime detection (malware-backdoor.rules) * 1:11835 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules) * 1:11953 <-> ENABLED <-> MALWARE-BACKDOOR supervisor plus runtime detection (malware-backdoor.rules) * 1:12054 <-> ENABLED <-> MALWARE-BACKDOOR tron runtime detection - init connection - flowbit set (malware-backdoor.rules) * 1:12129 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - get sys info (malware-other.rules) * 1:12131 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - keylogging (malware-other.rules) * 1:12133 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - open url (malware-other.rules) * 1:12135 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - fun (malware-other.rules) * 1:12142 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - init connection (malware-backdoor.rules) * 1:12144 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - rpc setup (malware-backdoor.rules) * 1:12146 <-> ENABLED <-> MALWARE-BACKDOOR blue eye 1.0b runtime detection - init connection (malware-backdoor.rules) * 1:12148 <-> ENABLED <-> MALWARE-BACKDOOR back orifice 2006 - v1.1.5 runtime detection - init connection (malware-backdoor.rules) * 1:12150 <-> ENABLED <-> MALWARE-BACKDOOR cafeini 1.0 runtime detection - init connection (malware-backdoor.rules) * 1:12153 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules) * 1:12154 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules) * 1:12156 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules) * 1:12157 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules) * 1:12160 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules) * 1:12161 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules) * 1:12163 <-> ENABLED <-> MALWARE-BACKDOOR cobra uploader 1.0 runtime detection (malware-backdoor.rules) * 1:12182 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules) * 1:12233 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with no password (malware-backdoor.rules) * 1:12235 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with password (malware-backdoor.rules) * 1:12237 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - ftp (malware-backdoor.rules) * 1:12240 <-> ENABLED <-> MALWARE-BACKDOOR genie 1.7 runtime detection - init connection (malware-backdoor.rules) * 1:12242 <-> ENABLED <-> MALWARE-BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (malware-backdoor.rules) * 1:12283 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules) * 1:12297 <-> ENABLED <-> MALWARE-BACKDOOR bifrost v1.2.1 runtime detection (malware-backdoor.rules) * 1:12373 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - initial connection (malware-backdoor.rules) * 1:12375 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - login & remote control (malware-backdoor.rules) * 1:12377 <-> ENABLED <-> MALWARE-BACKDOOR shark 2.3.2 runtime detection (malware-backdoor.rules) * 1:12454 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules) * 1:12455 <-> ENABLED <-> FILE-IDENTIFY SAP Crystal Reports file download request (file-identify.rules) * 1:12699 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.3.0 runtime detection - init connection (malware-backdoor.rules) * 1:12724 <-> ENABLED <-> MALWARE-BACKDOOR dark moon 4.11 runtime detection (malware-backdoor.rules) * 1:12726 <-> ENABLED <-> MALWARE-BACKDOOR bandook 1.35 runtime detection (malware-backdoor.rules) * 1:12758 <-> ENABLED <-> MALWARE-OTHER Keylogger/RAT digi watcher 2.32 runtime detection (malware-other.rules) * 1:12760 <-> ENABLED <-> MALWARE-OTHER Keylogger powered Keylogger 2.2 runtime detection (malware-other.rules) * 1:12792 <-> ENABLED <-> MALWARE-OTHER Keylogger spy lantern Keylogger pro 6.0 runtime detection (malware-other.rules) * 1:12972 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player asf/wmv/wma file magic detected (file-identify.rules) * 1:13236 <-> ENABLED <-> MALWARE-OTHER Keylogger active Keylogger 3.9.2 runtime detection (malware-other.rules) * 1:13243 <-> ENABLED <-> MALWARE-OTHER Keylogger computer monitor 1.1 by lastcomfort runtime detection (malware-other.rules) * 1:13247 <-> ENABLED <-> MALWARE-BACKDOOR yuri 1.2 runtime detection - init connection (malware-backdoor.rules) * 1:13278 <-> ENABLED <-> MALWARE-OTHER Keylogger advanced spy 4.0 runtime detection (malware-other.rules) * 1:13280 <-> ENABLED <-> MALWARE-OTHER Keylogger email spy monitor 6.9 runtime detection (malware-other.rules) * 1:13346 <-> ENABLED <-> PUA-ADWARE Snoopware remote desktop inspector outbound connection - init connection (pua-adware.rules) * 1:13465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file download request (file-identify.rules) * 1:13479 <-> ENABLED <-> MALWARE-OTHER Keylogger findnot guarddog 4.0 runtime detection (malware-other.rules) * 1:13483 <-> ENABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - updates automatically (pua-toolbars.rules) * 1:13506 <-> ENABLED <-> MALWARE-BACKDOOR evilotus 1.3.2 runtime detection - init connection (malware-backdoor.rules) * 1:13515 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime user agent (file-multimedia.rules) * 1:13583 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file download request (file-identify.rules) * 1:13584 <-> ENABLED <-> FILE-IDENTIFY CSV file download request (file-identify.rules) * 1:13585 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules) * 1:13767 <-> ENABLED <-> MALWARE-OTHER Keylogger cyber sitter runtime detection (malware-other.rules) * 1:13797 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules) * 1:13801 <-> ENABLED <-> FILE-IDENTIFY RTF file download request (file-identify.rules) * 1:13898 <-> ENABLED <-> APP-DETECT Apple iTunes client request for server info (app-detect.rules) * 1:13915 <-> ENABLED <-> FILE-IDENTIFY BAK file download request (file-identify.rules) * 1:13938 <-> ENABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant outbound connection (pua-adware.rules) * 1:13943 <-> ENABLED <-> PUA-ADWARE Trickler dropper agent.rqg outbound connection (pua-adware.rules) * 1:13983 <-> ENABLED <-> FILE-IDENTIFY EPS file download request (file-identify.rules) * 1:14017 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file download request (file-identify.rules) * 1:14018 <-> ENABLED <-> FILE-IDENTIFY PLS multimedia playlist file download request (file-identify.rules) * 1:14264 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player playlist download (file-identify.rules) * 1:15013 <-> ENABLED <-> FILE-IDENTIFY PDF file download request (file-identify.rules) * 1:15079 <-> ENABLED <-> FILE-IDENTIFY WAV file download request (file-identify.rules) * 1:15158 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file download request (file-identify.rules) * 1:15237 <-> ENABLED <-> FILE-IDENTIFY Java .class file download request (file-identify.rules) * 1:15239 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules) * 1:15240 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules) * 1:15294 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file download request (file-identify.rules) * 1:15319 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules) * 1:15320 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules) * 1:15321 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules) * 1:15322 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules) * 1:15323 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules) * 1:15324 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules) * 1:15325 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules) * 1:15326 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules) * 1:15361 <-> ENABLED <-> FILE-PDF pdf file sent via email (file-pdf.rules) * 1:15385 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file download request (file-identify.rules) * 1:15426 <-> ENABLED <-> FILE-IDENTIFY MAKI file download request (file-identify.rules) * 1:15427 <-> ENABLED <-> FILE-IDENTIFY SVG file download request (file-identify.rules) * 1:15444 <-> ENABLED <-> FILE-IDENTIFY Core Audio Format file download request (file-identify.rules) * 1:15463 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:15464 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:15468 <-> ENABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat dll request (browser-ie.rules) * 1:15483 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:15516 <-> ENABLED <-> FILE-IDENTIFY AVI multimedia file download request (file-identify.rules) * 1:15518 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file download request (file-identify.rules) * 1:15582 <-> ENABLED <-> FILE-IDENTIFY ARJ format file download request (file-identify.rules) * 1:15586 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules) * 1:15587 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules) * 1:15865 <-> ENABLED <-> FILE-IDENTIFY MP4 file download request (file-identify.rules) * 1:15870 <-> ENABLED <-> FILE-IDENTIFY 4XM file download request (file-identify.rules) * 1:15900 <-> ENABLED <-> FILE-IDENTIFY Audio Interchange file download request (file-identify.rules) * 1:15921 <-> ENABLED <-> FILE-IDENTIFY Microsoft multimedia format file download request (file-identify.rules) * 1:15922 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules) * 1:15945 <-> ENABLED <-> FILE-IDENTIFY RSS file download request (file-identify.rules) * 1:15987 <-> ENABLED <-> FILE-IDENTIFY DXF file download request (file-identify.rules) * 1:16061 <-> ENABLED <-> FILE-IDENTIFY X PixMap file download request (file-identify.rules) * 1:16143 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules) * 1:16205 <-> ENABLED <-> FILE-IDENTIFY BMP file download request (file-identify.rules) * 1:16219 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules) * 1:16254 <-> ENABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (pua-adware.rules) * 1:16286 <-> ENABLED <-> FILE-IDENTIFY TrueType font file download request (file-identify.rules) * 1:16381 <-> ENABLED <-> NETBIOS SMB session negotiation request (netbios.rules) * 1:16406 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16407 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker project file download request (file-identify.rules) * 1:16474 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules) * 1:16476 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducer file download request (file-identify.rules) * 1:16477 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerZ file download request (file-identify.rules) * 1:16478 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerBF file download request (file-identify.rules) * 1:16529 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16538 <-> ENABLED <-> NETBIOS NT QUERY SECURITY DESC flowbit (netbios.rules) * 1:16556 <-> ENABLED <-> FILE-OTHER 2imaegshack/lmageshack IM worm get request attempt (file-other.rules) * 1:16594 <-> ENABLED <-> PROTOCOL-POP STAT command (protocol-pop.rules) * 1:16630 <-> ENABLED <-> FILE-IDENTIFY DAT file download request (file-identify.rules) * 1:16691 <-> ENABLED <-> FILE-IDENTIFY PLF playlist file download request (file-identify.rules) * 1:16742 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file download request (file-identify.rules) * 1:16754 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand andx create tree attempt (netbios.rules) * 1:16755 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand create tree attempt (netbios.rules) * 1:16756 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode andx create tree attempt (netbios.rules) * 1:16757 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode create tree attempt (netbios.rules) * 1:17116 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASX file download request (file-identify.rules) * 1:17151 <-> ENABLED <-> NETBIOS SMB negotiate protocol request - ascii strings (netbios.rules) * 1:17229 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules) * 1:17230 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules) * 1:17241 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media wmv file download request (file-identify.rules) * 1:17259 <-> ENABLED <-> FILE-IDENTIFY MOV file download request (file-identify.rules) * 1:17314 <-> ENABLED <-> FILE-IDENTIFY OLE document file magic detected (file-identify.rules) * 1:17327 <-> ENABLED <-> SERVER-MAIL Qualcomm WorldMail Server Response (server-mail.rules) * 1:17332 <-> ENABLED <-> SERVER-MAIL Content-Disposition attachment (server-mail.rules) * 1:17359 <-> ENABLED <-> FILE-IDENTIFY XBM image file download request (file-identify.rules) * 1:17364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Help Workshop CNT Help file download request (file-identify.rules) * 1:17370 <-> ENABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules) * 1:17380 <-> ENABLED <-> FILE-IDENTIFY PNG file download request (file-identify.rules) * 1:17394 <-> ENABLED <-> FILE-IDENTIFY GIF file download request (file-identify.rules) * 1:17396 <-> ENABLED <-> SERVER-OTHER VNC client authentication response (server-other.rules) * 1:17418 <-> ENABLED <-> SERVER-ORACLE Oracle connection established (server-oracle.rules) * 1:17426 <-> ENABLED <-> FILE-IDENTIFY RAT file download request (file-identify.rules) * 1:17441 <-> ENABLED <-> FILE-IDENTIFY LNK file download request (file-identify.rules) * 1:17447 <-> ENABLED <-> SERVER-WEBAPP 407 Proxy Authentication Required (server-webapp.rules) * 1:17508 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file download request (file-identify.rules) * 1:17509 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Manifest file download request (file-identify.rules) * 1:17534 <-> ENABLED <-> SERVER-OTHER IPP Application Content (server-other.rules) * 1:17540 <-> ENABLED <-> FILE-IDENTIFY LZH file download request (file-identify.rules) * 1:17547 <-> ENABLED <-> FILE-IDENTIFY SMIL file download request (file-identify.rules) * 1:17552 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file download request (file-identify.rules) * 1:17598 <-> ENABLED <-> SERVER-OTHER IBM DB2 Universal Database accsec command without rdbnam (server-other.rules) * 1:17600 <-> ENABLED <-> FILE-IDENTIFY XUL file download request (file-identify.rules) * 1:17679 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules) * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (file-identify.rules) * 1:17733 <-> ENABLED <-> FILE-IDENTIFY XML file download request (file-identify.rules) * 1:17739 <-> ENABLED <-> FILE-IDENTIFY FlashPix file download request (file-identify.rules) * 1:17745 <-> ENABLED <-> NETBIOS SMB TRANS2 Find_First2 request attempt (netbios.rules) * 1:17751 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file download request (file-identify.rules) * 1:17801 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules) * 1:17802 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules) * 1:17809 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime qt file download request (file-identify.rules) * 1:18234 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules) * 1:18273 <-> ENABLED <-> FILE-IDENTIFY BAT file download request (file-identify.rules) * 1:18274 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Mail file download request (file-identify.rules) * 1:18516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules) * 1:18593 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file download request (file-identify.rules) * 1:18675 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules) * 1:19128 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules) * 1:19129 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules) * 1:19166 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules) * 1:19190 <-> ENABLED <-> NETBIOS SMB-DS Trans2 Distributed File System GET_DFS_REFERRAL request (netbios.rules) * 1:19211 <-> ENABLED <-> FILE-IDENTIFY ZIP archive file download request (file-identify.rules) * 1:19215 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file download request (file-identify.rules) * 1:19218 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules) * 1:19224 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex wrf file download request (file-identify.rules) * 1:19252 <-> ENABLED <-> FILE-IDENTIFY language.engtesselate.ln file download request (file-identify.rules) * 1:19289 <-> ENABLED <-> FILE-IDENTIFY MHTML file download request (file-identify.rules) * 1:19299 <-> ENABLED <-> SERVER-OTHER banner.txt access - possible compromised multi-mesh injection server (server-other.rules) * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:19324 <-> ENABLED <-> MALWARE-OTHER Keylogger WL-Keylogger inbound connection (malware-other.rules) * 1:19326 <-> ENABLED <-> PUA-ADWARE Classroom Spy Professional outbound connection - initial connection (pua-adware.rules) * 1:19392 <-> ENABLED <-> MALWARE-OTHER Keylogger Monitor.win32.perflogger (malware-other.rules) * 1:19422 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules) * 1:19423 <-> ENABLED <-> FILE-IDENTIFY MKV file download request (file-identify.rules) * 1:19424 <-> ENABLED <-> FILE-IDENTIFY MKA file download request (file-identify.rules) * 1:19425 <-> ENABLED <-> FILE-IDENTIFY MKS file download request (file-identify.rules) * 1:19430 <-> ENABLED <-> FILE-IDENTIFY MIDI file download request (file-identify.rules) * 1:19816 <-> ENABLED <-> NETBIOS Juniper NeoterisSetupService named pipe access attempt (netbios.rules) * 1:19899 <-> ENABLED <-> MALWARE-OTHER Tong Keylogger outbound connectiooutbound connection (malware-other.rules) * 1:19907 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules) * 1:20032 <-> ENABLED <-> FILE-IDENTIFY MIME file type file download request (file-identify.rules) * 1:20223 <-> ENABLED <-> FILE-IDENTIFY SMI file download request (file-identify.rules) * 1:20225 <-> ENABLED <-> FILE-OTHER SMI file download request (file-other.rules) * 1:20260 <-> ENABLED <-> FILE-IDENTIFY Microsoft Client Agent Helper JAR file download request (file-identify.rules) * 1:20269 <-> ENABLED <-> FILE-IDENTIFY FON font file download request (file-identify.rules) * 1:20274 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP NetShareEnumAll request (netbios.rules) * 1:20282 <-> ENABLED <-> FILE-IDENTIFY S3M file download request (file-identify.rules) * 1:20287 <-> ENABLED <-> FILE-IDENTIFY QCP file download request (file-identify.rules) * 1:20450 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules) * 1:20451 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules) * 1:20453 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (file-identify.rules) * 1:20454 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (file-identify.rules) * 1:20455 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (file-identify.rules) * 1:20456 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules) * 1:20458 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (file-identify.rules) * 1:20459 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules) * 1:20460 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:20461 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (file-identify.rules) * 1:20462 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules) * 1:20463 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20464 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20465 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20466 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20467 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20468 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20469 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20471 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules) * 1:20472 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules) * 1:20474 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (file-identify.rules) * 1:20475 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules) * 1:20476 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules) * 1:20477 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules) * 1:20478 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules) * 1:20479 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (file-identify.rules) * 1:20480 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules) * 1:20481 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:20483 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:20484 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (file-identify.rules) * 1:20485 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules) * 1:20486 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules) * 1:20487 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (file-identify.rules) * 1:20488 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (file-identify.rules) * 1:20489 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules) * 1:20490 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (file-identify.rules) * 1:20491 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (file-identify.rules) * 1:20492 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules) * 1:20493 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules) * 1:20494 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules) * 1:20495 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20497 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20500 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20501 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20502 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20503 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20507 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20511 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules) * 1:20512 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules) * 1:20513 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules) * 1:20514 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules) * 1:20515 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (file-identify.rules) * 1:20516 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules) * 1:20518 <-> ENABLED <-> FILE-IDENTIFY rmf file download request (file-identify.rules) * 1:20519 <-> ENABLED <-> FILE-IDENTIFY vmd file download request (file-identify.rules) * 1:20520 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (file-identify.rules) * 1:20521 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules) * 1:20522 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules) * 1:20544 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player FLV file download request (file-identify.rules) * 1:20554 <-> ENABLED <-> PUA-OTHER Microsoft MSN Messenger and Windows Live Messenger Code Execution attempt (pua-other.rules) * 1:20563 <-> ENABLED <-> FILE-IDENTIFY amf file download request (file-identify.rules) * 1:20564 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules) * 1:20588 <-> ENABLED <-> FILE-IDENTIFY CDR file download request (file-identify.rules) * 1:20589 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (file-identify.rules) * 1:20621 <-> ENABLED <-> FILE-IDENTIFY JAR file download request (file-identify.rules) * 1:20723 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file download request (file-identify.rules) * 1:20733 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file download request (file-identify.rules) * 1:20750 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules) * 1:20751 <-> ENABLED <-> FILE-IDENTIFY webm file download request (file-identify.rules) * 1:20792 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:20793 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:20795 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules) * 1:20796 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules) * 1:20798 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20799 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20800 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules) * 1:20801 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules) * 1:20839 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file download request (file-identify.rules) * 1:20840 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file download request (file-identify.rules) * 1:20841 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file download request (file-identify.rules) * 1:20848 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules) * 1:20849 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules) * 1:20852 <-> ENABLED <-> FILE-IDENTIFY DAZ Studio script download request (file-identify.rules) * 1:20854 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules) * 1:20855 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules) * 1:20856 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules) * 1:20857 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules) * 1:20859 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya embedded language script download request (file-identify.rules) * 1:20860 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules) * 1:20869 <-> ENABLED <-> FILE-IDENTIFY Autodesk 3D Studio Maxscript download request (file-identify.rules) * 1:20871 <-> ENABLED <-> SERVER-WEBAPP Worldweaver DX Studio Player shell.execute command execution attempt (server-webapp.rules) * 1:20874 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup initialization packet (server-other.rules) * 1:20882 <-> ENABLED <-> FILE-OFFICE Microsoft Windows embedded packager object identifier (file-office.rules) * 1:20888 <-> ENABLED <-> FILE-IDENTIFY Video Spirit visprj download attempt (file-identify.rules) * 1:20893 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules) * 1:20894 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules) * 1:20895 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules) * 1:20896 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules) * 1:20897 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules) * 1:20898 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules) * 1:20899 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules) * 1:20905 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules) * 1:20906 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules) * 1:20907 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules) * 1:20908 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules) * 1:20909 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules) * 1:20910 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules) * 1:20911 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules) * 1:20912 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules) * 1:20913 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules) * 1:20914 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules) * 1:20915 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules) * 1:20916 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules) * 1:20917 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules) * 1:20918 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules) * 1:20924 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules) * 1:20925 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules) * 1:20926 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules) * 1:20928 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:20929 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules) * 1:20930 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules) * 1:20931 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules) * 1:20932 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules) * 1:20933 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules) * 1:20934 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules) * 1:20935 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules) * 1:20936 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules) * 1:20937 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20938 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20939 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20940 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20941 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20942 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20943 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20944 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20945 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20946 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20947 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20948 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20950 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20951 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20952 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20953 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20954 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20955 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20956 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20957 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20958 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20959 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20960 <-> ENABLED <-> FILE-IDENTIFY Flac file download request (file-identify.rules) * 1:20961 <-> ENABLED <-> FILE-IDENTIFY TTE file download request (file-identify.rules) * 1:20962 <-> ENABLED <-> FILE-IDENTIFY OTF file download request (file-identify.rules) * 1:20963 <-> ENABLED <-> FILE-IDENTIFY DIB file download request (file-identify.rules) * 1:20964 <-> ENABLED <-> FILE-IDENTIFY SAMI file download request (file-identify.rules) * 1:20965 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20966 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20967 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20968 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules) * 1:20969 <-> ENABLED <-> FILE-IDENTIFY M4A file download request (file-identify.rules) * 1:20970 <-> ENABLED <-> FILE-IDENTIFY M4P file download request (file-identify.rules) * 1:20971 <-> ENABLED <-> FILE-IDENTIFY M4R file download request (file-identify.rules) * 1:20972 <-> ENABLED <-> FILE-IDENTIFY M4V file magic request (file-identify.rules) * 1:20973 <-> ENABLED <-> FILE-IDENTIFY M4B file download request (file-identify.rules) * 1:20974 <-> ENABLED <-> FILE-IDENTIFY 3GP file download request (file-identify.rules) * 1:20975 <-> ENABLED <-> FILE-IDENTIFY 3G2 file download request (file-identify.rules) * 1:20976 <-> ENABLED <-> FILE-IDENTIFY K3G file download request (file-identify.rules) * 1:20977 <-> ENABLED <-> FILE-IDENTIFY SKM file download request (file-identify.rules) * 1:20978 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules) * 1:20979 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules) * 1:20980 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules) * 1:20981 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules) * 1:20982 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:20983 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:20986 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules) * 1:20987 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules) * 1:20991 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules) * 1:20992 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules) * 1:21005 <-> ENABLED <-> MALWARE-CNC Yang Pack yg.htm download request (malware-cnc.rules) * 1:21007 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules) * 1:21008 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file download request (file-identify.rules) * 1:21009 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules) * 1:21010 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules) * 1:21011 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:21012 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file download request (file-identify.rules) * 1:21013 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules) * 1:21014 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules) * 1:21015 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules) * 1:21016 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cyb file attachment detected (file-identify.rules) * 1:21017 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file attachment detected (file-identify.rules) * 1:21018 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file download request (file-identify.rules) * 1:21035 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules) * 1:21036 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules) * 1:21052 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file download request (file-identify.rules) * 1:21053 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules) * 1:21054 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules) * 1:21059 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules) * 1:21061 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21062 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21109 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file download request (file-identify.rules) * 1:21110 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules) * 1:21111 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules) * 1:21113 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules) * 1:21152 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules) * 1:21153 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules) * 1:21174 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer realtext file download request (file-identify.rules) * 1:21282 <-> ENABLED <-> FILE-IDENTIFY XSL file download request (file-identify.rules) * 1:21283 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules) * 1:21284 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules) * 1:21285 <-> ENABLED <-> FILE-IDENTIFY XSLT file download request (file-identify.rules) * 1:21286 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules) * 1:21287 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules) * 1:21288 <-> ENABLED <-> FILE-IDENTIFY XML download detected (file-identify.rules) * 1:21295 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules) * 1:21296 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules) * 1:21345 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar request (exploit-kit.rules) * 1:21347 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - .php?page= (exploit-kit.rules) * 1:21410 <-> ENABLED <-> FILE-IDENTIFY paq8o file download request (file-identify.rules) * 1:21411 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules) * 1:21412 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules) * 1:21432 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules) * 1:21433 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules) * 1:21434 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mentor variant outbound connection (malware-cnc.rules) * 1:21480 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:21498 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:21499 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules) * 1:21500 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules) * 1:21573 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file download request (file-identify.rules) * 1:21574 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules) * 1:21575 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules) * 1:21584 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file download request (file-identify.rules) * 1:21585 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules) * 1:21586 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules) * 1:21611 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules) * 1:21612 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules) * 1:21613 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules) * 1:21614 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules) * 1:21615 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules) * 1:21616 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules) * 1:21617 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules) * 1:21618 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules) * 1:21620 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules) * 1:21621 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules) * 1:21623 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules) * 1:21624 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules) * 1:21625 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules) * 1:21626 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules) * 1:21627 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules) * 1:21628 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules) * 1:21648 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21649 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21650 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules) * 1:21651 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21652 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21659 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page Requested - /Home/index.php (exploit-kit.rules) * 1:21660 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page Requested - /Index/index.php (exploit-kit.rules) * 1:21687 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules) * 1:21688 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules) * 1:21691 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules) * 1:21692 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules) * 1:21693 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules) * 1:21694 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules) * 1:21695 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules) * 1:21696 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules) * 1:21697 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules) * 1:21698 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules) * 1:21699 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules) * 1:21700 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules) * 1:21701 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:21702 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:21703 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21704 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21705 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:21706 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:21707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:21708 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:21709 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules) * 1:21710 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules) * 1:21711 <-> ENABLED <-> FILE-IDENTIFY PFA file download request (file-identify.rules) * 1:21712 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules) * 1:21713 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules) * 1:21714 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules) * 1:21715 <-> ENABLED <-> FILE-IDENTIFY PFB file download request (file-identify.rules) * 1:21716 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules) * 1:21717 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules) * 1:21718 <-> ENABLED <-> FILE-IDENTIFY PFM file download request (file-identify.rules) * 1:21719 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules) * 1:21720 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules) * 1:21721 <-> ENABLED <-> FILE-IDENTIFY AFM file download request (file-identify.rules) * 1:21722 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules) * 1:21723 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules) * 1:21724 <-> ENABLED <-> FILE-IDENTIFY ANI file download request (file-identify.rules) * 1:21725 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules) * 1:21726 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules) * 1:21727 <-> ENABLED <-> FILE-IDENTIFY ANI file magic detection (file-identify.rules) * 1:21728 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21729 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21730 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21731 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21732 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21733 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21734 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21735 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21736 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21737 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21738 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21739 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules) * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules) * 1:21742 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:21743 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:21744 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21745 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21746 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules) * 1:21747 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules) * 1:21748 <-> ENABLED <-> FILE-IDENTIFY HPJ file download request (file-identify.rules) * 1:21749 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules) * 1:21750 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules) * 1:21751 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules) * 1:21802 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file download request (file-identify.rules) * 1:21803 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules) * 1:21804 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules) * 1:21807 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file download request (file-identify.rules) * 1:21808 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules) * 1:21809 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules) * 1:21810 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules) * 1:21811 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file download request (file-identify.rules) * 1:21812 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules) * 1:21813 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules) * 1:21814 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules) * 1:21815 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules) * 1:21816 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules) * 1:21854 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules) * 1:21855 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules) * 1:21856 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:21857 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:21861 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules) * 1:21862 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules) * 1:21863 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules) * 1:21864 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules) * 1:21865 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21866 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21867 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21868 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21870 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules) * 1:21871 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules) * 1:21872 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules) * 1:21873 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules) * 1:21886 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules) * 1:21887 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules) * 1:21888 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules) * 1:21889 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules) * 1:21890 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21891 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21892 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21893 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21894 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules) * 1:21895 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules) * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21931 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules) * 1:21939 <-> ENABLED <-> PROTOCOL-TELNET RuggedCom telnet initial banner (protocol-telnet.rules) * 1:21999 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file magic detection (file-identify.rules) * 1:22013 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file download request (file-identify.rules) * 1:22014 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (file-identify.rules) * 1:22015 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (file-identify.rules) * 1:22016 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (file-identify.rules) * 1:22017 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file download request (file-identify.rules) * 1:22018 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (file-identify.rules) * 1:22019 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (file-identify.rules) * 1:22020 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (file-identify.rules) * 1:22021 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file download request (file-identify.rules) * 1:22022 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (file-identify.rules) * 1:22023 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (file-identify.rules) * 1:22024 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (file-identify.rules) * 1:22025 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file download request (file-identify.rules) * 1:22026 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (file-identify.rules) * 1:22027 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (file-identify.rules) * 1:22028 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (file-identify.rules) * 1:22043 <-> ENABLED <-> FILE-IDENTIFY XM file download request (file-identify.rules) * 1:22044 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (file-identify.rules) * 1:22045 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (file-identify.rules) * 1:22046 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (file-identify.rules) * 1:22082 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file download request (file-identify.rules) * 1:22083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file attachment detected (file-identify.rules) * 1:22084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file attachment detected (file-identify.rules) * 1:22943 <-> ENABLED <-> FILE-IDENTIFY NAB file download request (file-identify.rules) * 1:22944 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules) * 1:22945 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules) * 1:22946 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules) * 1:22955 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules) * 1:22956 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules) * 1:22961 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules) * 1:22962 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules) * 1:22963 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RMP file attachment detected (file-identify.rules) * 1:22964 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RMP file attachment detected (file-identify.rules) * 1:22965 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules) * 1:22966 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules) * 1:22967 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules) * 1:22968 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules) * 1:22969 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules) * 1:22970 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules) * 1:22971 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file attachment detected (file-identify.rules) * 1:22972 <-> ENABLED <-> FILE-IDENTIFY m3u playlist file file attachment detected (file-identify.rules) * 1:22973 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules) * 1:22974 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules) * 1:22975 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules) * 1:22976 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules) * 1:22977 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules) * 1:22978 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules) * 1:22979 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules) * 1:22980 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules) * 1:22981 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules) * 1:22982 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules) * 1:22983 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules) * 1:22984 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules) * 1:22985 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules) * 1:22986 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules) * 1:22987 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules) * 1:22988 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules) * 1:22989 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules) * 1:22990 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules) * 1:22991 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules) * 1:22992 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules) * 1:22993 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules) * 1:22994 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules) * 1:22995 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules) * 1:22996 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules) * 1:22997 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules) * 1:22998 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules) * 1:22999 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules) * 1:23000 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules) * 1:23001 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules) * 1:23002 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules) * 1:23003 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules) * 1:23011 <-> ENABLED <-> FILE-IDENTIFY Collada file download request (file-identify.rules) * 1:23012 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules) * 1:23013 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules) * 1:23167 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file download request (file-identify.rules) * 1:23168 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules) * 1:23169 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules) * 1:23188 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23189 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23190 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23191 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23192 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23193 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23194 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23195 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23196 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23197 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23198 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23199 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23200 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23201 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23202 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23205 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23206 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23207 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23208 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk Manager Interface initial banner (protocol-voip.rules) * 1:23224 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit landing page Requested - 8Digit.html (exploit-kit.rules) * 1:23319 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (file-identify.rules) * 1:23320 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (file-identify.rules) * 1:23321 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (file-identify.rules) * 1:23322 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (file-identify.rules) * 1:23347 <-> ENABLED <-> FILE-IDENTIFY Lotus file download request (file-identify.rules) * 1:23348 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules) * 1:23349 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules) * 1:23393 <-> ENABLED <-> SQL IBM SolidDB initial banner (sql.rules) * 1:23474 <-> ENABLED <-> FILE-IDENTIFY PLP file download request (file-identify.rules) * 1:23475 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (file-identify.rules) * 1:23476 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (file-identify.rules) * 1:23477 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (file-identify.rules) * 1:23486 <-> ENABLED <-> FILE-IDENTIFY JOB file download request (file-identify.rules) * 1:23487 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules) * 1:23488 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules) * 1:23496 <-> ENABLED <-> FILE-IDENTIFY CUR file download request (file-identify.rules) * 1:23497 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules) * 1:23498 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules) * 1:23605 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.xx - v2.xx file magic detected (file-identify.rules) * 1:23616 <-> ENABLED <-> APP-DETECT Amazon Kindle 3.0 User-Agent string requested (app-detect.rules) * 1:23637 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules) * 1:23638 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules) * 1:23639 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules) * 1:23640 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules) * 1:23642 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (file-identify.rules) * 1:23643 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (file-identify.rules) * 1:23644 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (file-identify.rules) * 1:23645 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules) * 1:23646 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (file-identify.rules) * 1:23647 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules) * 1:23648 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:23649 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (file-identify.rules) * 1:23650 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules) * 1:23651 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23652 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23653 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23654 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23655 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23656 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23657 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23658 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules) * 1:23659 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules) * 1:23660 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (file-identify.rules) * 1:23661 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules) * 1:23662 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules) * 1:23663 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules) * 1:23664 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules) * 1:23665 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (file-identify.rules) * 1:23666 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:23667 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:23668 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (file-identify.rules) * 1:23669 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules) * 1:23670 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules) * 1:23671 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (file-identify.rules) * 1:23672 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (file-identify.rules) * 1:23673 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules) * 1:23674 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (file-identify.rules) * 1:23675 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (file-identify.rules) * 1:23676 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules) * 1:23677 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules) * 1:23678 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules) * 1:23679 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23680 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23681 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23682 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23683 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23684 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23685 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23687 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23688 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules) * 1:23689 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules) * 1:23690 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules) * 1:23691 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules) * 1:23692 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (file-identify.rules) * 1:23693 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules) * 1:23694 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (file-identify.rules) * 1:23695 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules) * 1:23696 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules) * 1:23697 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules) * 1:23698 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules) * 1:23701 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules) * 1:23703 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules) * 1:23707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules) * 1:23709 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules) * 1:23710 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules) * 1:23711 <-> ENABLED <-> FILE-IDENTIFY OLE Document file magic detected (file-identify.rules) * 1:23712 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules) * 1:23720 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules) * 1:23721 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules) * 1:23723 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules) * 1:23724 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules) * 1:23725 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules) * 1:23726 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules) * 1:23727 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules) * 1:23728 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules) * 1:23729 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules) * 1:23730 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules) * 1:23731 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (file-identify.rules) * 1:23732 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player .asf file magic detected (file-identify.rules) * 1:23733 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules) * 1:23734 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules) * 1:23735 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules) * 1:23736 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules) * 1:23737 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:23738 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23739 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23740 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23741 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23742 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23743 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23744 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23745 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23746 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23747 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23748 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules) * 1:23749 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules) * 1:23750 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules) * 1:23751 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:23752 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules) * 1:23753 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules) * 1:23754 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules) * 1:23755 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules) * 1:23758 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:23759 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:23760 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules) * 1:23761 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules) * 1:23762 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules) * 1:23763 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules) * 1:23764 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules) * 1:23765 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules) * 1:23769 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (file-identify.rules) * 1:23770 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (file-identify.rules) * 1:23771 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (file-identify.rules) * 1:23772 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (file-identify.rules) * 1:23773 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (file-identify.rules) * 1:23774 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules) * 1:23775 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (file-identify.rules) * 1:23776 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (file-identify.rules) * 1:23777 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.xx - v2.xx file magic detected (file-identify.rules) * 1:23807 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23808 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23809 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23810 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23811 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23812 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23813 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23814 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23815 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23816 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23817 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23818 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23819 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23820 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23821 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23822 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules) * 1:23823 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules) * 1:23839 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules) * 1:23849 <-> ENABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules) * 1:23969 <-> ENABLED <-> OS-MOBILE Android SMSZombie APK file download (os-mobile.rules) * 1:24004 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:24005 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:24045 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file download request (file-identify.rules) * 1:24046 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (file-identify.rules) * 1:24047 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (file-identify.rules) * 1:24048 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file download request (file-identify.rules) * 1:24049 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (file-identify.rules) * 1:24050 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (file-identify.rules) * 1:24074 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules) * 1:24075 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules) * 1:24076 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules) * 1:24078 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules) * 1:24079 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules) * 1:24080 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:24081 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:24089 <-> ENABLED <-> OS-WINDOWS Microsoft WebDAV PROPFIND request (os-windows.rules) * 1:24100 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules) * 1:24101 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules) * 1:2419 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .ram playlist file download request (file-identify.rules) * 1:24190 <-> ENABLED <-> FILE-IDENTIFY X PixMap file magic detected (file-identify.rules) * 1:2420 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rmp playlist file download request (file-identify.rules) * 1:24206 <-> ENABLED <-> FILE-IDENTIFY LZH archive file magic detected (file-identify.rules) * 1:24213 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24218 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:24219 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:2422 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rt playlist file download request (file-identify.rules) * 1:2423 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rp playlist file download request (file-identify.rules) * 1:24284 <-> ENABLED <-> FILE-OFFICE Microsoft Office Drawing object code execution attempt (file-office.rules) * 1:24313 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent request attempt (server-webapp.rules) * 1:24359 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules) * 1:2436 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file download request (file-identify.rules) * 1:24406 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MiniFlame variant outbound connection (malware-cnc.rules) * 1:24407 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MiniFlame variant outbound connection (malware-cnc.rules) * 1:24412 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules) * 1:24413 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules) * 1:24453 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules) * 1:24454 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules) * 1:24455 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24456 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24457 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24458 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24459 <-> ENABLED <-> FILE-IDENTIFY PSD file download request (file-identify.rules) * 1:24460 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (file-identify.rules) * 1:24461 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (file-identify.rules) * 1:24462 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (file-identify.rules) * 1:24463 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:24464 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:24465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules) * 1:24466 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (file-identify.rules) * 1:24467 <-> ENABLED <-> FILE-IDENTIFY XCF file download request (file-identify.rules) * 1:24468 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (file-identify.rules) * 1:24469 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (file-identify.rules) * 1:24470 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (file-identify.rules) * 1:24471 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (file-identify.rules) * 1:24472 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules) * 1:24473 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules) * 1:24483 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:24484 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:24554 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules) * 1:24555 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules) * 1:24599 <-> ENABLED <-> FILE-IDENTIFY Alt-N MDaemon IMAP Server (file-identify.rules) * 1:24651 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file download request (file-identify.rules) * 1:24708 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file download request (file-identify.rules) * 1:24709 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules) * 1:24710 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules) * 1:24719 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP call state message offhook (protocol-voip.rules) * 1:24816 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24817 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24818 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules) * 1:24819 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules) * 1:24820 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file download request (file-identify.rules) * 1:24821 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules) * 1:24822 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules) * 1:24824 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file download request (file-identify.rules) * 1:24825 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules) * 1:24826 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules) * 1:24901 <-> ENABLED <-> FILE-IDENTIFY JNLP file download request (file-identify.rules) * 1:24902 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules) * 1:24903 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules) * 1:24972 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 find file and directory info request (netbios.rules) * 1:25014 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file magic detected (file-identify.rules) * 1:25032 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file download request (file-identify.rules) * 1:25033 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules) * 1:25034 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules) * 1:25041 <-> ENABLED <-> EXPLOIT-KIT Java User-Agent flowbit set (exploit-kit.rules) * 1:25062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (file-identify.rules) * 1:25305 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file magic detected (file-identify.rules) * 1:25306 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file download request (file-identify.rules) * 1:25307 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules) * 1:25308 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules) * 1:25373 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file download request (file-identify.rules) * 1:25374 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (file-identify.rules) * 1:25375 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (file-identify.rules) * 1:25516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (file-identify.rules) * 1:25517 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (file-identify.rules) * 1:25602 <-> ENABLED <-> SERVER-OTHER Sybase Open Server TDS login request (server-other.rules) * 1:25604 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file download request (file-identify.rules) * 1:25605 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (file-identify.rules) * 1:25606 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (file-identify.rules) * 1:25680 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player embedded compact font detected (file-identify.rules) * 1:25682 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player embedded compact font detected (file-identify.rules) * 1:25928 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25929 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25930 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25931 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25932 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25933 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25934 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25935 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25936 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25937 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25938 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25939 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25940 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25941 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25942 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25943 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:10097 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53983 <-> ENABLED <-> OS-WINDOWS Windows print spooler elevation of privilege attempt (os-windows.rules) * 1:53967 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules) * 1:53969 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules) * 1:53964 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784064-0 download attempt (malware-other.rules) * 1:53965 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784063-0 download attempt (malware-other.rules) * 1:53975 <-> DISABLED <-> INDICATOR-COMPROMISE CobaltStrike multiple large DNS TXT query responses (indicator-compromise.rules) * 1:53961 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7783851-0 download attempt (malware-other.rules) * 1:53984 <-> DISABLED <-> OS-WINDOWS Windows print spooler elevation of privilege attempt (os-windows.rules) * 1:53971 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andariel outbound connection attempt (malware-cnc.rules) * 1:53970 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules) * 1:53977 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules) * 1:53980 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-7784396-0 download attempt (malware-other.rules) * 1:53968 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules) * 1:53982 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Palevo-7785322-0 download attempt (malware-other.rules) * 1:53974 <-> DISABLED <-> MALWARE-OTHER CobaltStrike powershell web delivery attempt (malware-other.rules) * 1:53972 <-> ENABLED <-> MALWARE-OTHER CobaltStrike beacon.dll DNS download attempt (malware-other.rules) * 1:53985 <-> ENABLED <-> INDICATOR-COMPROMISE msiexec.exe command execution over DNS attempt (indicator-compromise.rules) * 1:53960 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif malicious outbound connection attempt - gravity generated detection (malware-other.rules) * 1:53981 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Palevo-7785322-0 download attempt (malware-other.rules) * 1:53978 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules) * 1:53966 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784063-0 download attempt (malware-other.rules) * 1:53979 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-7784396-0 download attempt (malware-other.rules) * 1:53976 <-> DISABLED <-> BROWSER-WEBKIT WebKit use-after-free remote code execution attempt (browser-webkit.rules) * 1:53973 <-> DISABLED <-> MALWARE-OTHER CobaltStrike powershell web delivery attempt (malware-other.rules) * 1:53962 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7783851-0 download attempt (malware-other.rules) * 1:53963 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784064-0 download attempt (malware-other.rules)
* 1:38461 <-> ENABLED <-> OS-WINDOWS DCERPC Bind auth level packet privacy connection detected (os-windows.rules) * 1:35795 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (file-identify.rules) * 1:49515 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:32616 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (file-identify.rules) * 1:26903 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (file-identify.rules) * 1:27277 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file download request (file-identify.rules) * 1:32005 <-> ENABLED <-> MALWARE-BACKDOOR AlienSpy RAT outbound connection (malware-backdoor.rules) * 1:33640 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file download request (file-identify.rules) * 1:40017 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file download request (file-identify.rules) * 1:31773 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:36711 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file attachment detected (file-identify.rules) * 1:27121 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules) * 1:33666 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file download request (file-identify.rules) * 1:32251 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules) * 1:33668 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (file-identify.rules) * 1:40981 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules) * 1:39777 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (file-identify.rules) * 1:32947 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file download request (file-identify.rules) * 1:44030 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint ppt file attachment detected file attachment detected (file-identify.rules) * 1:27276 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules) * 1:36816 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 IAKERB outbound token detected (server-other.rules) * 1:28572 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules) * 1:31703 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:28898 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules) * 1:44231 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word doc file attachment detected (file-identify.rules) * 1:26904 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (file-identify.rules) * 1:42370 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:31591 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules) * 1:40021 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules) * 1:3135 <-> ENABLED <-> NETBIOS SMB Trans2 QUERY_FILE_INFO attempt (netbios.rules) * 1:31675 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules) * 1:39903 <-> ENABLED <-> FILE-OFFICE Microsoft Windows RTF file with embedded object package SMTP upload attempt (file-office.rules) * 1:27275 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules) * 1:29007 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (file-identify.rules) * 1:49513 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:3142 <-> ENABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 andx attempt (netbios.rules) * 1:28370 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules) * 1:35980 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (file-identify.rules) * 1:30014 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules) * 1:32165 <-> ENABLED <-> FILE-IDENTIFY SVG file magic detected (file-identify.rules) * 1:50875 <-> ENABLED <-> FILE-IDENTIFY Fax Cover Page file magic detected (file-identify.rules) * 1:51024 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:49516 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:51992 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:42223 <-> ENABLED <-> FILE-IDENTIFY AOP file download request (file-identify.rules) * 1:49794 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49793 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:51994 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:50870 <-> ENABLED <-> APP-DETECT Quagga password challenge detected (app-detect.rules) * 1:51993 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:52056 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules) * 1:53213 <-> ENABLED <-> PROTOCOL-OTHER MQTT Connect control packet detected (protocol-other.rules) * 1:26058 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:38855 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (file-identify.rules) * 1:31776 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:35797 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file download request (file-identify.rules) * 1:38306 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (file-identify.rules) * 1:30757 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:42259 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:39776 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (file-identify.rules) * 1:28901 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file download request (file-identify.rules) * 1:33641 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (file-identify.rules) * 1:40979 <-> ENABLED <-> FILE-IDENTIFY ico file download request (file-identify.rules) * 1:35796 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (file-identify.rules) * 1:42918 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:37546 <-> ENABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager connection attempt (server-other.rules) * 1:29275 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules) * 1:42371 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:28574 <-> ENABLED <-> FILE-IDENTIFY FDF file download request (file-identify.rules) * 1:28610 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit exploit payload retreive attempt (exploit-kit.rules) * 1:26061 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:28900 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules) * 1:28369 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules) * 1:35852 <-> ENABLED <-> FILE-IDENTIFY JPEG file upload detected (file-identify.rules) * 1:26062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:30972 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Silverlight landing page (exploit-kit.rules) * 1:35455 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules) * 1:38292 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (file-identify.rules) * 1:26063 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file download request (file-identify.rules) * 1:35688 <-> ENABLED <-> PROTOCOL-OTHER MiniUPNP rootdesc.xml file request (protocol-other.rules) * 1:29514 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules) * 1:32252 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules) * 1:30017 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules) * 1:30015 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules) * 1:49520 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49791 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49519 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49792 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49517 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49518 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:51268 <-> ENABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 download load file attempt (file-other.rules) * 1:42368 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:28896 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file attachment detected (file-identify.rules) * 1:42256 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB anonymous user session setup request detected (os-windows.rules) * 1:26064 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file attachment detected (file-identify.rules) * 1:27022 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules) * 1:4143 <-> ENABLED <-> SERVER-OTHER lpd receive printer job cascade adaptor protocol request (server-other.rules) * 1:50874 <-> ENABLED <-> FILE-IDENTIFY Fax Cover Page file magic detected (file-identify.rules) * 1:28894 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules) * 1:36815 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO incoming token detected (server-other.rules) * 1:29008 <-> ENABLED <-> FILE-IDENTIFY XWD image file download request (file-identify.rules) * 1:49514 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:48555 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules) * 1:32878 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules) * 1:30532 <-> ENABLED <-> FILE-MULTIMEDIA CoCSoft Stream Download session (file-multimedia.rules) * 1:29386 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules) * 1:42261 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (file-identify.rules) * 1:43099 <-> ENABLED <-> SERVER-WEBAPP Simple SCADA web-socket connection initialization attempt (server-webapp.rules) * 1:31481 <-> ENABLED <-> SERVER-OTHER OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:35981 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (file-identify.rules) * 1:29162 <-> ENABLED <-> FILE-IDENTIFY CIS file download request (file-identify.rules) * 1:29407 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file download request (file-identify.rules) * 1:3140 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 andx attempt (netbios.rules) * 1:38863 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules) * 1:32135 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules) * 1:26065 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file attachment detected (file-identify.rules) * 1:32525 <-> ENABLED <-> BROWSER-OTHER FreeBSD tnftp client detected (browser-other.rules) * 1:48553 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file download request (file-identify.rules) * 1:43364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:40020 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules) * 1:42072 <-> DISABLED <-> SERVER-WEBAPP Aultware pwStore denial of service attempt (server-webapp.rules) * 1:37785 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules) * 1:3137 <-> ENABLED <-> NETBIOS SMB-DS Trans2 QUERY_FILE_INFO attempt (netbios.rules) * 1:39778 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file download request (file-identify.rules) * 1:32880 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound payload request (exploit-kit.rules) * 1:29274 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules) * 1:33667 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (file-identify.rules) * 1:29752 <-> ENABLED <-> SERVER-WEBAPP HP Intelligent Management Center SOM authentication bypass attempt (server-webapp.rules) * 1:42363 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:46394 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file attachment detected (file-identify.rules) * 1:40391 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file download request (file-identify.rules) * 1:26083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:28571 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules) * 1:26084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:34396 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules) * 1:26085 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:30018 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file download request (file-identify.rules) * 1:28368 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules) * 1:31871 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules) * 1:26126 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file download request (file-identify.rules) * 1:35457 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules) * 1:31482 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:32618 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file download request (file-identify.rules) * 1:49512 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:37786 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules) * 1:37787 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules) * 1:38865 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules) * 1:26516 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (file-identify.rules) * 1:35250 <-> ENABLED <-> FILE-IDENTIFY GNI file magic detected (file-identify.rules) * 1:46367 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file download detected (file-identify.rules) * 1:29439 <-> ENABLED <-> FILE-IDENTIFY MSI file download request (file-identify.rules) * 1:34398 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download attempt (file-identify.rules) * 1:40892 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (file-identify.rules) * 1:31775 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:29614 <-> ENABLED <-> FILE-IDENTIFY XPS file download request (file-identify.rules) * 1:36748 <-> ENABLED <-> FILE-IDENTIFY TTF file attachment detected (file-identify.rules) * 1:43002 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules) * 1:40980 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules) * 1:35458 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules) * 1:32945 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (file-identify.rules) * 1:48554 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules) * 1:44442 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (file-identify.rules) * 1:42366 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:43363 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:26127 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules) * 1:35248 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (file-identify.rules) * 1:35433 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules) * 1:40118 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file download request (file-identify.rules) * 1:40119 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file attachment detected (file-identify.rules) * 1:32380 <-> ENABLED <-> FILE-IDENTIFY dib file attachment detected (file-identify.rules) * 1:28497 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file magic detected (file-identify.rules) * 1:38862 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file download request (file-identify.rules) * 1:38864 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules) * 1:40908 <-> ENABLED <-> SERVER-OTHER Foscam C1 backdoor account ftp login attempt (server-other.rules) * 1:29405 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules) * 1:3665 <-> ENABLED <-> SERVER-MYSQL server greeting (server-mysql.rules) * 1:29406 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules) * 1:42364 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:44275 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:26128 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules) * 1:35456 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules) * 1:32345 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules) * 1:29612 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules) * 1:28508 <-> ENABLED <-> FILE-IDENTIFY Microsoft Write file download file attachment detected (file-identify.rules) * 1:37784 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules) * 1:3136 <-> ENABLED <-> NETBIOS SMB Trans2 QUERY_FILE_INFO andx attempt (netbios.rules) * 1:40035 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules) * 1:32378 <-> ENABLED <-> FILE-IDENTIFY bmp file attachment detected (file-identify.rules) * 1:38307 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (file-identify.rules) * 1:44165 <-> ENABLED <-> SERVER-WEBAPP websocket protocol upgrade request detected (server-webapp.rules) * 1:28384 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (file-identify.rules) * 1:49495 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:26206 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file download request (file-identify.rules) * 1:26207 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (file-identify.rules) * 1:28899 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules) * 1:34397 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download request (file-identify.rules) * 1:26517 <-> ENABLED <-> FILE-IDENTIFY maplet bin file download attempt (file-identify.rules) * 1:32946 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (file-identify.rules) * 1:43891 <-> ENABLED <-> MALWARE-OTHER Win.Malware.Emotet variant lateral propagation (malware-other.rules) * 1:30759 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:48556 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules) * 1:41081 <-> ENABLED <-> SERVER-OTHER Tarantool initial connection banner detected (server-other.rules) * 1:42257 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (file-identify.rules) * 1:26515 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (file-identify.rules) * 1:43067 <-> ENABLED <-> PROTOCOL-IMAP IMAP CRAM-MD5 authentication attempt (protocol-imap.rules) * 1:35459 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file download request (file-identify.rules) * 1:28383 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (file-identify.rules) * 1:40018 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules) * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:26208 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (file-identify.rules) * 1:30758 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:35432 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules) * 1:40120 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file attachment detected (file-identify.rules) * 1:26251 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:31484 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:37418 <-> ENABLED <-> MALWARE-BACKDOOR Adzok RAT inbound connection (malware-backdoor.rules) * 1:40891 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file download request (file-identify.rules) * 1:26059 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:30969 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Internet Explorer landing page (exploit-kit.rules) * 1:36058 <-> ENABLED <-> FILE-IDENTIFY OLE Document upload detected (file-identify.rules) * 1:26429 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP malformed onStatus message type confusion attempt (file-flash.rules) * 1:33221 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules) * 1:32617 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (file-identify.rules) * 1:30756 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:29385 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules) * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules) * 1:33825 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules) * 1:33028 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file download request (file-identify.rules) * 1:40065 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NFS Server NULL pointer dereference denial-of-service attempt (os-windows.rules) * 1:32134 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules) * 1:38291 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (file-identify.rules) * 1:37788 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file download request (file-identify.rules) * 1:34631 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file download request (file-identify.rules) * 1:28367 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules) * 1:31676 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules) * 1:43003 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules) * 1:40390 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (file-identify.rules) * 1:40389 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (file-identify.rules) * 1:26458 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file download request (file-identify.rules) * 1:34630 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules) * 1:35249 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (file-identify.rules) * 1:42369 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:28507 <-> ENABLED <-> FILE-IDENTIFY Microsoft Write file download file attachment detected (file-identify.rules) * 1:3141 <-> ENABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 attempt (netbios.rules) * 1:26465 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules) * 1:40387 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (file-identify.rules) * 1:33026 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules) * 1:35247 <-> ENABLED <-> FILE-IDENTIFY GNI file download request (file-identify.rules) * 1:33642 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (file-identify.rules) * 1:26060 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules) * 1:40388 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (file-identify.rules) * 1:31774 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:38854 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (file-identify.rules) * 1:31483 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:28573 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules) * 1:26902 <-> ENABLED <-> FILE-IDENTIFY Android APK download request (file-identify.rules) * 1:45515 <-> ENABLED <-> NETBIOS SMB SESSION_SETUP subcommand detected (netbios.rules) * 1:42367 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:38866 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules) * 1:42332 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant ping command (malware-cnc.rules) * 1:43080 <-> ENABLED <-> BROWSER-OTHER Foscam IP Camera User-Agent string detected (browser-other.rules) * 1:28895 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules) * 1:34395 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules) * 1:29006 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (file-identify.rules) * 1:49497 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:32877 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules) * 1:31702 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:42262 <-> ENABLED <-> FILE-IDENTIFY ISO file download request (file-identify.rules) * 1:26466 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules) * 1:26514 <-> ENABLED <-> FILE-IDENTIFY maplet file download attempt (file-identify.rules) * 1:28425 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules) * 1:33027 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules) * 1:34629 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules) * 1:3139 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 attempt (netbios.rules) * 1:28897 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules) * 1:38852 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (file-identify.rules) * 1:29276 <-> ENABLED <-> FILE-IDENTIFY XFDL file download request (file-identify.rules) * 1:29384 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file download request (file-identify.rules) * 1:40893 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (file-identify.rules) * 1:32253 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file download request (file-identify.rules) * 1:42258 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:38853 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (file-identify.rules) * 1:30016 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules) * 1:27542 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules) * 1:29613 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules) * 1:3551 <-> ENABLED <-> FILE-IDENTIFY HTA file download request (file-identify.rules) * 1:40019 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules) * 1:30760 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file download request (file-identify.rules) * 1:42365 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:3138 <-> ENABLED <-> NETBIOS SMB-DS Trans2 QUERY_FILE_INFO andx attempt (netbios.rules) * 1:28382 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index file download request (file-identify.rules) * 1:26494 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules) * 1:42260 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:36531 <-> ENABLED <-> FILE-IDENTIFY Oracle Java JMX management loading mlet detected (file-identify.rules) * 1:26492 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file download request (file-identify.rules) * 1:44441 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (file-identify.rules) * 1:26644 <-> ENABLED <-> SERVER-OTHER SSL TLS DEFLATE compression detected (server-other.rules) * 1:27543 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules) * 1:35979 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file download request (file-identify.rules) * 1:26493 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules) * 1:46393 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file detected (file-identify.rules) * 1:28570 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules) * 1:38851 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file download request (file-identify.rules) * 1:40036 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules) * 1:25945 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:26057 <-> ENABLED <-> FILE-IDENTIFY ZIP file download detected (file-identify.rules) * 1:25944 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:10097 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules) * 1:53861 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Astaroth outbound beacon (malware-cnc.rules) * 1:6010 <-> ENABLED <-> SERVER-OTHER VERITAS NetBackup vnetd connection attempt (server-other.rules) * 1:6469 <-> ENABLED <-> SERVER-OTHER RealVNC connection attempt (server-other.rules) * 1:6472 <-> ENABLED <-> MALWARE-BACKDOOR bugs runtime detection - file manager client-to-server (malware-backdoor.rules) * 1:7106 <-> ENABLED <-> MALWARE-BACKDOOR girlfriend runtime detection (malware-backdoor.rules) * 1:7111 <-> ENABLED <-> MALWARE-BACKDOOR fearless lite 1.01 runtime detection (malware-backdoor.rules) * 1:7506 <-> ENABLED <-> MALWARE-TOOLS Hacker-Tool coma runtime detection - init connection - flowbit set (malware-tools.rules) * 1:7641 <-> ENABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client-to-server (malware-backdoor.rules) * 1:8355 <-> ENABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection (malware-other.rules) * 1:8445 <-> ENABLED <-> FILE-OFFICE Microsoft Windows RTF file with embedded object package download attempt (file-office.rules) * 1:9845 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules) * 1:10099 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules) * 1:10103 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules) * 1:10104 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules) * 1:10110 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.1.2 runtime detection (malware-backdoor.rules) * 1:10450 <-> ENABLED <-> MALWARE-BACKDOOR only 1 rat runtime detection - control command (malware-backdoor.rules) * 1:10455 <-> ENABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (malware-backdoor.rules) * 1:10460 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - get system info (malware-backdoor.rules) * 1:10462 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - explorer (malware-backdoor.rules) * 1:11004 <-> ENABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication request detected (protocol-imap.rules) * 1:11322 <-> ENABLED <-> MALWARE-BACKDOOR sohoanywhere runtime detection (malware-backdoor.rules) * 1:11835 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules) * 1:11953 <-> ENABLED <-> MALWARE-BACKDOOR supervisor plus runtime detection (malware-backdoor.rules) * 1:12054 <-> ENABLED <-> MALWARE-BACKDOOR tron runtime detection - init connection - flowbit set (malware-backdoor.rules) * 1:12129 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - get sys info (malware-other.rules) * 1:12131 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - keylogging (malware-other.rules) * 1:12133 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - open url (malware-other.rules) * 1:12135 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - fun (malware-other.rules) * 1:12142 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - init connection (malware-backdoor.rules) * 1:12144 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - rpc setup (malware-backdoor.rules) * 1:12146 <-> ENABLED <-> MALWARE-BACKDOOR blue eye 1.0b runtime detection - init connection (malware-backdoor.rules) * 1:12148 <-> ENABLED <-> MALWARE-BACKDOOR back orifice 2006 - v1.1.5 runtime detection - init connection (malware-backdoor.rules) * 1:12150 <-> ENABLED <-> MALWARE-BACKDOOR cafeini 1.0 runtime detection - init connection (malware-backdoor.rules) * 1:12153 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules) * 1:12154 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules) * 1:12156 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules) * 1:12157 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules) * 1:12160 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules) * 1:12161 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules) * 1:12163 <-> ENABLED <-> MALWARE-BACKDOOR cobra uploader 1.0 runtime detection (malware-backdoor.rules) * 1:12182 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules) * 1:12233 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with no password (malware-backdoor.rules) * 1:12235 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with password (malware-backdoor.rules) * 1:12237 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - ftp (malware-backdoor.rules) * 1:12240 <-> ENABLED <-> MALWARE-BACKDOOR genie 1.7 runtime detection - init connection (malware-backdoor.rules) * 1:12242 <-> ENABLED <-> MALWARE-BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (malware-backdoor.rules) * 1:12283 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules) * 1:12297 <-> ENABLED <-> MALWARE-BACKDOOR bifrost v1.2.1 runtime detection (malware-backdoor.rules) * 1:12373 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - initial connection (malware-backdoor.rules) * 1:12375 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - login & remote control (malware-backdoor.rules) * 1:12377 <-> ENABLED <-> MALWARE-BACKDOOR shark 2.3.2 runtime detection (malware-backdoor.rules) * 1:12454 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules) * 1:12455 <-> ENABLED <-> FILE-IDENTIFY SAP Crystal Reports file download request (file-identify.rules) * 1:12699 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.3.0 runtime detection - init connection (malware-backdoor.rules) * 1:12724 <-> ENABLED <-> MALWARE-BACKDOOR dark moon 4.11 runtime detection (malware-backdoor.rules) * 1:12726 <-> ENABLED <-> MALWARE-BACKDOOR bandook 1.35 runtime detection (malware-backdoor.rules) * 1:12758 <-> ENABLED <-> MALWARE-OTHER Keylogger/RAT digi watcher 2.32 runtime detection (malware-other.rules) * 1:12760 <-> ENABLED <-> MALWARE-OTHER Keylogger powered Keylogger 2.2 runtime detection (malware-other.rules) * 1:12792 <-> ENABLED <-> MALWARE-OTHER Keylogger spy lantern Keylogger pro 6.0 runtime detection (malware-other.rules) * 1:12972 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player asf/wmv/wma file magic detected (file-identify.rules) * 1:13236 <-> ENABLED <-> MALWARE-OTHER Keylogger active Keylogger 3.9.2 runtime detection (malware-other.rules) * 1:13243 <-> ENABLED <-> MALWARE-OTHER Keylogger computer monitor 1.1 by lastcomfort runtime detection (malware-other.rules) * 1:13247 <-> ENABLED <-> MALWARE-BACKDOOR yuri 1.2 runtime detection - init connection (malware-backdoor.rules) * 1:13278 <-> ENABLED <-> MALWARE-OTHER Keylogger advanced spy 4.0 runtime detection (malware-other.rules) * 1:13280 <-> ENABLED <-> MALWARE-OTHER Keylogger email spy monitor 6.9 runtime detection (malware-other.rules) * 1:13346 <-> ENABLED <-> PUA-ADWARE Snoopware remote desktop inspector outbound connection - init connection (pua-adware.rules) * 1:13465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file download request (file-identify.rules) * 1:13479 <-> ENABLED <-> MALWARE-OTHER Keylogger findnot guarddog 4.0 runtime detection (malware-other.rules) * 1:13483 <-> ENABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - updates automatically (pua-toolbars.rules) * 1:13506 <-> ENABLED <-> MALWARE-BACKDOOR evilotus 1.3.2 runtime detection - init connection (malware-backdoor.rules) * 1:13515 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime user agent (file-multimedia.rules) * 1:13583 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file download request (file-identify.rules) * 1:13584 <-> ENABLED <-> FILE-IDENTIFY CSV file download request (file-identify.rules) * 1:13585 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules) * 1:13767 <-> ENABLED <-> MALWARE-OTHER Keylogger cyber sitter runtime detection (malware-other.rules) * 1:13797 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules) * 1:13801 <-> ENABLED <-> FILE-IDENTIFY RTF file download request (file-identify.rules) * 1:13898 <-> ENABLED <-> APP-DETECT Apple iTunes client request for server info (app-detect.rules) * 1:13915 <-> ENABLED <-> FILE-IDENTIFY BAK file download request (file-identify.rules) * 1:13938 <-> ENABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant outbound connection (pua-adware.rules) * 1:13943 <-> ENABLED <-> PUA-ADWARE Trickler dropper agent.rqg outbound connection (pua-adware.rules) * 1:13983 <-> ENABLED <-> FILE-IDENTIFY EPS file download request (file-identify.rules) * 1:14017 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file download request (file-identify.rules) * 1:14018 <-> ENABLED <-> FILE-IDENTIFY PLS multimedia playlist file download request (file-identify.rules) * 1:14264 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player playlist download (file-identify.rules) * 1:15013 <-> ENABLED <-> FILE-IDENTIFY PDF file download request (file-identify.rules) * 1:15079 <-> ENABLED <-> FILE-IDENTIFY WAV file download request (file-identify.rules) * 1:15158 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file download request (file-identify.rules) * 1:15237 <-> ENABLED <-> FILE-IDENTIFY Java .class file download request (file-identify.rules) * 1:15239 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules) * 1:15240 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules) * 1:15294 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file download request (file-identify.rules) * 1:15319 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules) * 1:15320 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules) * 1:15321 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules) * 1:15322 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules) * 1:15323 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules) * 1:15324 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules) * 1:15325 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules) * 1:15326 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules) * 1:15361 <-> ENABLED <-> FILE-PDF pdf file sent via email (file-pdf.rules) * 1:15385 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file download request (file-identify.rules) * 1:15426 <-> ENABLED <-> FILE-IDENTIFY MAKI file download request (file-identify.rules) * 1:15427 <-> ENABLED <-> FILE-IDENTIFY SVG file download request (file-identify.rules) * 1:15444 <-> ENABLED <-> FILE-IDENTIFY Core Audio Format file download request (file-identify.rules) * 1:15463 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:15464 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:15468 <-> ENABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat dll request (browser-ie.rules) * 1:15483 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:15516 <-> ENABLED <-> FILE-IDENTIFY AVI multimedia file download request (file-identify.rules) * 1:15518 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file download request (file-identify.rules) * 1:15582 <-> ENABLED <-> FILE-IDENTIFY ARJ format file download request (file-identify.rules) * 1:15586 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules) * 1:15587 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules) * 1:15865 <-> ENABLED <-> FILE-IDENTIFY MP4 file download request (file-identify.rules) * 1:15870 <-> ENABLED <-> FILE-IDENTIFY 4XM file download request (file-identify.rules) * 1:15900 <-> ENABLED <-> FILE-IDENTIFY Audio Interchange file download request (file-identify.rules) * 1:15921 <-> ENABLED <-> FILE-IDENTIFY Microsoft multimedia format file download request (file-identify.rules) * 1:15922 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules) * 1:15945 <-> ENABLED <-> FILE-IDENTIFY RSS file download request (file-identify.rules) * 1:15987 <-> ENABLED <-> FILE-IDENTIFY DXF file download request (file-identify.rules) * 1:16061 <-> ENABLED <-> FILE-IDENTIFY X PixMap file download request (file-identify.rules) * 1:16143 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules) * 1:16205 <-> ENABLED <-> FILE-IDENTIFY BMP file download request (file-identify.rules) * 1:16219 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules) * 1:16254 <-> ENABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (pua-adware.rules) * 1:16286 <-> ENABLED <-> FILE-IDENTIFY TrueType font file download request (file-identify.rules) * 1:16381 <-> ENABLED <-> NETBIOS SMB session negotiation request (netbios.rules) * 1:16406 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16407 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker project file download request (file-identify.rules) * 1:16474 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules) * 1:16476 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducer file download request (file-identify.rules) * 1:16477 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerZ file download request (file-identify.rules) * 1:16478 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerBF file download request (file-identify.rules) * 1:16529 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16538 <-> ENABLED <-> NETBIOS NT QUERY SECURITY DESC flowbit (netbios.rules) * 1:16556 <-> ENABLED <-> FILE-OTHER 2imaegshack/lmageshack IM worm get request attempt (file-other.rules) * 1:16594 <-> ENABLED <-> PROTOCOL-POP STAT command (protocol-pop.rules) * 1:16630 <-> ENABLED <-> FILE-IDENTIFY DAT file download request (file-identify.rules) * 1:16691 <-> ENABLED <-> FILE-IDENTIFY PLF playlist file download request (file-identify.rules) * 1:16742 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file download request (file-identify.rules) * 1:16754 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand andx create tree attempt (netbios.rules) * 1:16755 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand create tree attempt (netbios.rules) * 1:16756 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode andx create tree attempt (netbios.rules) * 1:16757 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode create tree attempt (netbios.rules) * 1:17116 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASX file download request (file-identify.rules) * 1:17151 <-> ENABLED <-> NETBIOS SMB negotiate protocol request - ascii strings (netbios.rules) * 1:17229 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules) * 1:17230 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules) * 1:17241 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media wmv file download request (file-identify.rules) * 1:17259 <-> ENABLED <-> FILE-IDENTIFY MOV file download request (file-identify.rules) * 1:17314 <-> ENABLED <-> FILE-IDENTIFY OLE document file magic detected (file-identify.rules) * 1:17327 <-> ENABLED <-> SERVER-MAIL Qualcomm WorldMail Server Response (server-mail.rules) * 1:17332 <-> ENABLED <-> SERVER-MAIL Content-Disposition attachment (server-mail.rules) * 1:17359 <-> ENABLED <-> FILE-IDENTIFY XBM image file download request (file-identify.rules) * 1:17364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Help Workshop CNT Help file download request (file-identify.rules) * 1:17370 <-> ENABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules) * 1:17380 <-> ENABLED <-> FILE-IDENTIFY PNG file download request (file-identify.rules) * 1:17394 <-> ENABLED <-> FILE-IDENTIFY GIF file download request (file-identify.rules) * 1:17396 <-> ENABLED <-> SERVER-OTHER VNC client authentication response (server-other.rules) * 1:17418 <-> ENABLED <-> SERVER-ORACLE Oracle connection established (server-oracle.rules) * 1:17426 <-> ENABLED <-> FILE-IDENTIFY RAT file download request (file-identify.rules) * 1:17441 <-> ENABLED <-> FILE-IDENTIFY LNK file download request (file-identify.rules) * 1:17447 <-> ENABLED <-> SERVER-WEBAPP 407 Proxy Authentication Required (server-webapp.rules) * 1:17508 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file download request (file-identify.rules) * 1:17509 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Manifest file download request (file-identify.rules) * 1:17534 <-> ENABLED <-> SERVER-OTHER IPP Application Content (server-other.rules) * 1:17540 <-> ENABLED <-> FILE-IDENTIFY LZH file download request (file-identify.rules) * 1:17547 <-> ENABLED <-> FILE-IDENTIFY SMIL file download request (file-identify.rules) * 1:17552 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file download request (file-identify.rules) * 1:17598 <-> ENABLED <-> SERVER-OTHER IBM DB2 Universal Database accsec command without rdbnam (server-other.rules) * 1:17600 <-> ENABLED <-> FILE-IDENTIFY XUL file download request (file-identify.rules) * 1:17679 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules) * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (file-identify.rules) * 1:17733 <-> ENABLED <-> FILE-IDENTIFY XML file download request (file-identify.rules) * 1:17739 <-> ENABLED <-> FILE-IDENTIFY FlashPix file download request (file-identify.rules) * 1:17745 <-> ENABLED <-> NETBIOS SMB TRANS2 Find_First2 request attempt (netbios.rules) * 1:17751 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file download request (file-identify.rules) * 1:17801 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules) * 1:17802 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules) * 1:17809 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime qt file download request (file-identify.rules) * 1:18234 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules) * 1:18273 <-> ENABLED <-> FILE-IDENTIFY BAT file download request (file-identify.rules) * 1:18274 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Mail file download request (file-identify.rules) * 1:18516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules) * 1:18593 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file download request (file-identify.rules) * 1:18675 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules) * 1:19128 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules) * 1:19129 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules) * 1:19166 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules) * 1:19190 <-> ENABLED <-> NETBIOS SMB-DS Trans2 Distributed File System GET_DFS_REFERRAL request (netbios.rules) * 1:19211 <-> ENABLED <-> FILE-IDENTIFY ZIP archive file download request (file-identify.rules) * 1:19215 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file download request (file-identify.rules) * 1:19218 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules) * 1:19224 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex wrf file download request (file-identify.rules) * 1:19252 <-> ENABLED <-> FILE-IDENTIFY language.engtesselate.ln file download request (file-identify.rules) * 1:19289 <-> ENABLED <-> FILE-IDENTIFY MHTML file download request (file-identify.rules) * 1:19299 <-> ENABLED <-> SERVER-OTHER banner.txt access - possible compromised multi-mesh injection server (server-other.rules) * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:19324 <-> ENABLED <-> MALWARE-OTHER Keylogger WL-Keylogger inbound connection (malware-other.rules) * 1:19326 <-> ENABLED <-> PUA-ADWARE Classroom Spy Professional outbound connection - initial connection (pua-adware.rules) * 1:19392 <-> ENABLED <-> MALWARE-OTHER Keylogger Monitor.win32.perflogger (malware-other.rules) * 1:19422 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules) * 1:19423 <-> ENABLED <-> FILE-IDENTIFY MKV file download request (file-identify.rules) * 1:19424 <-> ENABLED <-> FILE-IDENTIFY MKA file download request (file-identify.rules) * 1:19425 <-> ENABLED <-> FILE-IDENTIFY MKS file download request (file-identify.rules) * 1:19430 <-> ENABLED <-> FILE-IDENTIFY MIDI file download request (file-identify.rules) * 1:19816 <-> ENABLED <-> NETBIOS Juniper NeoterisSetupService named pipe access attempt (netbios.rules) * 1:19899 <-> ENABLED <-> MALWARE-OTHER Tong Keylogger outbound connectiooutbound connection (malware-other.rules) * 1:19907 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules) * 1:20032 <-> ENABLED <-> FILE-IDENTIFY MIME file type file download request (file-identify.rules) * 1:20223 <-> ENABLED <-> FILE-IDENTIFY SMI file download request (file-identify.rules) * 1:20225 <-> ENABLED <-> FILE-OTHER SMI file download request (file-other.rules) * 1:20260 <-> ENABLED <-> FILE-IDENTIFY Microsoft Client Agent Helper JAR file download request (file-identify.rules) * 1:20269 <-> ENABLED <-> FILE-IDENTIFY FON font file download request (file-identify.rules) * 1:20274 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP NetShareEnumAll request (netbios.rules) * 1:20282 <-> ENABLED <-> FILE-IDENTIFY S3M file download request (file-identify.rules) * 1:20287 <-> ENABLED <-> FILE-IDENTIFY QCP file download request (file-identify.rules) * 1:20450 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules) * 1:20451 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules) * 1:20453 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (file-identify.rules) * 1:20454 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (file-identify.rules) * 1:20455 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (file-identify.rules) * 1:20456 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules) * 1:20458 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (file-identify.rules) * 1:20459 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules) * 1:20460 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:20461 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (file-identify.rules) * 1:20462 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules) * 1:20463 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20464 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20465 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20466 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20467 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20468 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20469 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20471 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules) * 1:20472 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules) * 1:20474 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (file-identify.rules) * 1:20475 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules) * 1:20476 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules) * 1:20477 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules) * 1:20478 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules) * 1:20479 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (file-identify.rules) * 1:20480 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules) * 1:20481 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:20483 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:20484 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (file-identify.rules) * 1:20485 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules) * 1:20486 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules) * 1:20487 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (file-identify.rules) * 1:20488 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (file-identify.rules) * 1:20489 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules) * 1:20490 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (file-identify.rules) * 1:20491 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (file-identify.rules) * 1:20492 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules) * 1:20493 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules) * 1:20494 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules) * 1:20495 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20497 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20500 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20501 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20502 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20503 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20507 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20511 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules) * 1:20512 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules) * 1:20513 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules) * 1:20514 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules) * 1:20515 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (file-identify.rules) * 1:20516 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules) * 1:20518 <-> ENABLED <-> FILE-IDENTIFY rmf file download request (file-identify.rules) * 1:20519 <-> ENABLED <-> FILE-IDENTIFY vmd file download request (file-identify.rules) * 1:20520 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (file-identify.rules) * 1:20521 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules) * 1:20522 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules) * 1:20544 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player FLV file download request (file-identify.rules) * 1:20554 <-> ENABLED <-> PUA-OTHER Microsoft MSN Messenger and Windows Live Messenger Code Execution attempt (pua-other.rules) * 1:20563 <-> ENABLED <-> FILE-IDENTIFY amf file download request (file-identify.rules) * 1:20564 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules) * 1:20588 <-> ENABLED <-> FILE-IDENTIFY CDR file download request (file-identify.rules) * 1:20589 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (file-identify.rules) * 1:20621 <-> ENABLED <-> FILE-IDENTIFY JAR file download request (file-identify.rules) * 1:20723 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file download request (file-identify.rules) * 1:20733 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file download request (file-identify.rules) * 1:20750 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules) * 1:20751 <-> ENABLED <-> FILE-IDENTIFY webm file download request (file-identify.rules) * 1:20792 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:20793 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:20795 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules) * 1:20796 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules) * 1:20798 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20799 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20800 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules) * 1:20801 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules) * 1:20839 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file download request (file-identify.rules) * 1:20840 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file download request (file-identify.rules) * 1:20841 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file download request (file-identify.rules) * 1:20848 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules) * 1:20849 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules) * 1:20852 <-> ENABLED <-> FILE-IDENTIFY DAZ Studio script download request (file-identify.rules) * 1:20854 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules) * 1:20855 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules) * 1:20856 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules) * 1:20857 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules) * 1:20859 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya embedded language script download request (file-identify.rules) * 1:20860 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules) * 1:20869 <-> ENABLED <-> FILE-IDENTIFY Autodesk 3D Studio Maxscript download request (file-identify.rules) * 1:20871 <-> ENABLED <-> SERVER-WEBAPP Worldweaver DX Studio Player shell.execute command execution attempt (server-webapp.rules) * 1:20874 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup initialization packet (server-other.rules) * 1:20882 <-> ENABLED <-> FILE-OFFICE Microsoft Windows embedded packager object identifier (file-office.rules) * 1:20888 <-> ENABLED <-> FILE-IDENTIFY Video Spirit visprj download attempt (file-identify.rules) * 1:20893 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules) * 1:20894 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules) * 1:20895 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules) * 1:20896 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules) * 1:20897 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules) * 1:20898 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules) * 1:20899 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules) * 1:20905 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules) * 1:20906 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules) * 1:20907 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules) * 1:20908 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules) * 1:20909 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules) * 1:20910 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules) * 1:20911 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules) * 1:20912 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules) * 1:20913 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules) * 1:20914 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules) * 1:20915 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules) * 1:20916 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules) * 1:20917 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules) * 1:20918 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules) * 1:20924 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules) * 1:20925 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules) * 1:20926 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules) * 1:20928 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:20929 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules) * 1:20930 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules) * 1:20931 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules) * 1:20932 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules) * 1:20933 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules) * 1:20934 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules) * 1:20935 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules) * 1:20936 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules) * 1:20937 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20938 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20939 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20940 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20941 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20942 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20943 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20944 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20945 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20946 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20947 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20948 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20950 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20951 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20952 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20953 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20954 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20955 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20956 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20957 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20958 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20959 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20960 <-> ENABLED <-> FILE-IDENTIFY Flac file download request (file-identify.rules) * 1:20961 <-> ENABLED <-> FILE-IDENTIFY TTE file download request (file-identify.rules) * 1:20962 <-> ENABLED <-> FILE-IDENTIFY OTF file download request (file-identify.rules) * 1:20963 <-> ENABLED <-> FILE-IDENTIFY DIB file download request (file-identify.rules) * 1:20964 <-> ENABLED <-> FILE-IDENTIFY SAMI file download request (file-identify.rules) * 1:20965 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20966 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20967 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20968 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules) * 1:20969 <-> ENABLED <-> FILE-IDENTIFY M4A file download request (file-identify.rules) * 1:20970 <-> ENABLED <-> FILE-IDENTIFY M4P file download request (file-identify.rules) * 1:20971 <-> ENABLED <-> FILE-IDENTIFY M4R file download request (file-identify.rules) * 1:20972 <-> ENABLED <-> FILE-IDENTIFY M4V file magic request (file-identify.rules) * 1:20973 <-> ENABLED <-> FILE-IDENTIFY M4B file download request (file-identify.rules) * 1:20974 <-> ENABLED <-> FILE-IDENTIFY 3GP file download request (file-identify.rules) * 1:20975 <-> ENABLED <-> FILE-IDENTIFY 3G2 file download request (file-identify.rules) * 1:20976 <-> ENABLED <-> FILE-IDENTIFY K3G file download request (file-identify.rules) * 1:20977 <-> ENABLED <-> FILE-IDENTIFY SKM file download request (file-identify.rules) * 1:20978 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules) * 1:20979 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules) * 1:20980 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules) * 1:20981 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules) * 1:20982 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:20983 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:20986 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules) * 1:20987 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules) * 1:20991 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules) * 1:20992 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules) * 1:21005 <-> ENABLED <-> MALWARE-CNC Yang Pack yg.htm download request (malware-cnc.rules) * 1:21007 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules) * 1:21008 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file download request (file-identify.rules) * 1:21009 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules) * 1:21010 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules) * 1:21011 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:21012 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file download request (file-identify.rules) * 1:21013 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules) * 1:21014 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules) * 1:21015 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules) * 1:21016 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cyb file attachment detected (file-identify.rules) * 1:21017 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file attachment detected (file-identify.rules) * 1:21018 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file download request (file-identify.rules) * 1:21035 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules) * 1:21036 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules) * 1:21052 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file download request (file-identify.rules) * 1:21053 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules) * 1:21054 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules) * 1:21059 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules) * 1:21061 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21062 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21109 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file download request (file-identify.rules) * 1:21110 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules) * 1:21111 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules) * 1:21113 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules) * 1:21152 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules) * 1:21153 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules) * 1:21174 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer realtext file download request (file-identify.rules) * 1:21282 <-> ENABLED <-> FILE-IDENTIFY XSL file download request (file-identify.rules) * 1:21283 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules) * 1:21284 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules) * 1:21285 <-> ENABLED <-> FILE-IDENTIFY XSLT file download request (file-identify.rules) * 1:21286 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules) * 1:21287 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules) * 1:21288 <-> ENABLED <-> FILE-IDENTIFY XML download detected (file-identify.rules) * 1:21295 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules) * 1:21296 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules) * 1:21345 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar request (exploit-kit.rules) * 1:21347 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - .php?page= (exploit-kit.rules) * 1:21410 <-> ENABLED <-> FILE-IDENTIFY paq8o file download request (file-identify.rules) * 1:21411 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules) * 1:21412 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules) * 1:21432 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules) * 1:21433 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules) * 1:21434 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mentor variant outbound connection (malware-cnc.rules) * 1:21480 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:21498 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:21499 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules) * 1:21500 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules) * 1:21573 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file download request (file-identify.rules) * 1:21574 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules) * 1:21575 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules) * 1:21584 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file download request (file-identify.rules) * 1:21585 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules) * 1:21586 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules) * 1:21611 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules) * 1:21612 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules) * 1:21613 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules) * 1:21614 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules) * 1:21615 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules) * 1:21616 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules) * 1:21617 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules) * 1:21618 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules) * 1:21620 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules) * 1:21621 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules) * 1:21623 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules) * 1:21624 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules) * 1:21625 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules) * 1:21626 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules) * 1:21627 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules) * 1:21628 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules) * 1:21648 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21649 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21650 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules) * 1:21651 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21652 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21659 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page Requested - /Home/index.php (exploit-kit.rules) * 1:21660 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page Requested - /Index/index.php (exploit-kit.rules) * 1:21687 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules) * 1:21688 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules) * 1:21691 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules) * 1:21692 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules) * 1:21693 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules) * 1:21694 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules) * 1:21695 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules) * 1:21696 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules) * 1:21697 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules) * 1:21698 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules) * 1:21699 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules) * 1:21700 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules) * 1:21701 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:21702 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:21703 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21704 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21705 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:21706 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:21707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:21708 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:21709 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules) * 1:21710 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules) * 1:21711 <-> ENABLED <-> FILE-IDENTIFY PFA file download request (file-identify.rules) * 1:21712 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules) * 1:21713 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules) * 1:21714 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules) * 1:21715 <-> ENABLED <-> FILE-IDENTIFY PFB file download request (file-identify.rules) * 1:21716 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules) * 1:21717 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules) * 1:21718 <-> ENABLED <-> FILE-IDENTIFY PFM file download request (file-identify.rules) * 1:21719 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules) * 1:21720 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules) * 1:21721 <-> ENABLED <-> FILE-IDENTIFY AFM file download request (file-identify.rules) * 1:21722 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules) * 1:21723 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules) * 1:21724 <-> ENABLED <-> FILE-IDENTIFY ANI file download request (file-identify.rules) * 1:21725 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules) * 1:21726 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules) * 1:21727 <-> ENABLED <-> FILE-IDENTIFY ANI file magic detection (file-identify.rules) * 1:21728 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21729 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21730 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21731 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21732 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21733 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21734 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21735 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21736 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21737 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21738 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21739 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules) * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules) * 1:21742 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:21743 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:21744 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21745 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21746 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules) * 1:21747 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules) * 1:21748 <-> ENABLED <-> FILE-IDENTIFY HPJ file download request (file-identify.rules) * 1:21749 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules) * 1:21750 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules) * 1:21751 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules) * 1:21802 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file download request (file-identify.rules) * 1:21803 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules) * 1:21804 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules) * 1:21807 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file download request (file-identify.rules) * 1:21808 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules) * 1:21809 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules) * 1:21810 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules) * 1:21811 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file download request (file-identify.rules) * 1:21812 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules) * 1:21813 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules) * 1:21814 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules) * 1:21815 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules) * 1:21816 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules) * 1:21854 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules) * 1:21855 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules) * 1:21856 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:21857 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:21861 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules) * 1:21862 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules) * 1:21863 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules) * 1:21864 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules) * 1:21865 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21866 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21867 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21868 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21870 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules) * 1:21871 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules) * 1:21872 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules) * 1:21873 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules) * 1:21886 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules) * 1:21887 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules) * 1:21888 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules) * 1:21889 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules) * 1:21890 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21891 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21892 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21893 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21894 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules) * 1:21895 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules) * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21931 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules) * 1:21939 <-> ENABLED <-> PROTOCOL-TELNET RuggedCom telnet initial banner (protocol-telnet.rules) * 1:21999 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file magic detection (file-identify.rules) * 1:22013 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file download request (file-identify.rules) * 1:22014 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (file-identify.rules) * 1:22015 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (file-identify.rules) * 1:22016 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (file-identify.rules) * 1:22017 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file download request (file-identify.rules) * 1:22018 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (file-identify.rules) * 1:22019 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (file-identify.rules) * 1:22020 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (file-identify.rules) * 1:22021 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file download request (file-identify.rules) * 1:22022 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (file-identify.rules) * 1:22023 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (file-identify.rules) * 1:22024 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (file-identify.rules) * 1:22025 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file download request (file-identify.rules) * 1:22026 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (file-identify.rules) * 1:22027 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (file-identify.rules) * 1:22028 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (file-identify.rules) * 1:22043 <-> ENABLED <-> FILE-IDENTIFY XM file download request (file-identify.rules) * 1:22044 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (file-identify.rules) * 1:22045 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (file-identify.rules) * 1:22046 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (file-identify.rules) * 1:22082 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file download request (file-identify.rules) * 1:22083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file attachment detected (file-identify.rules) * 1:22084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file attachment detected (file-identify.rules) * 1:22943 <-> ENABLED <-> FILE-IDENTIFY NAB file download request (file-identify.rules) * 1:22944 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules) * 1:22945 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules) * 1:22946 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules) * 1:22955 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules) * 1:22956 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules) * 1:22961 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules) * 1:22962 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules) * 1:22963 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RMP file attachment detected (file-identify.rules) * 1:22964 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RMP file attachment detected (file-identify.rules) * 1:22965 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules) * 1:22966 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules) * 1:22967 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules) * 1:22968 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules) * 1:22969 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules) * 1:22970 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules) * 1:22971 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file attachment detected (file-identify.rules) * 1:22972 <-> ENABLED <-> FILE-IDENTIFY m3u playlist file file attachment detected (file-identify.rules) * 1:22973 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules) * 1:22974 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules) * 1:22975 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules) * 1:22976 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules) * 1:22977 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules) * 1:22978 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules) * 1:22979 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules) * 1:22980 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules) * 1:22981 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules) * 1:22982 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules) * 1:22983 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules) * 1:22984 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules) * 1:22985 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules) * 1:22986 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules) * 1:22987 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules) * 1:22988 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules) * 1:22989 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules) * 1:22990 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules) * 1:22991 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules) * 1:22992 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules) * 1:22993 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules) * 1:22994 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules) * 1:22995 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules) * 1:22996 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules) * 1:22997 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules) * 1:22998 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules) * 1:22999 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules) * 1:23000 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules) * 1:23001 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules) * 1:23002 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules) * 1:23003 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules) * 1:23011 <-> ENABLED <-> FILE-IDENTIFY Collada file download request (file-identify.rules) * 1:23012 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules) * 1:23013 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules) * 1:23167 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file download request (file-identify.rules) * 1:23168 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules) * 1:23169 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules) * 1:23188 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23189 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23190 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23191 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23192 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23193 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23194 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23195 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23196 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23197 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23198 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23199 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23200 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23201 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23202 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23205 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23206 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23207 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23208 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk Manager Interface initial banner (protocol-voip.rules) * 1:23224 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit landing page Requested - 8Digit.html (exploit-kit.rules) * 1:23319 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (file-identify.rules) * 1:23320 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (file-identify.rules) * 1:23321 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (file-identify.rules) * 1:23322 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (file-identify.rules) * 1:23347 <-> ENABLED <-> FILE-IDENTIFY Lotus file download request (file-identify.rules) * 1:23348 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules) * 1:23349 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules) * 1:23393 <-> ENABLED <-> SQL IBM SolidDB initial banner (sql.rules) * 1:23474 <-> ENABLED <-> FILE-IDENTIFY PLP file download request (file-identify.rules) * 1:23475 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (file-identify.rules) * 1:23476 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (file-identify.rules) * 1:23477 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (file-identify.rules) * 1:23486 <-> ENABLED <-> FILE-IDENTIFY JOB file download request (file-identify.rules) * 1:23487 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules) * 1:23488 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules) * 1:23496 <-> ENABLED <-> FILE-IDENTIFY CUR file download request (file-identify.rules) * 1:23497 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules) * 1:23498 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules) * 1:23605 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.xx - v2.xx file magic detected (file-identify.rules) * 1:23616 <-> ENABLED <-> APP-DETECT Amazon Kindle 3.0 User-Agent string requested (app-detect.rules) * 1:23637 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules) * 1:23638 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules) * 1:23639 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules) * 1:23640 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules) * 1:23642 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (file-identify.rules) * 1:23643 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (file-identify.rules) * 1:23644 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (file-identify.rules) * 1:23645 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules) * 1:23646 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (file-identify.rules) * 1:23647 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules) * 1:23648 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:23649 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (file-identify.rules) * 1:23650 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules) * 1:23651 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23652 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23653 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23654 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23655 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23656 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23657 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23658 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules) * 1:23659 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules) * 1:23660 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (file-identify.rules) * 1:23661 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules) * 1:23662 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules) * 1:23663 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules) * 1:23664 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules) * 1:23665 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (file-identify.rules) * 1:23666 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:23667 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:23668 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (file-identify.rules) * 1:23669 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules) * 1:23670 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules) * 1:23671 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (file-identify.rules) * 1:23672 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (file-identify.rules) * 1:23673 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules) * 1:23674 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (file-identify.rules) * 1:23675 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (file-identify.rules) * 1:23676 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules) * 1:23677 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules) * 1:23678 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules) * 1:23679 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23680 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23681 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23682 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23683 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23684 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23685 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23687 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23688 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules) * 1:23689 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules) * 1:23690 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules) * 1:23691 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules) * 1:23692 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (file-identify.rules) * 1:23693 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules) * 1:23694 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (file-identify.rules) * 1:23695 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules) * 1:23696 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules) * 1:23697 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules) * 1:23698 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules) * 1:23701 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules) * 1:23703 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules) * 1:23707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules) * 1:23709 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules) * 1:23710 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules) * 1:23711 <-> ENABLED <-> FILE-IDENTIFY OLE Document file magic detected (file-identify.rules) * 1:23712 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules) * 1:23720 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules) * 1:23721 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules) * 1:23723 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules) * 1:23724 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules) * 1:23725 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules) * 1:23726 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules) * 1:23727 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules) * 1:23728 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules) * 1:23729 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules) * 1:23730 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules) * 1:23731 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (file-identify.rules) * 1:23732 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player .asf file magic detected (file-identify.rules) * 1:23733 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules) * 1:23734 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules) * 1:23735 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules) * 1:23736 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules) * 1:23737 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:23738 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23739 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23740 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23741 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23742 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23743 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23744 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23745 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23746 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23747 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23748 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules) * 1:23749 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules) * 1:23750 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules) * 1:23751 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:23752 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules) * 1:23753 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules) * 1:23754 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules) * 1:23755 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules) * 1:23758 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:23759 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:23760 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules) * 1:23761 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules) * 1:23762 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules) * 1:23763 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules) * 1:23764 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules) * 1:23765 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules) * 1:23769 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (file-identify.rules) * 1:23770 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (file-identify.rules) * 1:23771 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (file-identify.rules) * 1:23772 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (file-identify.rules) * 1:23773 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (file-identify.rules) * 1:23774 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules) * 1:23775 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (file-identify.rules) * 1:23776 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (file-identify.rules) * 1:23777 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.xx - v2.xx file magic detected (file-identify.rules) * 1:23807 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23808 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23809 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23810 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23811 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23812 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23813 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23814 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23815 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23816 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23817 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23818 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23819 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23820 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23821 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23822 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules) * 1:23823 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules) * 1:23839 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules) * 1:23849 <-> ENABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules) * 1:23969 <-> ENABLED <-> OS-MOBILE Android SMSZombie APK file download (os-mobile.rules) * 1:24004 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:24005 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:24045 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file download request (file-identify.rules) * 1:24046 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (file-identify.rules) * 1:24047 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (file-identify.rules) * 1:24048 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file download request (file-identify.rules) * 1:24049 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (file-identify.rules) * 1:24050 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (file-identify.rules) * 1:24074 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules) * 1:24075 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules) * 1:24076 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules) * 1:24078 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules) * 1:24079 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules) * 1:24080 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:24081 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:24089 <-> ENABLED <-> OS-WINDOWS Microsoft WebDAV PROPFIND request (os-windows.rules) * 1:24100 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules) * 1:24101 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules) * 1:2419 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .ram playlist file download request (file-identify.rules) * 1:24190 <-> ENABLED <-> FILE-IDENTIFY X PixMap file magic detected (file-identify.rules) * 1:2420 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rmp playlist file download request (file-identify.rules) * 1:24206 <-> ENABLED <-> FILE-IDENTIFY LZH archive file magic detected (file-identify.rules) * 1:24213 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24218 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:24219 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:2422 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rt playlist file download request (file-identify.rules) * 1:2423 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rp playlist file download request (file-identify.rules) * 1:24284 <-> ENABLED <-> FILE-OFFICE Microsoft Office Drawing object code execution attempt (file-office.rules) * 1:24313 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent request attempt (server-webapp.rules) * 1:24359 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules) * 1:2436 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file download request (file-identify.rules) * 1:24406 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MiniFlame variant outbound connection (malware-cnc.rules) * 1:24407 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MiniFlame variant outbound connection (malware-cnc.rules) * 1:24412 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules) * 1:24413 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules) * 1:24453 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules) * 1:24454 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules) * 1:24455 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24456 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24457 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24458 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24459 <-> ENABLED <-> FILE-IDENTIFY PSD file download request (file-identify.rules) * 1:24460 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (file-identify.rules) * 1:24461 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (file-identify.rules) * 1:24462 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (file-identify.rules) * 1:24463 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:24464 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:24465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules) * 1:24466 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (file-identify.rules) * 1:24467 <-> ENABLED <-> FILE-IDENTIFY XCF file download request (file-identify.rules) * 1:24468 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (file-identify.rules) * 1:24469 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (file-identify.rules) * 1:24470 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (file-identify.rules) * 1:24471 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (file-identify.rules) * 1:24472 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules) * 1:24473 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules) * 1:24483 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:24484 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:24554 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules) * 1:24555 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules) * 1:24599 <-> ENABLED <-> FILE-IDENTIFY Alt-N MDaemon IMAP Server (file-identify.rules) * 1:24651 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file download request (file-identify.rules) * 1:24708 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file download request (file-identify.rules) * 1:24709 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules) * 1:24710 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules) * 1:24719 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP call state message offhook (protocol-voip.rules) * 1:24816 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24817 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24818 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules) * 1:24819 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules) * 1:24820 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file download request (file-identify.rules) * 1:24821 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules) * 1:24822 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules) * 1:24824 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file download request (file-identify.rules) * 1:24825 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules) * 1:24826 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules) * 1:24901 <-> ENABLED <-> FILE-IDENTIFY JNLP file download request (file-identify.rules) * 1:24902 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules) * 1:24903 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules) * 1:24972 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 find file and directory info request (netbios.rules) * 1:25014 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file magic detected (file-identify.rules) * 1:25032 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file download request (file-identify.rules) * 1:25033 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules) * 1:25034 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules) * 1:25041 <-> ENABLED <-> EXPLOIT-KIT Java User-Agent flowbit set (exploit-kit.rules) * 1:25062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (file-identify.rules) * 1:25305 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file magic detected (file-identify.rules) * 1:25306 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file download request (file-identify.rules) * 1:25307 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules) * 1:25308 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules) * 1:25373 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file download request (file-identify.rules) * 1:25374 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (file-identify.rules) * 1:25375 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (file-identify.rules) * 1:25516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (file-identify.rules) * 1:25517 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (file-identify.rules) * 1:25602 <-> ENABLED <-> SERVER-OTHER Sybase Open Server TDS login request (server-other.rules) * 1:25604 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file download request (file-identify.rules) * 1:25605 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (file-identify.rules) * 1:25606 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (file-identify.rules) * 1:25680 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player embedded compact font detected (file-identify.rules) * 1:25682 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player embedded compact font detected (file-identify.rules) * 1:25928 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25929 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25930 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25931 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25932 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25933 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25934 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25935 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25936 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25937 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25938 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25939 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25940 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25941 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25942 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25943 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53977 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules) * 1:53964 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784064-0 download attempt (malware-other.rules) * 1:53968 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules) * 1:53963 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784064-0 download attempt (malware-other.rules) * 1:53960 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif malicious outbound connection attempt - gravity generated detection (malware-other.rules) * 1:53975 <-> DISABLED <-> INDICATOR-COMPROMISE CobaltStrike multiple large DNS TXT query responses (indicator-compromise.rules) * 1:53978 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules) * 1:53983 <-> ENABLED <-> OS-WINDOWS Windows print spooler elevation of privilege attempt (os-windows.rules) * 1:53967 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules) * 1:53970 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules) * 1:53982 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Palevo-7785322-0 download attempt (malware-other.rules) * 1:53971 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andariel outbound connection attempt (malware-cnc.rules) * 1:53980 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-7784396-0 download attempt (malware-other.rules) * 1:53985 <-> ENABLED <-> INDICATOR-COMPROMISE msiexec.exe command execution over DNS attempt (indicator-compromise.rules) * 1:53973 <-> DISABLED <-> MALWARE-OTHER CobaltStrike powershell web delivery attempt (malware-other.rules) * 1:53966 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784063-0 download attempt (malware-other.rules) * 1:53961 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7783851-0 download attempt (malware-other.rules) * 1:53974 <-> DISABLED <-> MALWARE-OTHER CobaltStrike powershell web delivery attempt (malware-other.rules) * 1:53979 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-7784396-0 download attempt (malware-other.rules) * 1:53962 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7783851-0 download attempt (malware-other.rules) * 1:53981 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Palevo-7785322-0 download attempt (malware-other.rules) * 1:53972 <-> ENABLED <-> MALWARE-OTHER CobaltStrike beacon.dll DNS download attempt (malware-other.rules) * 1:53969 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules) * 1:53984 <-> DISABLED <-> OS-WINDOWS Windows print spooler elevation of privilege attempt (os-windows.rules) * 1:53976 <-> DISABLED <-> BROWSER-WEBKIT WebKit use-after-free remote code execution attempt (browser-webkit.rules) * 1:53965 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784063-0 download attempt (malware-other.rules)
* 1:51024 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:51994 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:51993 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:49519 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:50870 <-> ENABLED <-> APP-DETECT Quagga password challenge detected (app-detect.rules) * 1:53213 <-> ENABLED <-> PROTOCOL-OTHER MQTT Connect control packet detected (protocol-other.rules) * 1:49791 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49792 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49518 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49794 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49516 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:33640 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file download request (file-identify.rules) * 1:41081 <-> ENABLED <-> SERVER-OTHER Tarantool initial connection banner detected (server-other.rules) * 1:32877 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules) * 1:35248 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (file-identify.rules) * 1:40391 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file download request (file-identify.rules) * 1:32617 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (file-identify.rules) * 1:30014 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules) * 1:27277 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file download request (file-identify.rules) * 1:38291 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (file-identify.rules) * 1:29406 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules) * 1:32134 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules) * 1:32525 <-> ENABLED <-> BROWSER-OTHER FreeBSD tnftp client detected (browser-other.rules) * 1:42363 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:36711 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file attachment detected (file-identify.rules) * 1:49513 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:32618 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file download request (file-identify.rules) * 1:28508 <-> ENABLED <-> FILE-IDENTIFY Microsoft Write file download file attachment detected (file-identify.rules) * 1:40065 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NFS Server NULL pointer dereference denial-of-service attempt (os-windows.rules) * 1:38855 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (file-identify.rules) * 1:29386 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules) * 1:28898 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules) * 1:43363 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:35458 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules) * 1:38851 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file download request (file-identify.rules) * 1:28382 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index file download request (file-identify.rules) * 1:35979 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file download request (file-identify.rules) * 1:29275 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules) * 1:48554 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules) * 1:35455 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules) * 1:29614 <-> ENABLED <-> FILE-IDENTIFY XPS file download request (file-identify.rules) * 1:38863 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules) * 1:35456 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules) * 1:28384 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (file-identify.rules) * 1:42223 <-> ENABLED <-> FILE-IDENTIFY AOP file download request (file-identify.rules) * 1:40118 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file download request (file-identify.rules) * 1:42370 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:38854 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (file-identify.rules) * 1:35796 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (file-identify.rules) * 1:35250 <-> ENABLED <-> FILE-IDENTIFY GNI file magic detected (file-identify.rules) * 1:3139 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 attempt (netbios.rules) * 1:32135 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules) * 1:46367 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file download detected (file-identify.rules) * 1:37786 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules) * 1:38292 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (file-identify.rules) * 1:26061 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:42072 <-> DISABLED <-> SERVER-WEBAPP Aultware pwStore denial of service attempt (server-webapp.rules) * 1:32947 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file download request (file-identify.rules) * 1:42364 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:29612 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules) * 1:40020 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules) * 1:26062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:42256 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB anonymous user session setup request detected (os-windows.rules) * 1:29752 <-> ENABLED <-> SERVER-WEBAPP HP Intelligent Management Center SOM authentication bypass attempt (server-webapp.rules) * 1:34397 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download request (file-identify.rules) * 1:49515 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:29613 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules) * 1:40035 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules) * 1:44275 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:42367 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:40979 <-> ENABLED <-> FILE-IDENTIFY ico file download request (file-identify.rules) * 1:43080 <-> ENABLED <-> BROWSER-OTHER Foscam IP Camera User-Agent string detected (browser-other.rules) * 1:26063 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file download request (file-identify.rules) * 1:45515 <-> ENABLED <-> NETBIOS SMB SESSION_SETUP subcommand detected (netbios.rules) * 1:31676 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules) * 1:31871 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules) * 1:30015 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules) * 1:30016 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules) * 1:26064 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file attachment detected (file-identify.rules) * 1:34630 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules) * 1:30757 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:49497 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:31776 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31675 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules) * 1:40021 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules) * 1:44231 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word doc file attachment detected (file-identify.rules) * 1:29514 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules) * 1:42366 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:26514 <-> ENABLED <-> FILE-IDENTIFY maplet file download attempt (file-identify.rules) * 1:32380 <-> ENABLED <-> FILE-IDENTIFY dib file attachment detected (file-identify.rules) * 1:29008 <-> ENABLED <-> FILE-IDENTIFY XWD image file download request (file-identify.rules) * 1:35247 <-> ENABLED <-> FILE-IDENTIFY GNI file download request (file-identify.rules) * 1:31482 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:28507 <-> ENABLED <-> FILE-IDENTIFY Microsoft Write file download file attachment detected (file-identify.rules) * 1:28900 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules) * 1:42371 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:35433 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules) * 1:50875 <-> ENABLED <-> FILE-IDENTIFY Fax Cover Page file magic detected (file-identify.rules) * 1:28368 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules) * 1:42368 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:32378 <-> ENABLED <-> FILE-IDENTIFY bmp file attachment detected (file-identify.rules) * 1:40908 <-> ENABLED <-> SERVER-OTHER Foscam C1 backdoor account ftp login attempt (server-other.rules) * 1:28497 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file magic detected (file-identify.rules) * 1:46393 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file detected (file-identify.rules) * 1:40389 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (file-identify.rules) * 1:38852 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (file-identify.rules) * 1:29276 <-> ENABLED <-> FILE-IDENTIFY XFDL file download request (file-identify.rules) * 1:26494 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules) * 1:37418 <-> ENABLED <-> MALWARE-BACKDOOR Adzok RAT inbound connection (malware-backdoor.rules) * 1:3137 <-> ENABLED <-> NETBIOS SMB-DS Trans2 QUERY_FILE_INFO attempt (netbios.rules) * 1:36816 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 IAKERB outbound token detected (server-other.rules) * 1:40980 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules) * 1:49512 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:25944 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25945 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:49793 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:35432 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules) * 1:27276 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules) * 1:26065 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file attachment detected (file-identify.rules) * 1:35457 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules) * 1:46394 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file attachment detected (file-identify.rules) * 1:34631 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file download request (file-identify.rules) * 1:30760 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file download request (file-identify.rules) * 1:28899 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules) * 1:49517 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:44442 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (file-identify.rules) * 1:3140 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 andx attempt (netbios.rules) * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:30758 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:38864 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules) * 1:39776 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (file-identify.rules) * 1:43099 <-> ENABLED <-> SERVER-WEBAPP Simple SCADA web-socket connection initialization attempt (server-webapp.rules) * 1:26517 <-> ENABLED <-> FILE-IDENTIFY maplet bin file download attempt (file-identify.rules) * 1:36815 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO incoming token detected (server-other.rules) * 1:37788 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file download request (file-identify.rules) * 1:40387 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (file-identify.rules) * 1:33825 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules) * 1:28383 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (file-identify.rules) * 1:35852 <-> ENABLED <-> FILE-IDENTIFY JPEG file upload detected (file-identify.rules) * 1:28896 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file attachment detected (file-identify.rules) * 1:28571 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules) * 1:42369 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:29385 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules) * 1:32946 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (file-identify.rules) * 1:38862 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file download request (file-identify.rules) * 1:28897 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules) * 1:49495 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:32345 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules) * 1:28367 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules) * 1:30018 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file download request (file-identify.rules) * 1:28425 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules) * 1:48553 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file download request (file-identify.rules) * 1:40120 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file attachment detected (file-identify.rules) * 1:49520 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:52056 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules) * 1:51268 <-> ENABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 download load file attempt (file-other.rules) * 1:51992 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:29384 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file download request (file-identify.rules) * 1:50874 <-> ENABLED <-> FILE-IDENTIFY Fax Cover Page file magic detected (file-identify.rules) * 1:34396 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules) * 1:32878 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules) * 1:26083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:3141 <-> ENABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 attempt (netbios.rules) * 1:28369 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules) * 1:40119 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file attachment detected (file-identify.rules) * 1:32253 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file download request (file-identify.rules) * 1:33028 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file download request (file-identify.rules) * 1:35249 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (file-identify.rules) * 1:30972 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Silverlight landing page (exploit-kit.rules) * 1:26084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:30532 <-> ENABLED <-> FILE-MULTIMEDIA CoCSoft Stream Download session (file-multimedia.rules) * 1:31703 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:31591 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules) * 1:32880 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound payload request (exploit-kit.rules) * 1:38866 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules) * 1:40018 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules) * 1:37546 <-> ENABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager connection attempt (server-other.rules) * 1:42918 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:30969 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Internet Explorer landing page (exploit-kit.rules) * 1:40893 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (file-identify.rules) * 1:36748 <-> ENABLED <-> FILE-IDENTIFY TTF file attachment detected (file-identify.rules) * 1:33641 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (file-identify.rules) * 1:27542 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules) * 1:29162 <-> ENABLED <-> FILE-IDENTIFY CIS file download request (file-identify.rules) * 1:31773 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:29407 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file download request (file-identify.rules) * 1:27275 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules) * 1:42258 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:40390 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (file-identify.rules) * 1:38307 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (file-identify.rules) * 1:3142 <-> ENABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 andx attempt (netbios.rules) * 1:26085 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:35459 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file download request (file-identify.rules) * 1:34398 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download attempt (file-identify.rules) * 1:42259 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:26126 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file download request (file-identify.rules) * 1:35795 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (file-identify.rules) * 1:26515 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (file-identify.rules) * 1:31484 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:40891 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file download request (file-identify.rules) * 1:26644 <-> ENABLED <-> SERVER-OTHER SSL TLS DEFLATE compression detected (server-other.rules) * 1:33027 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules) * 1:26060 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules) * 1:26904 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (file-identify.rules) * 1:31775 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:38306 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (file-identify.rules) * 1:39777 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (file-identify.rules) * 1:49514 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:29274 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules) * 1:38461 <-> ENABLED <-> OS-WINDOWS DCERPC Bind auth level packet privacy connection detected (os-windows.rules) * 1:43003 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules) * 1:42260 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:32251 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules) * 1:26127 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules) * 1:37785 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules) * 1:26128 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules) * 1:26206 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file download request (file-identify.rules) * 1:29405 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules) * 1:28370 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules) * 1:43891 <-> ENABLED <-> MALWARE-OTHER Win.Malware.Emotet variant lateral propagation (malware-other.rules) * 1:3665 <-> ENABLED <-> SERVER-MYSQL server greeting (server-mysql.rules) * 1:42261 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (file-identify.rules) * 1:35980 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (file-identify.rules) * 1:26207 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (file-identify.rules) * 1:32165 <-> ENABLED <-> FILE-IDENTIFY SVG file magic detected (file-identify.rules) * 1:37787 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules) * 1:40892 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (file-identify.rules) * 1:26902 <-> ENABLED <-> FILE-IDENTIFY Android APK download request (file-identify.rules) * 1:33667 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (file-identify.rules) * 1:33666 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file download request (file-identify.rules) * 1:29007 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (file-identify.rules) * 1:28574 <-> ENABLED <-> FILE-IDENTIFY FDF file download request (file-identify.rules) * 1:26208 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (file-identify.rules) * 1:42332 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant ping command (malware-cnc.rules) * 1:31702 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:28573 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules) * 1:26251 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:26516 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (file-identify.rules) * 1:37784 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules) * 1:40017 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file download request (file-identify.rules) * 1:30759 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:28572 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules) * 1:31481 <-> ENABLED <-> SERVER-OTHER OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:40019 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules) * 1:27022 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules) * 1:27543 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules) * 1:32252 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules) * 1:3136 <-> ENABLED <-> NETBIOS SMB Trans2 QUERY_FILE_INFO andx attempt (netbios.rules) * 1:29439 <-> ENABLED <-> FILE-IDENTIFY MSI file download request (file-identify.rules) * 1:44030 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint ppt file attachment detected file attachment detected (file-identify.rules) * 1:35797 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file download request (file-identify.rules) * 1:48556 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules) * 1:3135 <-> ENABLED <-> NETBIOS SMB Trans2 QUERY_FILE_INFO attempt (netbios.rules) * 1:26429 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP malformed onStatus message type confusion attempt (file-flash.rules) * 1:26458 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file download request (file-identify.rules) * 1:42262 <-> ENABLED <-> FILE-IDENTIFY ISO file download request (file-identify.rules) * 1:28895 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules) * 1:34395 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules) * 1:3138 <-> ENABLED <-> NETBIOS SMB-DS Trans2 QUERY_FILE_INFO andx attempt (netbios.rules) * 1:35688 <-> ENABLED <-> PROTOCOL-OTHER MiniUPNP rootdesc.xml file request (protocol-other.rules) * 1:28610 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit exploit payload retreive attempt (exploit-kit.rules) * 1:39778 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file download request (file-identify.rules) * 1:44441 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (file-identify.rules) * 1:43002 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules) * 1:26465 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules) * 1:39903 <-> ENABLED <-> FILE-OFFICE Microsoft Windows RTF file with embedded object package SMTP upload attempt (file-office.rules) * 1:29006 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (file-identify.rules) * 1:26903 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (file-identify.rules) * 1:26466 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules) * 1:33642 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (file-identify.rules) * 1:26492 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file download request (file-identify.rules) * 1:40388 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (file-identify.rules) * 1:36058 <-> ENABLED <-> FILE-IDENTIFY OLE Document upload detected (file-identify.rules) * 1:32616 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (file-identify.rules) * 1:33221 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules) * 1:38853 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (file-identify.rules) * 1:3551 <-> ENABLED <-> FILE-IDENTIFY HTA file download request (file-identify.rules) * 1:36531 <-> ENABLED <-> FILE-IDENTIFY Oracle Java JMX management loading mlet detected (file-identify.rules) * 1:42365 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules) * 1:28570 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules) * 1:32005 <-> ENABLED <-> MALWARE-BACKDOOR AlienSpy RAT outbound connection (malware-backdoor.rules) * 1:31774 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:32945 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (file-identify.rules) * 1:31483 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:40036 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules) * 1:40981 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules) * 1:48555 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules) * 1:42257 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (file-identify.rules) * 1:33668 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (file-identify.rules) * 1:34629 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules) * 1:30756 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:38865 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules) * 1:30017 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules) * 1:4143 <-> ENABLED <-> SERVER-OTHER lpd receive printer job cascade adaptor protocol request (server-other.rules) * 1:33026 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules) * 1:43067 <-> ENABLED <-> PROTOCOL-IMAP IMAP CRAM-MD5 authentication attempt (protocol-imap.rules) * 1:28901 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file download request (file-identify.rules) * 1:27121 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules) * 1:35981 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (file-identify.rules) * 1:26059 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:43364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:28894 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules) * 1:26493 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules) * 1:44165 <-> ENABLED <-> SERVER-WEBAPP websocket protocol upgrade request detected (server-webapp.rules) * 1:26057 <-> ENABLED <-> FILE-IDENTIFY ZIP file download detected (file-identify.rules) * 1:10097 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules) * 1:10099 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules) * 1:26058 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:10103 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules) * 1:10104 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules) * 1:10110 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.1.2 runtime detection (malware-backdoor.rules) * 1:10450 <-> ENABLED <-> MALWARE-BACKDOOR only 1 rat runtime detection - control command (malware-backdoor.rules) * 1:10455 <-> ENABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (malware-backdoor.rules) * 1:10460 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - get system info (malware-backdoor.rules) * 1:10462 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - explorer (malware-backdoor.rules) * 1:11004 <-> ENABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication request detected (protocol-imap.rules) * 1:11322 <-> ENABLED <-> MALWARE-BACKDOOR sohoanywhere runtime detection (malware-backdoor.rules) * 1:11835 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules) * 1:11953 <-> ENABLED <-> MALWARE-BACKDOOR supervisor plus runtime detection (malware-backdoor.rules) * 1:12054 <-> ENABLED <-> MALWARE-BACKDOOR tron runtime detection - init connection - flowbit set (malware-backdoor.rules) * 1:12129 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - get sys info (malware-other.rules) * 1:12131 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - keylogging (malware-other.rules) * 1:12133 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - open url (malware-other.rules) * 1:12135 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - fun (malware-other.rules) * 1:12142 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - init connection (malware-backdoor.rules) * 1:12144 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - rpc setup (malware-backdoor.rules) * 1:12146 <-> ENABLED <-> MALWARE-BACKDOOR blue eye 1.0b runtime detection - init connection (malware-backdoor.rules) * 1:12148 <-> ENABLED <-> MALWARE-BACKDOOR back orifice 2006 - v1.1.5 runtime detection - init connection (malware-backdoor.rules) * 1:12150 <-> ENABLED <-> MALWARE-BACKDOOR cafeini 1.0 runtime detection - init connection (malware-backdoor.rules) * 1:12153 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules) * 1:12154 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules) * 1:12156 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules) * 1:12157 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules) * 1:12160 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules) * 1:12161 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules) * 1:12163 <-> ENABLED <-> MALWARE-BACKDOOR cobra uploader 1.0 runtime detection (malware-backdoor.rules) * 1:12182 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules) * 1:12233 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with no password (malware-backdoor.rules) * 1:12235 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with password (malware-backdoor.rules) * 1:12237 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - ftp (malware-backdoor.rules) * 1:12240 <-> ENABLED <-> MALWARE-BACKDOOR genie 1.7 runtime detection - init connection (malware-backdoor.rules) * 1:12242 <-> ENABLED <-> MALWARE-BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (malware-backdoor.rules) * 1:12283 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules) * 1:12297 <-> ENABLED <-> MALWARE-BACKDOOR bifrost v1.2.1 runtime detection (malware-backdoor.rules) * 1:12373 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - initial connection (malware-backdoor.rules) * 1:12375 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - login & remote control (malware-backdoor.rules) * 1:12377 <-> ENABLED <-> MALWARE-BACKDOOR shark 2.3.2 runtime detection (malware-backdoor.rules) * 1:12454 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules) * 1:12455 <-> ENABLED <-> FILE-IDENTIFY SAP Crystal Reports file download request (file-identify.rules) * 1:12699 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.3.0 runtime detection - init connection (malware-backdoor.rules) * 1:12724 <-> ENABLED <-> MALWARE-BACKDOOR dark moon 4.11 runtime detection (malware-backdoor.rules) * 1:12726 <-> ENABLED <-> MALWARE-BACKDOOR bandook 1.35 runtime detection (malware-backdoor.rules) * 1:12758 <-> ENABLED <-> MALWARE-OTHER Keylogger/RAT digi watcher 2.32 runtime detection (malware-other.rules) * 1:12760 <-> ENABLED <-> MALWARE-OTHER Keylogger powered Keylogger 2.2 runtime detection (malware-other.rules) * 1:12792 <-> ENABLED <-> MALWARE-OTHER Keylogger spy lantern Keylogger pro 6.0 runtime detection (malware-other.rules) * 1:12972 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player asf/wmv/wma file magic detected (file-identify.rules) * 1:13236 <-> ENABLED <-> MALWARE-OTHER Keylogger active Keylogger 3.9.2 runtime detection (malware-other.rules) * 1:13243 <-> ENABLED <-> MALWARE-OTHER Keylogger computer monitor 1.1 by lastcomfort runtime detection (malware-other.rules) * 1:13247 <-> ENABLED <-> MALWARE-BACKDOOR yuri 1.2 runtime detection - init connection (malware-backdoor.rules) * 1:13278 <-> ENABLED <-> MALWARE-OTHER Keylogger advanced spy 4.0 runtime detection (malware-other.rules) * 1:13280 <-> ENABLED <-> MALWARE-OTHER Keylogger email spy monitor 6.9 runtime detection (malware-other.rules) * 1:13346 <-> ENABLED <-> PUA-ADWARE Snoopware remote desktop inspector outbound connection - init connection (pua-adware.rules) * 1:13465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file download request (file-identify.rules) * 1:13479 <-> ENABLED <-> MALWARE-OTHER Keylogger findnot guarddog 4.0 runtime detection (malware-other.rules) * 1:13483 <-> ENABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - updates automatically (pua-toolbars.rules) * 1:13506 <-> ENABLED <-> MALWARE-BACKDOOR evilotus 1.3.2 runtime detection - init connection (malware-backdoor.rules) * 1:13515 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime user agent (file-multimedia.rules) * 1:13583 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file download request (file-identify.rules) * 1:13584 <-> ENABLED <-> FILE-IDENTIFY CSV file download request (file-identify.rules) * 1:13585 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules) * 1:13767 <-> ENABLED <-> MALWARE-OTHER Keylogger cyber sitter runtime detection (malware-other.rules) * 1:13797 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules) * 1:13801 <-> ENABLED <-> FILE-IDENTIFY RTF file download request (file-identify.rules) * 1:13898 <-> ENABLED <-> APP-DETECT Apple iTunes client request for server info (app-detect.rules) * 1:13915 <-> ENABLED <-> FILE-IDENTIFY BAK file download request (file-identify.rules) * 1:13938 <-> ENABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant outbound connection (pua-adware.rules) * 1:13943 <-> ENABLED <-> PUA-ADWARE Trickler dropper agent.rqg outbound connection (pua-adware.rules) * 1:13983 <-> ENABLED <-> FILE-IDENTIFY EPS file download request (file-identify.rules) * 1:14017 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file download request (file-identify.rules) * 1:14018 <-> ENABLED <-> FILE-IDENTIFY PLS multimedia playlist file download request (file-identify.rules) * 1:14264 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player playlist download (file-identify.rules) * 1:15013 <-> ENABLED <-> FILE-IDENTIFY PDF file download request (file-identify.rules) * 1:15079 <-> ENABLED <-> FILE-IDENTIFY WAV file download request (file-identify.rules) * 1:15158 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file download request (file-identify.rules) * 1:15237 <-> ENABLED <-> FILE-IDENTIFY Java .class file download request (file-identify.rules) * 1:15239 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules) * 1:15240 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules) * 1:15294 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file download request (file-identify.rules) * 1:15319 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules) * 1:15320 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules) * 1:15321 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules) * 1:15322 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules) * 1:15323 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules) * 1:15324 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules) * 1:15325 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules) * 1:15326 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules) * 1:15361 <-> ENABLED <-> FILE-PDF pdf file sent via email (file-pdf.rules) * 1:15385 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file download request (file-identify.rules) * 1:15426 <-> ENABLED <-> FILE-IDENTIFY MAKI file download request (file-identify.rules) * 1:15427 <-> ENABLED <-> FILE-IDENTIFY SVG file download request (file-identify.rules) * 1:15444 <-> ENABLED <-> FILE-IDENTIFY Core Audio Format file download request (file-identify.rules) * 1:15463 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:15464 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:15468 <-> ENABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat dll request (browser-ie.rules) * 1:15483 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:15516 <-> ENABLED <-> FILE-IDENTIFY AVI multimedia file download request (file-identify.rules) * 1:15518 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file download request (file-identify.rules) * 1:15582 <-> ENABLED <-> FILE-IDENTIFY ARJ format file download request (file-identify.rules) * 1:15586 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules) * 1:15587 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules) * 1:15865 <-> ENABLED <-> FILE-IDENTIFY MP4 file download request (file-identify.rules) * 1:15870 <-> ENABLED <-> FILE-IDENTIFY 4XM file download request (file-identify.rules) * 1:15900 <-> ENABLED <-> FILE-IDENTIFY Audio Interchange file download request (file-identify.rules) * 1:15921 <-> ENABLED <-> FILE-IDENTIFY Microsoft multimedia format file download request (file-identify.rules) * 1:15922 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules) * 1:15945 <-> ENABLED <-> FILE-IDENTIFY RSS file download request (file-identify.rules) * 1:15987 <-> ENABLED <-> FILE-IDENTIFY DXF file download request (file-identify.rules) * 1:16061 <-> ENABLED <-> FILE-IDENTIFY X PixMap file download request (file-identify.rules) * 1:16143 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules) * 1:16205 <-> ENABLED <-> FILE-IDENTIFY BMP file download request (file-identify.rules) * 1:16219 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules) * 1:16254 <-> ENABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (pua-adware.rules) * 1:16286 <-> ENABLED <-> FILE-IDENTIFY TrueType font file download request (file-identify.rules) * 1:16381 <-> ENABLED <-> NETBIOS SMB session negotiation request (netbios.rules) * 1:16406 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16407 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker project file download request (file-identify.rules) * 1:16474 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules) * 1:16476 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducer file download request (file-identify.rules) * 1:16477 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerZ file download request (file-identify.rules) * 1:16478 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerBF file download request (file-identify.rules) * 1:16529 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16538 <-> ENABLED <-> NETBIOS NT QUERY SECURITY DESC flowbit (netbios.rules) * 1:16556 <-> ENABLED <-> FILE-OTHER 2imaegshack/lmageshack IM worm get request attempt (file-other.rules) * 1:16594 <-> ENABLED <-> PROTOCOL-POP STAT command (protocol-pop.rules) * 1:16630 <-> ENABLED <-> FILE-IDENTIFY DAT file download request (file-identify.rules) * 1:16691 <-> ENABLED <-> FILE-IDENTIFY PLF playlist file download request (file-identify.rules) * 1:16742 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file download request (file-identify.rules) * 1:16754 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand andx create tree attempt (netbios.rules) * 1:16755 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand create tree attempt (netbios.rules) * 1:16756 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode andx create tree attempt (netbios.rules) * 1:16757 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode create tree attempt (netbios.rules) * 1:17116 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASX file download request (file-identify.rules) * 1:17151 <-> ENABLED <-> NETBIOS SMB negotiate protocol request - ascii strings (netbios.rules) * 1:17229 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules) * 1:17230 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules) * 1:17241 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media wmv file download request (file-identify.rules) * 1:17259 <-> ENABLED <-> FILE-IDENTIFY MOV file download request (file-identify.rules) * 1:17314 <-> ENABLED <-> FILE-IDENTIFY OLE document file magic detected (file-identify.rules) * 1:17327 <-> ENABLED <-> SERVER-MAIL Qualcomm WorldMail Server Response (server-mail.rules) * 1:17332 <-> ENABLED <-> SERVER-MAIL Content-Disposition attachment (server-mail.rules) * 1:17359 <-> ENABLED <-> FILE-IDENTIFY XBM image file download request (file-identify.rules) * 1:17364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Help Workshop CNT Help file download request (file-identify.rules) * 1:17370 <-> ENABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules) * 1:17380 <-> ENABLED <-> FILE-IDENTIFY PNG file download request (file-identify.rules) * 1:17394 <-> ENABLED <-> FILE-IDENTIFY GIF file download request (file-identify.rules) * 1:17396 <-> ENABLED <-> SERVER-OTHER VNC client authentication response (server-other.rules) * 1:17418 <-> ENABLED <-> SERVER-ORACLE Oracle connection established (server-oracle.rules) * 1:17426 <-> ENABLED <-> FILE-IDENTIFY RAT file download request (file-identify.rules) * 1:17441 <-> ENABLED <-> FILE-IDENTIFY LNK file download request (file-identify.rules) * 1:17447 <-> ENABLED <-> SERVER-WEBAPP 407 Proxy Authentication Required (server-webapp.rules) * 1:17508 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file download request (file-identify.rules) * 1:17509 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Manifest file download request (file-identify.rules) * 1:17534 <-> ENABLED <-> SERVER-OTHER IPP Application Content (server-other.rules) * 1:17540 <-> ENABLED <-> FILE-IDENTIFY LZH file download request (file-identify.rules) * 1:17547 <-> ENABLED <-> FILE-IDENTIFY SMIL file download request (file-identify.rules) * 1:17552 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file download request (file-identify.rules) * 1:17598 <-> ENABLED <-> SERVER-OTHER IBM DB2 Universal Database accsec command without rdbnam (server-other.rules) * 1:17600 <-> ENABLED <-> FILE-IDENTIFY XUL file download request (file-identify.rules) * 1:17679 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules) * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (file-identify.rules) * 1:17733 <-> ENABLED <-> FILE-IDENTIFY XML file download request (file-identify.rules) * 1:17739 <-> ENABLED <-> FILE-IDENTIFY FlashPix file download request (file-identify.rules) * 1:17745 <-> ENABLED <-> NETBIOS SMB TRANS2 Find_First2 request attempt (netbios.rules) * 1:17751 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file download request (file-identify.rules) * 1:17801 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules) * 1:17802 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules) * 1:17809 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime qt file download request (file-identify.rules) * 1:18234 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules) * 1:18273 <-> ENABLED <-> FILE-IDENTIFY BAT file download request (file-identify.rules) * 1:18274 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Mail file download request (file-identify.rules) * 1:18516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules) * 1:18593 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file download request (file-identify.rules) * 1:18675 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules) * 1:19128 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules) * 1:19129 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules) * 1:19166 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules) * 1:19190 <-> ENABLED <-> NETBIOS SMB-DS Trans2 Distributed File System GET_DFS_REFERRAL request (netbios.rules) * 1:19211 <-> ENABLED <-> FILE-IDENTIFY ZIP archive file download request (file-identify.rules) * 1:19215 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file download request (file-identify.rules) * 1:19218 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules) * 1:19224 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex wrf file download request (file-identify.rules) * 1:19252 <-> ENABLED <-> FILE-IDENTIFY language.engtesselate.ln file download request (file-identify.rules) * 1:19289 <-> ENABLED <-> FILE-IDENTIFY MHTML file download request (file-identify.rules) * 1:19299 <-> ENABLED <-> SERVER-OTHER banner.txt access - possible compromised multi-mesh injection server (server-other.rules) * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:19324 <-> ENABLED <-> MALWARE-OTHER Keylogger WL-Keylogger inbound connection (malware-other.rules) * 1:19326 <-> ENABLED <-> PUA-ADWARE Classroom Spy Professional outbound connection - initial connection (pua-adware.rules) * 1:19392 <-> ENABLED <-> MALWARE-OTHER Keylogger Monitor.win32.perflogger (malware-other.rules) * 1:19422 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules) * 1:19423 <-> ENABLED <-> FILE-IDENTIFY MKV file download request (file-identify.rules) * 1:19424 <-> ENABLED <-> FILE-IDENTIFY MKA file download request (file-identify.rules) * 1:19425 <-> ENABLED <-> FILE-IDENTIFY MKS file download request (file-identify.rules) * 1:19430 <-> ENABLED <-> FILE-IDENTIFY MIDI file download request (file-identify.rules) * 1:19816 <-> ENABLED <-> NETBIOS Juniper NeoterisSetupService named pipe access attempt (netbios.rules) * 1:19899 <-> ENABLED <-> MALWARE-OTHER Tong Keylogger outbound connectiooutbound connection (malware-other.rules) * 1:19907 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules) * 1:20032 <-> ENABLED <-> FILE-IDENTIFY MIME file type file download request (file-identify.rules) * 1:20223 <-> ENABLED <-> FILE-IDENTIFY SMI file download request (file-identify.rules) * 1:20225 <-> ENABLED <-> FILE-OTHER SMI file download request (file-other.rules) * 1:20260 <-> ENABLED <-> FILE-IDENTIFY Microsoft Client Agent Helper JAR file download request (file-identify.rules) * 1:20269 <-> ENABLED <-> FILE-IDENTIFY FON font file download request (file-identify.rules) * 1:20274 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP NetShareEnumAll request (netbios.rules) * 1:20282 <-> ENABLED <-> FILE-IDENTIFY S3M file download request (file-identify.rules) * 1:20287 <-> ENABLED <-> FILE-IDENTIFY QCP file download request (file-identify.rules) * 1:20450 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules) * 1:20451 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules) * 1:20453 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (file-identify.rules) * 1:20454 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (file-identify.rules) * 1:20455 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (file-identify.rules) * 1:20456 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules) * 1:20458 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (file-identify.rules) * 1:20459 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules) * 1:20460 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:20461 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (file-identify.rules) * 1:20462 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules) * 1:20463 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20464 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20465 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20466 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20467 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20468 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20469 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20471 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules) * 1:20472 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules) * 1:20474 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (file-identify.rules) * 1:20475 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules) * 1:20476 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules) * 1:20477 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules) * 1:20478 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules) * 1:20479 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (file-identify.rules) * 1:20480 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules) * 1:20481 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:20483 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:20484 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (file-identify.rules) * 1:20485 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules) * 1:20486 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules) * 1:20487 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (file-identify.rules) * 1:20488 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (file-identify.rules) * 1:20489 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules) * 1:20490 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (file-identify.rules) * 1:20491 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (file-identify.rules) * 1:20492 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules) * 1:20493 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules) * 1:20494 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules) * 1:20495 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20497 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20500 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20501 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20502 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20503 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20507 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20511 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules) * 1:20512 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules) * 1:20513 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules) * 1:20514 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules) * 1:20515 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (file-identify.rules) * 1:20516 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules) * 1:20518 <-> ENABLED <-> FILE-IDENTIFY rmf file download request (file-identify.rules) * 1:20519 <-> ENABLED <-> FILE-IDENTIFY vmd file download request (file-identify.rules) * 1:20520 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (file-identify.rules) * 1:20521 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules) * 1:20522 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules) * 1:20544 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player FLV file download request (file-identify.rules) * 1:20554 <-> ENABLED <-> PUA-OTHER Microsoft MSN Messenger and Windows Live Messenger Code Execution attempt (pua-other.rules) * 1:20563 <-> ENABLED <-> FILE-IDENTIFY amf file download request (file-identify.rules) * 1:20564 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules) * 1:20588 <-> ENABLED <-> FILE-IDENTIFY CDR file download request (file-identify.rules) * 1:20589 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (file-identify.rules) * 1:20621 <-> ENABLED <-> FILE-IDENTIFY JAR file download request (file-identify.rules) * 1:20723 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file download request (file-identify.rules) * 1:20733 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file download request (file-identify.rules) * 1:20750 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules) * 1:20751 <-> ENABLED <-> FILE-IDENTIFY webm file download request (file-identify.rules) * 1:20792 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:20793 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:20795 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules) * 1:20796 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules) * 1:20798 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20799 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20800 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules) * 1:20801 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules) * 1:20839 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file download request (file-identify.rules) * 1:20840 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file download request (file-identify.rules) * 1:20841 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file download request (file-identify.rules) * 1:20848 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules) * 1:20849 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules) * 1:20852 <-> ENABLED <-> FILE-IDENTIFY DAZ Studio script download request (file-identify.rules) * 1:20854 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules) * 1:20855 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules) * 1:20856 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules) * 1:20857 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules) * 1:20859 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya embedded language script download request (file-identify.rules) * 1:20860 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules) * 1:20869 <-> ENABLED <-> FILE-IDENTIFY Autodesk 3D Studio Maxscript download request (file-identify.rules) * 1:20871 <-> ENABLED <-> SERVER-WEBAPP Worldweaver DX Studio Player shell.execute command execution attempt (server-webapp.rules) * 1:20874 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup initialization packet (server-other.rules) * 1:20882 <-> ENABLED <-> FILE-OFFICE Microsoft Windows embedded packager object identifier (file-office.rules) * 1:20888 <-> ENABLED <-> FILE-IDENTIFY Video Spirit visprj download attempt (file-identify.rules) * 1:20893 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules) * 1:20894 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules) * 1:20895 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules) * 1:20896 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules) * 1:20897 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules) * 1:20898 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules) * 1:20899 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules) * 1:20905 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules) * 1:20906 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules) * 1:20907 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules) * 1:20908 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules) * 1:20909 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules) * 1:20910 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules) * 1:20911 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules) * 1:20912 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules) * 1:20913 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules) * 1:20914 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules) * 1:20915 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules) * 1:20916 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules) * 1:20917 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules) * 1:20918 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules) * 1:20924 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules) * 1:20925 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules) * 1:20926 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules) * 1:20928 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:20929 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules) * 1:20930 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules) * 1:20931 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules) * 1:20932 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules) * 1:20933 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules) * 1:20934 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules) * 1:20935 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules) * 1:20936 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules) * 1:20937 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20938 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20939 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20940 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20941 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20942 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20943 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20944 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20945 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20946 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20947 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20948 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20950 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20951 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20952 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20953 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20954 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20955 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20956 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20957 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20958 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20959 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20960 <-> ENABLED <-> FILE-IDENTIFY Flac file download request (file-identify.rules) * 1:20961 <-> ENABLED <-> FILE-IDENTIFY TTE file download request (file-identify.rules) * 1:20962 <-> ENABLED <-> FILE-IDENTIFY OTF file download request (file-identify.rules) * 1:20963 <-> ENABLED <-> FILE-IDENTIFY DIB file download request (file-identify.rules) * 1:20964 <-> ENABLED <-> FILE-IDENTIFY SAMI file download request (file-identify.rules) * 1:20965 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20966 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20967 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20968 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules) * 1:20969 <-> ENABLED <-> FILE-IDENTIFY M4A file download request (file-identify.rules) * 1:20970 <-> ENABLED <-> FILE-IDENTIFY M4P file download request (file-identify.rules) * 1:20971 <-> ENABLED <-> FILE-IDENTIFY M4R file download request (file-identify.rules) * 1:20972 <-> ENABLED <-> FILE-IDENTIFY M4V file magic request (file-identify.rules) * 1:20973 <-> ENABLED <-> FILE-IDENTIFY M4B file download request (file-identify.rules) * 1:20974 <-> ENABLED <-> FILE-IDENTIFY 3GP file download request (file-identify.rules) * 1:20975 <-> ENABLED <-> FILE-IDENTIFY 3G2 file download request (file-identify.rules) * 1:20976 <-> ENABLED <-> FILE-IDENTIFY K3G file download request (file-identify.rules) * 1:20977 <-> ENABLED <-> FILE-IDENTIFY SKM file download request (file-identify.rules) * 1:20978 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules) * 1:20979 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules) * 1:20980 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules) * 1:20981 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules) * 1:20982 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:20983 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:20986 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules) * 1:20987 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules) * 1:20991 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules) * 1:20992 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules) * 1:21005 <-> ENABLED <-> MALWARE-CNC Yang Pack yg.htm download request (malware-cnc.rules) * 1:21007 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules) * 1:21008 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file download request (file-identify.rules) * 1:21009 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules) * 1:21010 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules) * 1:21011 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:21012 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file download request (file-identify.rules) * 1:21013 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules) * 1:21014 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules) * 1:21015 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules) * 1:21016 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cyb file attachment detected (file-identify.rules) * 1:21017 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file attachment detected (file-identify.rules) * 1:21018 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file download request (file-identify.rules) * 1:21035 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules) * 1:21036 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules) * 1:21052 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file download request (file-identify.rules) * 1:21053 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules) * 1:21054 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules) * 1:21059 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules) * 1:21061 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21062 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21109 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file download request (file-identify.rules) * 1:21110 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules) * 1:21111 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules) * 1:21113 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules) * 1:21152 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules) * 1:21153 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules) * 1:21174 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer realtext file download request (file-identify.rules) * 1:21282 <-> ENABLED <-> FILE-IDENTIFY XSL file download request (file-identify.rules) * 1:21283 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules) * 1:21284 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules) * 1:21285 <-> ENABLED <-> FILE-IDENTIFY XSLT file download request (file-identify.rules) * 1:21286 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules) * 1:21287 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules) * 1:21288 <-> ENABLED <-> FILE-IDENTIFY XML download detected (file-identify.rules) * 1:21295 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules) * 1:21296 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules) * 1:21345 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar request (exploit-kit.rules) * 1:21347 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - .php?page= (exploit-kit.rules) * 1:21410 <-> ENABLED <-> FILE-IDENTIFY paq8o file download request (file-identify.rules) * 1:21411 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules) * 1:21412 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules) * 1:21432 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules) * 1:21433 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules) * 1:21434 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mentor variant outbound connection (malware-cnc.rules) * 1:21480 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:21498 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:21499 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules) * 1:21500 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules) * 1:21573 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file download request (file-identify.rules) * 1:21574 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules) * 1:21575 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules) * 1:21584 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file download request (file-identify.rules) * 1:21585 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules) * 1:21586 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules) * 1:21611 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules) * 1:21612 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules) * 1:21613 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules) * 1:21614 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules) * 1:21615 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules) * 1:21616 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules) * 1:21617 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules) * 1:21618 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules) * 1:21620 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules) * 1:21621 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules) * 1:21623 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules) * 1:21624 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules) * 1:21625 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules) * 1:21626 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules) * 1:21627 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules) * 1:21628 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules) * 1:21648 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21649 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21650 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules) * 1:21651 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21652 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21659 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page Requested - /Home/index.php (exploit-kit.rules) * 1:21660 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page Requested - /Index/index.php (exploit-kit.rules) * 1:21687 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules) * 1:21688 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules) * 1:21691 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules) * 1:21692 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules) * 1:21693 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules) * 1:21694 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules) * 1:21695 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules) * 1:21696 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules) * 1:21697 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules) * 1:21698 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules) * 1:21699 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules) * 1:21700 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules) * 1:21701 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:21702 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:21703 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21704 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21705 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:21706 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:21707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:21708 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:21709 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules) * 1:21710 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules) * 1:21711 <-> ENABLED <-> FILE-IDENTIFY PFA file download request (file-identify.rules) * 1:21712 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules) * 1:21713 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules) * 1:21714 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules) * 1:21715 <-> ENABLED <-> FILE-IDENTIFY PFB file download request (file-identify.rules) * 1:21716 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules) * 1:21717 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules) * 1:21718 <-> ENABLED <-> FILE-IDENTIFY PFM file download request (file-identify.rules) * 1:21719 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules) * 1:21720 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules) * 1:21721 <-> ENABLED <-> FILE-IDENTIFY AFM file download request (file-identify.rules) * 1:21722 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules) * 1:21723 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules) * 1:21724 <-> ENABLED <-> FILE-IDENTIFY ANI file download request (file-identify.rules) * 1:21725 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules) * 1:21726 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules) * 1:21727 <-> ENABLED <-> FILE-IDENTIFY ANI file magic detection (file-identify.rules) * 1:21728 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21729 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21730 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21731 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21732 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21733 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21734 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21735 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21736 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21737 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21738 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21739 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules) * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules) * 1:21742 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:21743 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:21744 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21745 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21746 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules) * 1:21747 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules) * 1:21748 <-> ENABLED <-> FILE-IDENTIFY HPJ file download request (file-identify.rules) * 1:21749 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules) * 1:21750 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules) * 1:21751 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules) * 1:21802 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file download request (file-identify.rules) * 1:21803 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules) * 1:21804 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules) * 1:21807 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file download request (file-identify.rules) * 1:21808 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules) * 1:21809 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules) * 1:21810 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules) * 1:21811 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file download request (file-identify.rules) * 1:21812 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules) * 1:21813 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules) * 1:21814 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules) * 1:21815 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules) * 1:21816 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules) * 1:21854 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules) * 1:21855 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules) * 1:21856 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:21857 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:21861 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules) * 1:21862 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules) * 1:21863 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules) * 1:21864 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules) * 1:21865 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21866 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21867 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21868 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21870 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules) * 1:21871 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules) * 1:21872 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules) * 1:21873 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules) * 1:21886 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules) * 1:21887 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules) * 1:21888 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules) * 1:21889 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules) * 1:21890 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21891 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21892 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21893 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21894 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules) * 1:21895 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules) * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21931 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules) * 1:21939 <-> ENABLED <-> PROTOCOL-TELNET RuggedCom telnet initial banner (protocol-telnet.rules) * 1:21999 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file magic detection (file-identify.rules) * 1:22013 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file download request (file-identify.rules) * 1:22014 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (file-identify.rules) * 1:22015 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (file-identify.rules) * 1:22016 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (file-identify.rules) * 1:22017 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file download request (file-identify.rules) * 1:22018 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (file-identify.rules) * 1:22019 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (file-identify.rules) * 1:22020 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (file-identify.rules) * 1:22021 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file download request (file-identify.rules) * 1:22022 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (file-identify.rules) * 1:22023 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (file-identify.rules) * 1:22024 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (file-identify.rules) * 1:22025 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file download request (file-identify.rules) * 1:22026 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (file-identify.rules) * 1:22027 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (file-identify.rules) * 1:22028 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (file-identify.rules) * 1:22043 <-> ENABLED <-> FILE-IDENTIFY XM file download request (file-identify.rules) * 1:22044 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (file-identify.rules) * 1:22045 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (file-identify.rules) * 1:22046 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (file-identify.rules) * 1:22082 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file download request (file-identify.rules) * 1:22083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file attachment detected (file-identify.rules) * 1:22084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file attachment detected (file-identify.rules) * 1:22943 <-> ENABLED <-> FILE-IDENTIFY NAB file download request (file-identify.rules) * 1:22944 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules) * 1:22945 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules) * 1:22946 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules) * 1:22955 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules) * 1:22956 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules) * 1:22961 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules) * 1:22962 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules) * 1:22963 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RMP file attachment detected (file-identify.rules) * 1:22964 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RMP file attachment detected (file-identify.rules) * 1:22965 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules) * 1:22966 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules) * 1:22967 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules) * 1:22968 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules) * 1:22969 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules) * 1:22970 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules) * 1:22971 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file attachment detected (file-identify.rules) * 1:22972 <-> ENABLED <-> FILE-IDENTIFY m3u playlist file file attachment detected (file-identify.rules) * 1:22973 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules) * 1:22974 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules) * 1:22975 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules) * 1:22976 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules) * 1:22977 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules) * 1:22978 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules) * 1:22979 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules) * 1:22980 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules) * 1:22981 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules) * 1:22982 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules) * 1:22983 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules) * 1:22984 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules) * 1:22985 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules) * 1:22986 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules) * 1:22987 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules) * 1:22988 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules) * 1:22989 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules) * 1:22990 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules) * 1:22991 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules) * 1:22992 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules) * 1:22993 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules) * 1:22994 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules) * 1:22995 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules) * 1:22996 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules) * 1:22997 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules) * 1:22998 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules) * 1:22999 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules) * 1:23000 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules) * 1:23001 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules) * 1:23002 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules) * 1:23003 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules) * 1:23011 <-> ENABLED <-> FILE-IDENTIFY Collada file download request (file-identify.rules) * 1:23012 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules) * 1:23013 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules) * 1:23167 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file download request (file-identify.rules) * 1:23168 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules) * 1:23169 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules) * 1:23188 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23189 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23190 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23191 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23192 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23193 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23194 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23195 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23196 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23197 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23198 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23199 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23200 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23201 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23202 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23205 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23206 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23207 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23208 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk Manager Interface initial banner (protocol-voip.rules) * 1:23224 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit landing page Requested - 8Digit.html (exploit-kit.rules) * 1:23319 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (file-identify.rules) * 1:23320 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (file-identify.rules) * 1:23321 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (file-identify.rules) * 1:23322 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (file-identify.rules) * 1:23347 <-> ENABLED <-> FILE-IDENTIFY Lotus file download request (file-identify.rules) * 1:23348 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules) * 1:23349 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules) * 1:23393 <-> ENABLED <-> SQL IBM SolidDB initial banner (sql.rules) * 1:23474 <-> ENABLED <-> FILE-IDENTIFY PLP file download request (file-identify.rules) * 1:23475 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (file-identify.rules) * 1:23476 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (file-identify.rules) * 1:23477 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (file-identify.rules) * 1:23486 <-> ENABLED <-> FILE-IDENTIFY JOB file download request (file-identify.rules) * 1:23487 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules) * 1:23488 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules) * 1:23496 <-> ENABLED <-> FILE-IDENTIFY CUR file download request (file-identify.rules) * 1:23497 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules) * 1:23498 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules) * 1:23605 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.xx - v2.xx file magic detected (file-identify.rules) * 1:23616 <-> ENABLED <-> APP-DETECT Amazon Kindle 3.0 User-Agent string requested (app-detect.rules) * 1:23637 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules) * 1:23638 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules) * 1:23639 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules) * 1:23640 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules) * 1:23642 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (file-identify.rules) * 1:23643 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (file-identify.rules) * 1:23644 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (file-identify.rules) * 1:23645 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules) * 1:23646 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (file-identify.rules) * 1:23647 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules) * 1:23648 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:23649 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (file-identify.rules) * 1:23650 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules) * 1:23651 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23652 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23653 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23654 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23655 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23656 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23657 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23658 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules) * 1:23659 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules) * 1:23660 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (file-identify.rules) * 1:23661 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules) * 1:23662 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules) * 1:23663 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules) * 1:23664 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules) * 1:23665 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (file-identify.rules) * 1:23666 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:23667 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:23668 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (file-identify.rules) * 1:23669 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules) * 1:23670 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules) * 1:23671 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (file-identify.rules) * 1:23672 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (file-identify.rules) * 1:23673 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules) * 1:23674 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (file-identify.rules) * 1:23675 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (file-identify.rules) * 1:23676 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules) * 1:23677 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules) * 1:23678 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules) * 1:23679 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23680 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23681 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23682 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23683 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23684 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23685 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23687 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23688 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules) * 1:23689 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules) * 1:23690 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules) * 1:23691 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules) * 1:23692 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (file-identify.rules) * 1:23693 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules) * 1:23694 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (file-identify.rules) * 1:23695 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules) * 1:23696 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules) * 1:23697 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules) * 1:23698 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules) * 1:23701 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules) * 1:23703 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules) * 1:23707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules) * 1:23709 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules) * 1:23710 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules) * 1:23711 <-> ENABLED <-> FILE-IDENTIFY OLE Document file magic detected (file-identify.rules) * 1:23712 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules) * 1:23720 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules) * 1:23721 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules) * 1:23723 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules) * 1:23724 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules) * 1:23725 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules) * 1:23726 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules) * 1:23727 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules) * 1:23728 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules) * 1:23729 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules) * 1:23730 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules) * 1:23731 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (file-identify.rules) * 1:23732 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player .asf file magic detected (file-identify.rules) * 1:23733 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules) * 1:23734 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules) * 1:23735 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules) * 1:23736 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules) * 1:23737 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:23738 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23739 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23740 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23741 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23742 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23743 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23744 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23745 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23746 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23747 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23748 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules) * 1:23749 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules) * 1:23750 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules) * 1:23751 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:23752 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules) * 1:23753 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules) * 1:23754 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules) * 1:23755 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules) * 1:23758 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:23759 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:23760 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules) * 1:23761 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules) * 1:23762 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules) * 1:23763 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules) * 1:23764 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules) * 1:23765 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules) * 1:23769 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (file-identify.rules) * 1:23770 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (file-identify.rules) * 1:23771 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (file-identify.rules) * 1:23772 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (file-identify.rules) * 1:23773 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (file-identify.rules) * 1:23774 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules) * 1:23775 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (file-identify.rules) * 1:23776 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (file-identify.rules) * 1:23777 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.xx - v2.xx file magic detected (file-identify.rules) * 1:23807 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23808 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23809 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23810 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23811 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23812 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23813 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23814 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23815 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23816 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23817 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23818 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23819 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23820 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23821 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23822 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules) * 1:23823 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules) * 1:23839 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules) * 1:23849 <-> ENABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules) * 1:23969 <-> ENABLED <-> OS-MOBILE Android SMSZombie APK file download (os-mobile.rules) * 1:24004 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:24005 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:24045 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file download request (file-identify.rules) * 1:24046 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (file-identify.rules) * 1:24047 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (file-identify.rules) * 1:24048 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file download request (file-identify.rules) * 1:24049 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (file-identify.rules) * 1:24050 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (file-identify.rules) * 1:24074 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules) * 1:24075 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules) * 1:24076 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules) * 1:24078 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules) * 1:24079 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules) * 1:24080 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:24081 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:24089 <-> ENABLED <-> OS-WINDOWS Microsoft WebDAV PROPFIND request (os-windows.rules) * 1:24100 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules) * 1:24101 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules) * 1:2419 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .ram playlist file download request (file-identify.rules) * 1:24190 <-> ENABLED <-> FILE-IDENTIFY X PixMap file magic detected (file-identify.rules) * 1:2420 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rmp playlist file download request (file-identify.rules) * 1:24206 <-> ENABLED <-> FILE-IDENTIFY LZH archive file magic detected (file-identify.rules) * 1:24213 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24218 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:24219 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:2422 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rt playlist file download request (file-identify.rules) * 1:2423 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rp playlist file download request (file-identify.rules) * 1:24284 <-> ENABLED <-> FILE-OFFICE Microsoft Office Drawing object code execution attempt (file-office.rules) * 1:24313 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent request attempt (server-webapp.rules) * 1:24359 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules) * 1:2436 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file download request (file-identify.rules) * 1:24406 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MiniFlame variant outbound connection (malware-cnc.rules) * 1:24407 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MiniFlame variant outbound connection (malware-cnc.rules) * 1:24412 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules) * 1:24413 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules) * 1:24453 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules) * 1:24454 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules) * 1:24455 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24456 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24457 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24458 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24459 <-> ENABLED <-> FILE-IDENTIFY PSD file download request (file-identify.rules) * 1:24460 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (file-identify.rules) * 1:24461 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (file-identify.rules) * 1:24462 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (file-identify.rules) * 1:24463 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:24464 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:24465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules) * 1:24466 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (file-identify.rules) * 1:24467 <-> ENABLED <-> FILE-IDENTIFY XCF file download request (file-identify.rules) * 1:24468 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (file-identify.rules) * 1:24469 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (file-identify.rules) * 1:24470 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (file-identify.rules) * 1:24471 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (file-identify.rules) * 1:24472 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules) * 1:24473 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules) * 1:24483 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:24484 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:24554 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules) * 1:24555 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules) * 1:24599 <-> ENABLED <-> FILE-IDENTIFY Alt-N MDaemon IMAP Server (file-identify.rules) * 1:24651 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file download request (file-identify.rules) * 1:24708 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file download request (file-identify.rules) * 1:24709 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules) * 1:24710 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules) * 1:24719 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP call state message offhook (protocol-voip.rules) * 1:24816 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24817 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24818 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules) * 1:24819 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules) * 1:24820 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file download request (file-identify.rules) * 1:24821 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules) * 1:24822 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules) * 1:24824 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file download request (file-identify.rules) * 1:24825 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules) * 1:24826 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules) * 1:24901 <-> ENABLED <-> FILE-IDENTIFY JNLP file download request (file-identify.rules) * 1:24902 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules) * 1:24903 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules) * 1:24972 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 find file and directory info request (netbios.rules) * 1:25014 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file magic detected (file-identify.rules) * 1:25032 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file download request (file-identify.rules) * 1:25033 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules) * 1:25034 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules) * 1:25041 <-> ENABLED <-> EXPLOIT-KIT Java User-Agent flowbit set (exploit-kit.rules) * 1:25062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (file-identify.rules) * 1:25305 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file magic detected (file-identify.rules) * 1:25306 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file download request (file-identify.rules) * 1:25307 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules) * 1:25308 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules) * 1:25373 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file download request (file-identify.rules) * 1:25374 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (file-identify.rules) * 1:25375 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (file-identify.rules) * 1:25516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (file-identify.rules) * 1:25517 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (file-identify.rules) * 1:25602 <-> ENABLED <-> SERVER-OTHER Sybase Open Server TDS login request (server-other.rules) * 1:25604 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file download request (file-identify.rules) * 1:25605 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (file-identify.rules) * 1:25606 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (file-identify.rules) * 1:25680 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player embedded compact font detected (file-identify.rules) * 1:25682 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player embedded compact font detected (file-identify.rules) * 1:25928 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25929 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25930 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25931 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25932 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25933 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25934 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25935 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25936 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25937 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25938 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25939 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25940 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25941 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25942 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25943 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:53861 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Astaroth outbound beacon (malware-cnc.rules) * 1:6010 <-> ENABLED <-> SERVER-OTHER VERITAS NetBackup vnetd connection attempt (server-other.rules) * 1:6469 <-> ENABLED <-> SERVER-OTHER RealVNC connection attempt (server-other.rules) * 1:6472 <-> ENABLED <-> MALWARE-BACKDOOR bugs runtime detection - file manager client-to-server (malware-backdoor.rules) * 1:7106 <-> ENABLED <-> MALWARE-BACKDOOR girlfriend runtime detection (malware-backdoor.rules) * 1:7111 <-> ENABLED <-> MALWARE-BACKDOOR fearless lite 1.01 runtime detection (malware-backdoor.rules) * 1:7506 <-> ENABLED <-> MALWARE-TOOLS Hacker-Tool coma runtime detection - init connection - flowbit set (malware-tools.rules) * 1:7641 <-> ENABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client-to-server (malware-backdoor.rules) * 1:8355 <-> ENABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection (malware-other.rules) * 1:8445 <-> ENABLED <-> FILE-OFFICE Microsoft Windows RTF file with embedded object package download attempt (file-office.rules) * 1:9845 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53961 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7783851-0 download attempt (malware-other.rules) * 1:53984 <-> DISABLED <-> OS-WINDOWS Windows print spooler elevation of privilege attempt (os-windows.rules) * 1:53974 <-> DISABLED <-> MALWARE-OTHER CobaltStrike powershell web delivery attempt (malware-other.rules) * 1:53980 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-7784396-0 download attempt (malware-other.rules) * 1:53983 <-> ENABLED <-> OS-WINDOWS Windows print spooler elevation of privilege attempt (os-windows.rules) * 1:53962 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7783851-0 download attempt (malware-other.rules) * 1:53985 <-> ENABLED <-> INDICATOR-COMPROMISE msiexec.exe command execution over DNS attempt (indicator-compromise.rules) * 1:53978 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules) * 1:53981 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Palevo-7785322-0 download attempt (malware-other.rules) * 1:53982 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Palevo-7785322-0 download attempt (malware-other.rules) * 1:53979 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-7784396-0 download attempt (malware-other.rules) * 1:53967 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules) * 1:53966 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784063-0 download attempt (malware-other.rules) * 1:53964 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784064-0 download attempt (malware-other.rules) * 1:53973 <-> DISABLED <-> MALWARE-OTHER CobaltStrike powershell web delivery attempt (malware-other.rules) * 1:53971 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andariel outbound connection attempt (malware-cnc.rules) * 1:53975 <-> DISABLED <-> INDICATOR-COMPROMISE CobaltStrike multiple large DNS TXT query responses (indicator-compromise.rules) * 1:53972 <-> ENABLED <-> MALWARE-OTHER CobaltStrike beacon.dll DNS download attempt (malware-other.rules) * 1:53977 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules) * 1:53969 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules) * 1:53963 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784064-0 download attempt (malware-other.rules) * 1:53965 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784063-0 download attempt (malware-other.rules) * 1:53970 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules) * 1:53976 <-> DISABLED <-> BROWSER-WEBKIT WebKit use-after-free remote code execution attempt (browser-webkit.rules) * 1:53968 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules) * 1:53960 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif malicious outbound connection attempt - gravity generated detection (malware-other.rules)
* 1:49791 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:51024 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:35980 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (file-identify.rules) * 1:42259 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:38855 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (file-identify.rules) * 1:40021 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules) * 1:28370 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules) * 1:30759 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:31675 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules) * 1:30016 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules) * 1:39903 <-> ENABLED <-> FILE-OFFICE Microsoft Windows RTF file with embedded object package SMTP upload attempt (file-office.rules) * 1:31591 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules) * 1:50875 <-> ENABLED <-> FILE-IDENTIFY Fax Cover Page file magic detected (file-identify.rules) * 1:51993 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:51268 <-> ENABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 download load file attempt (file-other.rules) * 1:28897 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules) * 1:49794 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49792 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:53213 <-> ENABLED <-> PROTOCOL-OTHER MQTT Connect control packet detected (protocol-other.rules) * 1:40389 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (file-identify.rules) * 1:42370 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:30972 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Silverlight landing page (exploit-kit.rules) * 1:38292 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (file-identify.rules) * 1:34397 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download request (file-identify.rules) * 1:36711 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file attachment detected (file-identify.rules) * 1:35852 <-> ENABLED <-> FILE-IDENTIFY JPEG file upload detected (file-identify.rules) * 1:26060 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules) * 1:28610 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit exploit payload retreive attempt (exploit-kit.rules) * 1:28574 <-> ENABLED <-> FILE-IDENTIFY FDF file download request (file-identify.rules) * 1:42918 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:40979 <-> ENABLED <-> FILE-IDENTIFY ico file download request (file-identify.rules) * 1:35796 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (file-identify.rules) * 1:32252 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules) * 1:30017 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules) * 1:35688 <-> ENABLED <-> PROTOCOL-OTHER MiniUPNP rootdesc.xml file request (protocol-other.rules) * 1:42365 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:3138 <-> ENABLED <-> NETBIOS SMB-DS Trans2 QUERY_FILE_INFO andx attempt (netbios.rules) * 1:30760 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file download request (file-identify.rules) * 1:3551 <-> ENABLED <-> FILE-IDENTIFY HTA file download request (file-identify.rules) * 1:32251 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules) * 1:3135 <-> ENABLED <-> NETBIOS SMB Trans2 QUERY_FILE_INFO attempt (netbios.rules) * 1:3142 <-> ENABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 andx attempt (netbios.rules) * 1:40017 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file download request (file-identify.rules) * 1:32005 <-> ENABLED <-> MALWARE-BACKDOOR AlienSpy RAT outbound connection (malware-backdoor.rules) * 1:27277 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file download request (file-identify.rules) * 1:26903 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (file-identify.rules) * 1:40892 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (file-identify.rules) * 1:49515 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:32877 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules) * 1:32947 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file download request (file-identify.rules) * 1:26904 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (file-identify.rules) * 1:31703 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:28898 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules) * 1:28572 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules) * 1:27276 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules) * 1:36816 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 IAKERB outbound token detected (server-other.rules) * 1:26061 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:28901 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file download request (file-identify.rules) * 1:35797 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file download request (file-identify.rules) * 1:31776 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:38306 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (file-identify.rules) * 1:28895 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules) * 1:26514 <-> ENABLED <-> FILE-IDENTIFY maplet file download attempt (file-identify.rules) * 1:26062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:43080 <-> ENABLED <-> BROWSER-OTHER Foscam IP Camera User-Agent string detected (browser-other.rules) * 1:42332 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant ping command (malware-cnc.rules) * 1:42260 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:33027 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules) * 1:42262 <-> ENABLED <-> FILE-IDENTIFY ISO file download request (file-identify.rules) * 1:40981 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules) * 1:3665 <-> ENABLED <-> SERVER-MYSQL server greeting (server-mysql.rules) * 1:3139 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 attempt (netbios.rules) * 1:40893 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (file-identify.rules) * 1:29384 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file download request (file-identify.rules) * 1:38853 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (file-identify.rules) * 1:27542 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules) * 1:42258 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:49516 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:52056 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules) * 1:49793 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49519 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49518 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:29407 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file download request (file-identify.rules) * 1:50874 <-> ENABLED <-> FILE-IDENTIFY Fax Cover Page file magic detected (file-identify.rules) * 1:49520 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:50870 <-> ENABLED <-> APP-DETECT Quagga password challenge detected (app-detect.rules) * 1:51992 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:51994 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:42223 <-> ENABLED <-> FILE-IDENTIFY AOP file download request (file-identify.rules) * 1:53861 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Astaroth outbound beacon (malware-cnc.rules) * 1:6010 <-> ENABLED <-> SERVER-OTHER VERITAS NetBackup vnetd connection attempt (server-other.rules) * 1:6469 <-> ENABLED <-> SERVER-OTHER RealVNC connection attempt (server-other.rules) * 1:6472 <-> ENABLED <-> MALWARE-BACKDOOR bugs runtime detection - file manager client-to-server (malware-backdoor.rules) * 1:7106 <-> ENABLED <-> MALWARE-BACKDOOR girlfriend runtime detection (malware-backdoor.rules) * 1:7111 <-> ENABLED <-> MALWARE-BACKDOOR fearless lite 1.01 runtime detection (malware-backdoor.rules) * 1:7506 <-> ENABLED <-> MALWARE-TOOLS Hacker-Tool coma runtime detection - init connection - flowbit set (malware-tools.rules) * 1:49517 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:7641 <-> ENABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client-to-server (malware-backdoor.rules) * 1:8355 <-> ENABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection (malware-other.rules) * 1:8445 <-> ENABLED <-> FILE-OFFICE Microsoft Windows RTF file with embedded object package download attempt (file-office.rules) * 1:9845 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules) * 1:42371 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:30758 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:28367 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules) * 1:46393 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file detected (file-identify.rules) * 1:28570 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules) * 1:27543 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules) * 1:26644 <-> ENABLED <-> SERVER-OTHER SSL TLS DEFLATE compression detected (server-other.rules) * 1:36531 <-> ENABLED <-> FILE-IDENTIFY Oracle Java JMX management loading mlet detected (file-identify.rules) * 1:26063 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file download request (file-identify.rules) * 1:30756 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:33221 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules) * 1:30969 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Internet Explorer landing page (exploit-kit.rules) * 1:26064 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file attachment detected (file-identify.rules) * 1:34629 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules) * 1:37546 <-> ENABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager connection attempt (server-other.rules) * 1:37418 <-> ENABLED <-> MALWARE-BACKDOOR Adzok RAT inbound connection (malware-backdoor.rules) * 1:40120 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file attachment detected (file-identify.rules) * 1:26065 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file attachment detected (file-identify.rules) * 1:31871 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules) * 1:26083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:38461 <-> ENABLED <-> OS-WINDOWS DCERPC Bind auth level packet privacy connection detected (os-windows.rules) * 1:38852 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (file-identify.rules) * 1:40390 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (file-identify.rules) * 1:35249 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (file-identify.rules) * 1:28507 <-> ENABLED <-> FILE-IDENTIFY Microsoft Write file download file attachment detected (file-identify.rules) * 1:42369 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:26084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:33026 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules) * 1:3141 <-> ENABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 attempt (netbios.rules) * 1:40387 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (file-identify.rules) * 1:40388 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (file-identify.rules) * 1:38854 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (file-identify.rules) * 1:28573 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules) * 1:31774 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:45515 <-> ENABLED <-> NETBIOS SMB SESSION_SETUP subcommand detected (netbios.rules) * 1:42367 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:26085 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:26515 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (file-identify.rules) * 1:49497 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:31702 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:3136 <-> ENABLED <-> NETBIOS SMB Trans2 QUERY_FILE_INFO andx attempt (netbios.rules) * 1:32378 <-> ENABLED <-> FILE-IDENTIFY bmp file attachment detected (file-identify.rules) * 1:34631 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file download request (file-identify.rules) * 1:38307 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (file-identify.rules) * 1:28384 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (file-identify.rules) * 1:49495 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:35432 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules) * 1:26126 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file download request (file-identify.rules) * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:26127 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules) * 1:28900 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules) * 1:35459 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file download request (file-identify.rules) * 1:41081 <-> ENABLED <-> SERVER-OTHER Tarantool initial connection banner detected (server-other.rules) * 1:26059 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:48556 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules) * 1:43891 <-> ENABLED <-> MALWARE-OTHER Win.Malware.Emotet variant lateral propagation (malware-other.rules) * 1:26517 <-> ENABLED <-> FILE-IDENTIFY maplet bin file download attempt (file-identify.rules) * 1:28899 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules) * 1:38291 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (file-identify.rules) * 1:39778 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file download request (file-identify.rules) * 1:32134 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules) * 1:40065 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NFS Server NULL pointer dereference denial-of-service attempt (os-windows.rules) * 1:31483 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:29385 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules) * 1:36748 <-> ENABLED <-> FILE-IDENTIFY TTF file attachment detected (file-identify.rules) * 1:32945 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (file-identify.rules) * 1:44442 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (file-identify.rules) * 1:48554 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules) * 1:43363 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:26128 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules) * 1:34395 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules) * 1:42366 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:27275 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules) * 1:35433 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules) * 1:28382 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index file download request (file-identify.rules) * 1:40118 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file download request (file-identify.rules) * 1:29276 <-> ENABLED <-> FILE-IDENTIFY XFDL file download request (file-identify.rules) * 1:38862 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file download request (file-identify.rules) * 1:38864 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules) * 1:32380 <-> ENABLED <-> FILE-IDENTIFY dib file attachment detected (file-identify.rules) * 1:36058 <-> ENABLED <-> FILE-IDENTIFY OLE Document upload detected (file-identify.rules) * 1:33641 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (file-identify.rules) * 1:40908 <-> ENABLED <-> SERVER-OTHER Foscam C1 backdoor account ftp login attempt (server-other.rules) * 1:42364 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:32617 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (file-identify.rules) * 1:40980 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules) * 1:44275 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:26206 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file download request (file-identify.rules) * 1:29612 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules) * 1:32345 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules) * 1:37784 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules) * 1:28508 <-> ENABLED <-> FILE-IDENTIFY Microsoft Write file download file attachment detected (file-identify.rules) * 1:31773 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:32880 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound payload request (exploit-kit.rules) * 1:3137 <-> ENABLED <-> NETBIOS SMB-DS Trans2 QUERY_FILE_INFO attempt (netbios.rules) * 1:42072 <-> DISABLED <-> SERVER-WEBAPP Aultware pwStore denial of service attempt (server-webapp.rules) * 1:33028 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file download request (file-identify.rules) * 1:40020 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules) * 1:26207 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (file-identify.rules) * 1:48555 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules) * 1:43364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:26208 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (file-identify.rules) * 1:29752 <-> ENABLED <-> SERVER-WEBAPP HP Intelligent Management Center SOM authentication bypass attempt (server-webapp.rules) * 1:42363 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:40391 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file download request (file-identify.rules) * 1:30018 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file download request (file-identify.rules) * 1:28368 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules) * 1:33667 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (file-identify.rules) * 1:34396 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules) * 1:33825 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules) * 1:26251 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:26429 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP malformed onStatus message type confusion attempt (file-flash.rules) * 1:49512 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:32618 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file download request (file-identify.rules) * 1:26458 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file download request (file-identify.rules) * 1:31482 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:37786 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules) * 1:34398 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download attempt (file-identify.rules) * 1:29439 <-> ENABLED <-> FILE-IDENTIFY MSI file download request (file-identify.rules) * 1:46367 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file download detected (file-identify.rules) * 1:38865 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules) * 1:37787 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules) * 1:35458 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules) * 1:42256 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB anonymous user session setup request detected (os-windows.rules) * 1:35979 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file download request (file-identify.rules) * 1:43003 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules) * 1:28896 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file attachment detected (file-identify.rules) * 1:26465 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules) * 1:31481 <-> ENABLED <-> SERVER-OTHER OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:36815 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO incoming token detected (server-other.rules) * 1:29008 <-> ENABLED <-> FILE-IDENTIFY XWD image file download request (file-identify.rules) * 1:49514 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:32165 <-> ENABLED <-> FILE-IDENTIFY SVG file magic detected (file-identify.rules) * 1:35250 <-> ENABLED <-> FILE-IDENTIFY GNI file magic detected (file-identify.rules) * 1:32946 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (file-identify.rules) * 1:26466 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules) * 1:32135 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules) * 1:38863 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules) * 1:3140 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 andx attempt (netbios.rules) * 1:29162 <-> ENABLED <-> FILE-IDENTIFY CIS file download request (file-identify.rules) * 1:35981 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (file-identify.rules) * 1:42261 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (file-identify.rules) * 1:43099 <-> ENABLED <-> SERVER-WEBAPP Simple SCADA web-socket connection initialization attempt (server-webapp.rules) * 1:29386 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules) * 1:42368 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:49513 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:30014 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules) * 1:25945 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:26057 <-> ENABLED <-> FILE-IDENTIFY ZIP file download detected (file-identify.rules) * 1:26058 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:25933 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25944 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25934 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25935 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25936 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25937 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25938 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25939 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25940 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25941 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25942 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25943 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:35455 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules) * 1:38866 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules) * 1:29514 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules) * 1:30015 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules) * 1:26494 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules) * 1:40019 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules) * 1:33666 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file download request (file-identify.rules) * 1:33640 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file download request (file-identify.rules) * 1:35795 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (file-identify.rules) * 1:35457 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules) * 1:44030 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint ppt file attachment detected file attachment detected (file-identify.rules) * 1:39777 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (file-identify.rules) * 1:33668 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (file-identify.rules) * 1:44231 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word doc file attachment detected (file-identify.rules) * 1:30757 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:29006 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (file-identify.rules) * 1:31484 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:28425 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules) * 1:29007 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (file-identify.rules) * 1:32253 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file download request (file-identify.rules) * 1:29613 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules) * 1:40036 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules) * 1:38851 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file download request (file-identify.rules) * 1:44441 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (file-identify.rules) * 1:26492 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file download request (file-identify.rules) * 1:39776 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (file-identify.rules) * 1:40891 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file download request (file-identify.rules) * 1:29275 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules) * 1:27121 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules) * 1:31676 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules) * 1:34630 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules) * 1:26493 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules) * 1:32616 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (file-identify.rules) * 1:35247 <-> ENABLED <-> FILE-IDENTIFY GNI file download request (file-identify.rules) * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules) * 1:40119 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file attachment detected (file-identify.rules) * 1:35248 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (file-identify.rules) * 1:26902 <-> ENABLED <-> FILE-IDENTIFY Android APK download request (file-identify.rules) * 1:33642 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (file-identify.rules) * 1:40035 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules) * 1:40018 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules) * 1:44165 <-> ENABLED <-> SERVER-WEBAPP websocket protocol upgrade request detected (server-webapp.rules) * 1:43067 <-> ENABLED <-> PROTOCOL-IMAP IMAP CRAM-MD5 authentication attempt (protocol-imap.rules) * 1:28383 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (file-identify.rules) * 1:37788 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file download request (file-identify.rules) * 1:43002 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules) * 1:29614 <-> ENABLED <-> FILE-IDENTIFY XPS file download request (file-identify.rules) * 1:31775 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:42257 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (file-identify.rules) * 1:28497 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file magic detected (file-identify.rules) * 1:29405 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules) * 1:35456 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules) * 1:28369 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules) * 1:37785 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules) * 1:29274 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules) * 1:28571 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules) * 1:46394 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file attachment detected (file-identify.rules) * 1:30532 <-> ENABLED <-> FILE-MULTIMEDIA CoCSoft Stream Download session (file-multimedia.rules) * 1:26516 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (file-identify.rules) * 1:29406 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules) * 1:27022 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules) * 1:4143 <-> ENABLED <-> SERVER-OTHER lpd receive printer job cascade adaptor protocol request (server-other.rules) * 1:28894 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules) * 1:48553 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file download request (file-identify.rules) * 1:32525 <-> ENABLED <-> BROWSER-OTHER FreeBSD tnftp client detected (browser-other.rules) * 1:32878 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules) * 1:10097 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules) * 1:10099 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules) * 1:10103 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules) * 1:10104 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules) * 1:10110 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.1.2 runtime detection (malware-backdoor.rules) * 1:10450 <-> ENABLED <-> MALWARE-BACKDOOR only 1 rat runtime detection - control command (malware-backdoor.rules) * 1:10455 <-> ENABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (malware-backdoor.rules) * 1:10460 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - get system info (malware-backdoor.rules) * 1:10462 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - explorer (malware-backdoor.rules) * 1:11004 <-> ENABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication request detected (protocol-imap.rules) * 1:11322 <-> ENABLED <-> MALWARE-BACKDOOR sohoanywhere runtime detection (malware-backdoor.rules) * 1:11835 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules) * 1:11953 <-> ENABLED <-> MALWARE-BACKDOOR supervisor plus runtime detection (malware-backdoor.rules) * 1:12054 <-> ENABLED <-> MALWARE-BACKDOOR tron runtime detection - init connection - flowbit set (malware-backdoor.rules) * 1:12129 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - get sys info (malware-other.rules) * 1:12131 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - keylogging (malware-other.rules) * 1:12133 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - open url (malware-other.rules) * 1:12135 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - fun (malware-other.rules) * 1:12142 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - init connection (malware-backdoor.rules) * 1:12144 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - rpc setup (malware-backdoor.rules) * 1:12146 <-> ENABLED <-> MALWARE-BACKDOOR blue eye 1.0b runtime detection - init connection (malware-backdoor.rules) * 1:12148 <-> ENABLED <-> MALWARE-BACKDOOR back orifice 2006 - v1.1.5 runtime detection - init connection (malware-backdoor.rules) * 1:12150 <-> ENABLED <-> MALWARE-BACKDOOR cafeini 1.0 runtime detection - init connection (malware-backdoor.rules) * 1:12153 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules) * 1:12154 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules) * 1:12156 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules) * 1:12157 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules) * 1:12160 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules) * 1:12161 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules) * 1:12163 <-> ENABLED <-> MALWARE-BACKDOOR cobra uploader 1.0 runtime detection (malware-backdoor.rules) * 1:12182 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules) * 1:12233 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with no password (malware-backdoor.rules) * 1:12235 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with password (malware-backdoor.rules) * 1:12237 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - ftp (malware-backdoor.rules) * 1:12240 <-> ENABLED <-> MALWARE-BACKDOOR genie 1.7 runtime detection - init connection (malware-backdoor.rules) * 1:12242 <-> ENABLED <-> MALWARE-BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (malware-backdoor.rules) * 1:12283 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules) * 1:12297 <-> ENABLED <-> MALWARE-BACKDOOR bifrost v1.2.1 runtime detection (malware-backdoor.rules) * 1:12373 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - initial connection (malware-backdoor.rules) * 1:12375 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - login & remote control (malware-backdoor.rules) * 1:12377 <-> ENABLED <-> MALWARE-BACKDOOR shark 2.3.2 runtime detection (malware-backdoor.rules) * 1:12454 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules) * 1:12455 <-> ENABLED <-> FILE-IDENTIFY SAP Crystal Reports file download request (file-identify.rules) * 1:12699 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.3.0 runtime detection - init connection (malware-backdoor.rules) * 1:12724 <-> ENABLED <-> MALWARE-BACKDOOR dark moon 4.11 runtime detection (malware-backdoor.rules) * 1:12726 <-> ENABLED <-> MALWARE-BACKDOOR bandook 1.35 runtime detection (malware-backdoor.rules) * 1:12758 <-> ENABLED <-> MALWARE-OTHER Keylogger/RAT digi watcher 2.32 runtime detection (malware-other.rules) * 1:12760 <-> ENABLED <-> MALWARE-OTHER Keylogger powered Keylogger 2.2 runtime detection (malware-other.rules) * 1:12792 <-> ENABLED <-> MALWARE-OTHER Keylogger spy lantern Keylogger pro 6.0 runtime detection (malware-other.rules) * 1:12972 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player asf/wmv/wma file magic detected (file-identify.rules) * 1:13236 <-> ENABLED <-> MALWARE-OTHER Keylogger active Keylogger 3.9.2 runtime detection (malware-other.rules) * 1:13243 <-> ENABLED <-> MALWARE-OTHER Keylogger computer monitor 1.1 by lastcomfort runtime detection (malware-other.rules) * 1:13247 <-> ENABLED <-> MALWARE-BACKDOOR yuri 1.2 runtime detection - init connection (malware-backdoor.rules) * 1:13278 <-> ENABLED <-> MALWARE-OTHER Keylogger advanced spy 4.0 runtime detection (malware-other.rules) * 1:13280 <-> ENABLED <-> MALWARE-OTHER Keylogger email spy monitor 6.9 runtime detection (malware-other.rules) * 1:13346 <-> ENABLED <-> PUA-ADWARE Snoopware remote desktop inspector outbound connection - init connection (pua-adware.rules) * 1:13465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file download request (file-identify.rules) * 1:13479 <-> ENABLED <-> MALWARE-OTHER Keylogger findnot guarddog 4.0 runtime detection (malware-other.rules) * 1:13483 <-> ENABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - updates automatically (pua-toolbars.rules) * 1:13506 <-> ENABLED <-> MALWARE-BACKDOOR evilotus 1.3.2 runtime detection - init connection (malware-backdoor.rules) * 1:13515 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime user agent (file-multimedia.rules) * 1:13583 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file download request (file-identify.rules) * 1:13584 <-> ENABLED <-> FILE-IDENTIFY CSV file download request (file-identify.rules) * 1:13585 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules) * 1:13767 <-> ENABLED <-> MALWARE-OTHER Keylogger cyber sitter runtime detection (malware-other.rules) * 1:13797 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules) * 1:13801 <-> ENABLED <-> FILE-IDENTIFY RTF file download request (file-identify.rules) * 1:13898 <-> ENABLED <-> APP-DETECT Apple iTunes client request for server info (app-detect.rules) * 1:13915 <-> ENABLED <-> FILE-IDENTIFY BAK file download request (file-identify.rules) * 1:13938 <-> ENABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant outbound connection (pua-adware.rules) * 1:13943 <-> ENABLED <-> PUA-ADWARE Trickler dropper agent.rqg outbound connection (pua-adware.rules) * 1:13983 <-> ENABLED <-> FILE-IDENTIFY EPS file download request (file-identify.rules) * 1:14017 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file download request (file-identify.rules) * 1:14018 <-> ENABLED <-> FILE-IDENTIFY PLS multimedia playlist file download request (file-identify.rules) * 1:14264 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player playlist download (file-identify.rules) * 1:15013 <-> ENABLED <-> FILE-IDENTIFY PDF file download request (file-identify.rules) * 1:15079 <-> ENABLED <-> FILE-IDENTIFY WAV file download request (file-identify.rules) * 1:15158 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file download request (file-identify.rules) * 1:15237 <-> ENABLED <-> FILE-IDENTIFY Java .class file download request (file-identify.rules) * 1:15239 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules) * 1:15240 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules) * 1:15294 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file download request (file-identify.rules) * 1:15319 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules) * 1:15320 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules) * 1:15321 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules) * 1:15322 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules) * 1:15323 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules) * 1:15324 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules) * 1:15325 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules) * 1:15326 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules) * 1:15361 <-> ENABLED <-> FILE-PDF pdf file sent via email (file-pdf.rules) * 1:15385 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file download request (file-identify.rules) * 1:15426 <-> ENABLED <-> FILE-IDENTIFY MAKI file download request (file-identify.rules) * 1:15427 <-> ENABLED <-> FILE-IDENTIFY SVG file download request (file-identify.rules) * 1:15444 <-> ENABLED <-> FILE-IDENTIFY Core Audio Format file download request (file-identify.rules) * 1:15463 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:15464 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:15468 <-> ENABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat dll request (browser-ie.rules) * 1:15483 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:15516 <-> ENABLED <-> FILE-IDENTIFY AVI multimedia file download request (file-identify.rules) * 1:15518 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file download request (file-identify.rules) * 1:15582 <-> ENABLED <-> FILE-IDENTIFY ARJ format file download request (file-identify.rules) * 1:15586 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules) * 1:15587 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules) * 1:15865 <-> ENABLED <-> FILE-IDENTIFY MP4 file download request (file-identify.rules) * 1:15870 <-> ENABLED <-> FILE-IDENTIFY 4XM file download request (file-identify.rules) * 1:15900 <-> ENABLED <-> FILE-IDENTIFY Audio Interchange file download request (file-identify.rules) * 1:15921 <-> ENABLED <-> FILE-IDENTIFY Microsoft multimedia format file download request (file-identify.rules) * 1:15922 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules) * 1:15945 <-> ENABLED <-> FILE-IDENTIFY RSS file download request (file-identify.rules) * 1:15987 <-> ENABLED <-> FILE-IDENTIFY DXF file download request (file-identify.rules) * 1:16061 <-> ENABLED <-> FILE-IDENTIFY X PixMap file download request (file-identify.rules) * 1:16143 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules) * 1:16205 <-> ENABLED <-> FILE-IDENTIFY BMP file download request (file-identify.rules) * 1:16219 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules) * 1:16254 <-> ENABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (pua-adware.rules) * 1:16286 <-> ENABLED <-> FILE-IDENTIFY TrueType font file download request (file-identify.rules) * 1:16381 <-> ENABLED <-> NETBIOS SMB session negotiation request (netbios.rules) * 1:16406 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16407 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker project file download request (file-identify.rules) * 1:16474 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules) * 1:16476 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducer file download request (file-identify.rules) * 1:16477 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerZ file download request (file-identify.rules) * 1:16478 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerBF file download request (file-identify.rules) * 1:16529 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16538 <-> ENABLED <-> NETBIOS NT QUERY SECURITY DESC flowbit (netbios.rules) * 1:16556 <-> ENABLED <-> FILE-OTHER 2imaegshack/lmageshack IM worm get request attempt (file-other.rules) * 1:16594 <-> ENABLED <-> PROTOCOL-POP STAT command (protocol-pop.rules) * 1:16630 <-> ENABLED <-> FILE-IDENTIFY DAT file download request (file-identify.rules) * 1:16691 <-> ENABLED <-> FILE-IDENTIFY PLF playlist file download request (file-identify.rules) * 1:16742 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file download request (file-identify.rules) * 1:16754 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand andx create tree attempt (netbios.rules) * 1:16755 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand create tree attempt (netbios.rules) * 1:16756 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode andx create tree attempt (netbios.rules) * 1:16757 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode create tree attempt (netbios.rules) * 1:17116 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASX file download request (file-identify.rules) * 1:17151 <-> ENABLED <-> NETBIOS SMB negotiate protocol request - ascii strings (netbios.rules) * 1:17229 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules) * 1:17230 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules) * 1:17241 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media wmv file download request (file-identify.rules) * 1:17259 <-> ENABLED <-> FILE-IDENTIFY MOV file download request (file-identify.rules) * 1:17314 <-> ENABLED <-> FILE-IDENTIFY OLE document file magic detected (file-identify.rules) * 1:17327 <-> ENABLED <-> SERVER-MAIL Qualcomm WorldMail Server Response (server-mail.rules) * 1:17332 <-> ENABLED <-> SERVER-MAIL Content-Disposition attachment (server-mail.rules) * 1:17359 <-> ENABLED <-> FILE-IDENTIFY XBM image file download request (file-identify.rules) * 1:17364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Help Workshop CNT Help file download request (file-identify.rules) * 1:17370 <-> ENABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules) * 1:17380 <-> ENABLED <-> FILE-IDENTIFY PNG file download request (file-identify.rules) * 1:17394 <-> ENABLED <-> FILE-IDENTIFY GIF file download request (file-identify.rules) * 1:17396 <-> ENABLED <-> SERVER-OTHER VNC client authentication response (server-other.rules) * 1:17418 <-> ENABLED <-> SERVER-ORACLE Oracle connection established (server-oracle.rules) * 1:17426 <-> ENABLED <-> FILE-IDENTIFY RAT file download request (file-identify.rules) * 1:17441 <-> ENABLED <-> FILE-IDENTIFY LNK file download request (file-identify.rules) * 1:17447 <-> ENABLED <-> SERVER-WEBAPP 407 Proxy Authentication Required (server-webapp.rules) * 1:17508 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file download request (file-identify.rules) * 1:17509 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Manifest file download request (file-identify.rules) * 1:17534 <-> ENABLED <-> SERVER-OTHER IPP Application Content (server-other.rules) * 1:17540 <-> ENABLED <-> FILE-IDENTIFY LZH file download request (file-identify.rules) * 1:17547 <-> ENABLED <-> FILE-IDENTIFY SMIL file download request (file-identify.rules) * 1:17552 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file download request (file-identify.rules) * 1:17598 <-> ENABLED <-> SERVER-OTHER IBM DB2 Universal Database accsec command without rdbnam (server-other.rules) * 1:17600 <-> ENABLED <-> FILE-IDENTIFY XUL file download request (file-identify.rules) * 1:17679 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules) * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (file-identify.rules) * 1:17733 <-> ENABLED <-> FILE-IDENTIFY XML file download request (file-identify.rules) * 1:17739 <-> ENABLED <-> FILE-IDENTIFY FlashPix file download request (file-identify.rules) * 1:17745 <-> ENABLED <-> NETBIOS SMB TRANS2 Find_First2 request attempt (netbios.rules) * 1:17751 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file download request (file-identify.rules) * 1:17801 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules) * 1:17802 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules) * 1:17809 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime qt file download request (file-identify.rules) * 1:18234 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules) * 1:18273 <-> ENABLED <-> FILE-IDENTIFY BAT file download request (file-identify.rules) * 1:18274 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Mail file download request (file-identify.rules) * 1:18516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules) * 1:18593 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file download request (file-identify.rules) * 1:18675 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules) * 1:19128 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules) * 1:19129 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules) * 1:19166 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules) * 1:19190 <-> ENABLED <-> NETBIOS SMB-DS Trans2 Distributed File System GET_DFS_REFERRAL request (netbios.rules) * 1:19211 <-> ENABLED <-> FILE-IDENTIFY ZIP archive file download request (file-identify.rules) * 1:19215 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file download request (file-identify.rules) * 1:19218 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules) * 1:19224 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex wrf file download request (file-identify.rules) * 1:19252 <-> ENABLED <-> FILE-IDENTIFY language.engtesselate.ln file download request (file-identify.rules) * 1:19289 <-> ENABLED <-> FILE-IDENTIFY MHTML file download request (file-identify.rules) * 1:19299 <-> ENABLED <-> SERVER-OTHER banner.txt access - possible compromised multi-mesh injection server (server-other.rules) * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:19324 <-> ENABLED <-> MALWARE-OTHER Keylogger WL-Keylogger inbound connection (malware-other.rules) * 1:19326 <-> ENABLED <-> PUA-ADWARE Classroom Spy Professional outbound connection - initial connection (pua-adware.rules) * 1:19392 <-> ENABLED <-> MALWARE-OTHER Keylogger Monitor.win32.perflogger (malware-other.rules) * 1:19422 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules) * 1:19423 <-> ENABLED <-> FILE-IDENTIFY MKV file download request (file-identify.rules) * 1:19424 <-> ENABLED <-> FILE-IDENTIFY MKA file download request (file-identify.rules) * 1:19425 <-> ENABLED <-> FILE-IDENTIFY MKS file download request (file-identify.rules) * 1:19430 <-> ENABLED <-> FILE-IDENTIFY MIDI file download request (file-identify.rules) * 1:19816 <-> ENABLED <-> NETBIOS Juniper NeoterisSetupService named pipe access attempt (netbios.rules) * 1:19899 <-> ENABLED <-> MALWARE-OTHER Tong Keylogger outbound connectiooutbound connection (malware-other.rules) * 1:19907 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules) * 1:20032 <-> ENABLED <-> FILE-IDENTIFY MIME file type file download request (file-identify.rules) * 1:20223 <-> ENABLED <-> FILE-IDENTIFY SMI file download request (file-identify.rules) * 1:20225 <-> ENABLED <-> FILE-OTHER SMI file download request (file-other.rules) * 1:20260 <-> ENABLED <-> FILE-IDENTIFY Microsoft Client Agent Helper JAR file download request (file-identify.rules) * 1:20269 <-> ENABLED <-> FILE-IDENTIFY FON font file download request (file-identify.rules) * 1:20274 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP NetShareEnumAll request (netbios.rules) * 1:20282 <-> ENABLED <-> FILE-IDENTIFY S3M file download request (file-identify.rules) * 1:20287 <-> ENABLED <-> FILE-IDENTIFY QCP file download request (file-identify.rules) * 1:20450 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules) * 1:20451 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules) * 1:20453 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (file-identify.rules) * 1:20454 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (file-identify.rules) * 1:20455 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (file-identify.rules) * 1:20456 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules) * 1:20458 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (file-identify.rules) * 1:20459 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules) * 1:20460 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:20461 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (file-identify.rules) * 1:20462 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules) * 1:20463 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20464 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20465 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20466 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20467 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20468 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20469 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20471 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules) * 1:20472 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules) * 1:20474 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (file-identify.rules) * 1:20475 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules) * 1:20476 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules) * 1:20477 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules) * 1:20478 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules) * 1:20479 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (file-identify.rules) * 1:20480 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules) * 1:20481 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:20483 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:20484 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (file-identify.rules) * 1:20485 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules) * 1:20486 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules) * 1:20487 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (file-identify.rules) * 1:20488 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (file-identify.rules) * 1:20489 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules) * 1:20490 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (file-identify.rules) * 1:20491 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (file-identify.rules) * 1:20492 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules) * 1:20493 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules) * 1:20494 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules) * 1:20495 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20497 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20500 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20501 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20502 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20503 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20507 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20511 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules) * 1:20512 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules) * 1:20513 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules) * 1:20514 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules) * 1:20515 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (file-identify.rules) * 1:20516 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules) * 1:20518 <-> ENABLED <-> FILE-IDENTIFY rmf file download request (file-identify.rules) * 1:20519 <-> ENABLED <-> FILE-IDENTIFY vmd file download request (file-identify.rules) * 1:20520 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (file-identify.rules) * 1:20521 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules) * 1:20522 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules) * 1:20544 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player FLV file download request (file-identify.rules) * 1:20554 <-> ENABLED <-> PUA-OTHER Microsoft MSN Messenger and Windows Live Messenger Code Execution attempt (pua-other.rules) * 1:20563 <-> ENABLED <-> FILE-IDENTIFY amf file download request (file-identify.rules) * 1:20564 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules) * 1:20588 <-> ENABLED <-> FILE-IDENTIFY CDR file download request (file-identify.rules) * 1:20589 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (file-identify.rules) * 1:20621 <-> ENABLED <-> FILE-IDENTIFY JAR file download request (file-identify.rules) * 1:20723 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file download request (file-identify.rules) * 1:20733 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file download request (file-identify.rules) * 1:20750 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules) * 1:20751 <-> ENABLED <-> FILE-IDENTIFY webm file download request (file-identify.rules) * 1:20792 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:20793 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:20795 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules) * 1:20796 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules) * 1:20798 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20799 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20800 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules) * 1:20801 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules) * 1:20839 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file download request (file-identify.rules) * 1:20840 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file download request (file-identify.rules) * 1:20841 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file download request (file-identify.rules) * 1:20848 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules) * 1:20849 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules) * 1:20852 <-> ENABLED <-> FILE-IDENTIFY DAZ Studio script download request (file-identify.rules) * 1:20854 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules) * 1:20855 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules) * 1:20856 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules) * 1:20857 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules) * 1:20859 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya embedded language script download request (file-identify.rules) * 1:20860 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules) * 1:20869 <-> ENABLED <-> FILE-IDENTIFY Autodesk 3D Studio Maxscript download request (file-identify.rules) * 1:20871 <-> ENABLED <-> SERVER-WEBAPP Worldweaver DX Studio Player shell.execute command execution attempt (server-webapp.rules) * 1:20874 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup initialization packet (server-other.rules) * 1:20882 <-> ENABLED <-> FILE-OFFICE Microsoft Windows embedded packager object identifier (file-office.rules) * 1:20888 <-> ENABLED <-> FILE-IDENTIFY Video Spirit visprj download attempt (file-identify.rules) * 1:20893 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules) * 1:20894 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules) * 1:20895 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules) * 1:20896 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules) * 1:20897 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules) * 1:20898 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules) * 1:20899 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules) * 1:20905 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules) * 1:20906 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules) * 1:20907 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules) * 1:20908 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules) * 1:20909 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules) * 1:20910 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules) * 1:20911 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules) * 1:20912 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules) * 1:20913 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules) * 1:20914 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules) * 1:20915 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules) * 1:20916 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules) * 1:20917 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules) * 1:20918 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules) * 1:20924 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules) * 1:20925 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules) * 1:20926 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules) * 1:20928 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:20929 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules) * 1:20930 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules) * 1:20931 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules) * 1:20932 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules) * 1:20933 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules) * 1:20934 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules) * 1:20935 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules) * 1:20936 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules) * 1:20937 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20938 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20939 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20940 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20941 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20942 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20943 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20944 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20945 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20946 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20947 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20948 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20950 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20951 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20952 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20953 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20954 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20955 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20956 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20957 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20958 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20959 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20960 <-> ENABLED <-> FILE-IDENTIFY Flac file download request (file-identify.rules) * 1:20961 <-> ENABLED <-> FILE-IDENTIFY TTE file download request (file-identify.rules) * 1:20962 <-> ENABLED <-> FILE-IDENTIFY OTF file download request (file-identify.rules) * 1:20963 <-> ENABLED <-> FILE-IDENTIFY DIB file download request (file-identify.rules) * 1:20964 <-> ENABLED <-> FILE-IDENTIFY SAMI file download request (file-identify.rules) * 1:20965 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20966 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20967 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20968 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules) * 1:20969 <-> ENABLED <-> FILE-IDENTIFY M4A file download request (file-identify.rules) * 1:20970 <-> ENABLED <-> FILE-IDENTIFY M4P file download request (file-identify.rules) * 1:20971 <-> ENABLED <-> FILE-IDENTIFY M4R file download request (file-identify.rules) * 1:20972 <-> ENABLED <-> FILE-IDENTIFY M4V file magic request (file-identify.rules) * 1:20973 <-> ENABLED <-> FILE-IDENTIFY M4B file download request (file-identify.rules) * 1:20974 <-> ENABLED <-> FILE-IDENTIFY 3GP file download request (file-identify.rules) * 1:20975 <-> ENABLED <-> FILE-IDENTIFY 3G2 file download request (file-identify.rules) * 1:20976 <-> ENABLED <-> FILE-IDENTIFY K3G file download request (file-identify.rules) * 1:20977 <-> ENABLED <-> FILE-IDENTIFY SKM file download request (file-identify.rules) * 1:20978 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules) * 1:20979 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules) * 1:20980 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules) * 1:20981 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules) * 1:20982 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:20983 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:20986 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules) * 1:20987 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules) * 1:20991 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules) * 1:20992 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules) * 1:21005 <-> ENABLED <-> MALWARE-CNC Yang Pack yg.htm download request (malware-cnc.rules) * 1:21007 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules) * 1:21008 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file download request (file-identify.rules) * 1:21009 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules) * 1:21010 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules) * 1:21011 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:21012 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file download request (file-identify.rules) * 1:21013 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules) * 1:21014 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules) * 1:21015 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules) * 1:21016 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cyb file attachment detected (file-identify.rules) * 1:21017 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file attachment detected (file-identify.rules) * 1:21018 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file download request (file-identify.rules) * 1:21035 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules) * 1:21036 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules) * 1:21052 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file download request (file-identify.rules) * 1:21053 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules) * 1:21054 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules) * 1:21059 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules) * 1:21061 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21062 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21109 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file download request (file-identify.rules) * 1:21110 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules) * 1:21111 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules) * 1:21113 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules) * 1:21152 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules) * 1:21153 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules) * 1:21174 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer realtext file download request (file-identify.rules) * 1:21282 <-> ENABLED <-> FILE-IDENTIFY XSL file download request (file-identify.rules) * 1:21283 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules) * 1:21284 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules) * 1:21285 <-> ENABLED <-> FILE-IDENTIFY XSLT file download request (file-identify.rules) * 1:21286 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules) * 1:21287 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules) * 1:21288 <-> ENABLED <-> FILE-IDENTIFY XML download detected (file-identify.rules) * 1:21295 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules) * 1:21296 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules) * 1:21345 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar request (exploit-kit.rules) * 1:21347 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - .php?page= (exploit-kit.rules) * 1:21410 <-> ENABLED <-> FILE-IDENTIFY paq8o file download request (file-identify.rules) * 1:21411 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules) * 1:21412 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules) * 1:21432 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules) * 1:21433 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules) * 1:21434 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mentor variant outbound connection (malware-cnc.rules) * 1:21480 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:21498 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:21499 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules) * 1:21500 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules) * 1:21573 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file download request (file-identify.rules) * 1:21574 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules) * 1:21575 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules) * 1:21584 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file download request (file-identify.rules) * 1:21585 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules) * 1:21586 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules) * 1:21611 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules) * 1:21612 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules) * 1:21613 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules) * 1:21614 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules) * 1:21615 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules) * 1:21616 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules) * 1:21617 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules) * 1:21618 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules) * 1:21620 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules) * 1:21621 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules) * 1:21623 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules) * 1:21624 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules) * 1:21625 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules) * 1:21626 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules) * 1:21627 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules) * 1:21628 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules) * 1:21648 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21649 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21650 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules) * 1:21651 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21652 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21659 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page Requested - /Home/index.php (exploit-kit.rules) * 1:21660 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page Requested - /Index/index.php (exploit-kit.rules) * 1:21687 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules) * 1:21688 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules) * 1:21691 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules) * 1:21692 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules) * 1:21693 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules) * 1:21694 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules) * 1:21695 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules) * 1:21696 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules) * 1:21697 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules) * 1:21698 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules) * 1:21699 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules) * 1:21700 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules) * 1:21701 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:21702 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:21703 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21704 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21705 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:21706 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:21707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:21708 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:21709 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules) * 1:21710 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules) * 1:21711 <-> ENABLED <-> FILE-IDENTIFY PFA file download request (file-identify.rules) * 1:21712 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules) * 1:21713 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules) * 1:21714 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules) * 1:21715 <-> ENABLED <-> FILE-IDENTIFY PFB file download request (file-identify.rules) * 1:21716 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules) * 1:21717 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules) * 1:21718 <-> ENABLED <-> FILE-IDENTIFY PFM file download request (file-identify.rules) * 1:21719 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules) * 1:21720 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules) * 1:21721 <-> ENABLED <-> FILE-IDENTIFY AFM file download request (file-identify.rules) * 1:21722 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules) * 1:21723 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules) * 1:21724 <-> ENABLED <-> FILE-IDENTIFY ANI file download request (file-identify.rules) * 1:21725 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules) * 1:21726 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules) * 1:21727 <-> ENABLED <-> FILE-IDENTIFY ANI file magic detection (file-identify.rules) * 1:21728 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21729 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21730 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21731 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21732 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21733 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21734 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21735 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21736 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21737 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21738 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21739 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules) * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules) * 1:21742 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:21743 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:21744 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21745 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21746 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules) * 1:21747 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules) * 1:21748 <-> ENABLED <-> FILE-IDENTIFY HPJ file download request (file-identify.rules) * 1:21749 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules) * 1:21750 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules) * 1:21751 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules) * 1:21802 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file download request (file-identify.rules) * 1:21803 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules) * 1:21804 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules) * 1:21807 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file download request (file-identify.rules) * 1:21808 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules) * 1:21809 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules) * 1:21810 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules) * 1:21811 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file download request (file-identify.rules) * 1:21812 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules) * 1:21813 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules) * 1:21814 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules) * 1:21815 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules) * 1:21816 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules) * 1:21854 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules) * 1:21855 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules) * 1:21856 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:21857 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:21861 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules) * 1:21862 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules) * 1:21863 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules) * 1:21864 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules) * 1:21865 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21866 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21867 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21868 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21870 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules) * 1:21871 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules) * 1:21872 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules) * 1:21873 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules) * 1:21886 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules) * 1:21887 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules) * 1:21888 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules) * 1:21889 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules) * 1:21890 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21891 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21892 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21893 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21894 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules) * 1:21895 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules) * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21931 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules) * 1:21939 <-> ENABLED <-> PROTOCOL-TELNET RuggedCom telnet initial banner (protocol-telnet.rules) * 1:21999 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file magic detection (file-identify.rules) * 1:22013 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file download request (file-identify.rules) * 1:22014 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (file-identify.rules) * 1:22015 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (file-identify.rules) * 1:22016 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (file-identify.rules) * 1:22017 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file download request (file-identify.rules) * 1:22018 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (file-identify.rules) * 1:22019 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (file-identify.rules) * 1:22020 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (file-identify.rules) * 1:22021 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file download request (file-identify.rules) * 1:22022 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (file-identify.rules) * 1:22023 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (file-identify.rules) * 1:22024 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (file-identify.rules) * 1:22025 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file download request (file-identify.rules) * 1:22026 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (file-identify.rules) * 1:22027 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (file-identify.rules) * 1:22028 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (file-identify.rules) * 1:22043 <-> ENABLED <-> FILE-IDENTIFY XM file download request (file-identify.rules) * 1:22044 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (file-identify.rules) * 1:22045 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (file-identify.rules) * 1:22046 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (file-identify.rules) * 1:22082 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file download request (file-identify.rules) * 1:22083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file attachment detected (file-identify.rules) * 1:22084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file attachment detected (file-identify.rules) * 1:22943 <-> ENABLED <-> FILE-IDENTIFY NAB file download request (file-identify.rules) * 1:22944 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules) * 1:22945 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules) * 1:22946 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules) * 1:22955 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules) * 1:22956 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules) * 1:22961 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules) * 1:22962 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules) * 1:22963 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RMP file attachment detected (file-identify.rules) * 1:22964 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RMP file attachment detected (file-identify.rules) * 1:22965 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules) * 1:22966 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules) * 1:22967 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules) * 1:22968 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules) * 1:22969 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules) * 1:22970 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules) * 1:22971 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file attachment detected (file-identify.rules) * 1:22972 <-> ENABLED <-> FILE-IDENTIFY m3u playlist file file attachment detected (file-identify.rules) * 1:22973 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules) * 1:22974 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules) * 1:22975 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules) * 1:22976 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules) * 1:22977 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules) * 1:22978 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules) * 1:22979 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules) * 1:22980 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules) * 1:22981 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules) * 1:22982 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules) * 1:22983 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules) * 1:22984 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules) * 1:22985 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules) * 1:22986 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules) * 1:22987 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules) * 1:22988 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules) * 1:22989 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules) * 1:22990 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules) * 1:22991 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules) * 1:22992 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules) * 1:22993 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules) * 1:22994 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules) * 1:22995 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules) * 1:22996 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules) * 1:22997 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules) * 1:22998 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules) * 1:22999 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules) * 1:23000 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules) * 1:23001 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules) * 1:23002 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules) * 1:23003 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules) * 1:23011 <-> ENABLED <-> FILE-IDENTIFY Collada file download request (file-identify.rules) * 1:23012 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules) * 1:23013 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules) * 1:23167 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file download request (file-identify.rules) * 1:23168 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules) * 1:23169 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules) * 1:23188 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23189 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23190 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23191 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23192 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23193 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23194 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23195 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23196 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23197 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23198 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23199 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23200 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23201 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23202 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23205 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23206 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23207 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23208 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk Manager Interface initial banner (protocol-voip.rules) * 1:23224 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit landing page Requested - 8Digit.html (exploit-kit.rules) * 1:23319 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (file-identify.rules) * 1:23320 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (file-identify.rules) * 1:23321 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (file-identify.rules) * 1:23322 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (file-identify.rules) * 1:23347 <-> ENABLED <-> FILE-IDENTIFY Lotus file download request (file-identify.rules) * 1:23348 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules) * 1:23349 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules) * 1:23393 <-> ENABLED <-> SQL IBM SolidDB initial banner (sql.rules) * 1:23474 <-> ENABLED <-> FILE-IDENTIFY PLP file download request (file-identify.rules) * 1:23475 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (file-identify.rules) * 1:23476 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (file-identify.rules) * 1:23477 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (file-identify.rules) * 1:23486 <-> ENABLED <-> FILE-IDENTIFY JOB file download request (file-identify.rules) * 1:23487 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules) * 1:23488 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules) * 1:23496 <-> ENABLED <-> FILE-IDENTIFY CUR file download request (file-identify.rules) * 1:23497 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules) * 1:23498 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules) * 1:23605 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.xx - v2.xx file magic detected (file-identify.rules) * 1:23616 <-> ENABLED <-> APP-DETECT Amazon Kindle 3.0 User-Agent string requested (app-detect.rules) * 1:23637 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules) * 1:23638 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules) * 1:23639 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules) * 1:23640 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules) * 1:23642 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (file-identify.rules) * 1:23643 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (file-identify.rules) * 1:23644 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (file-identify.rules) * 1:23645 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules) * 1:23646 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (file-identify.rules) * 1:23647 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules) * 1:23648 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:23649 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (file-identify.rules) * 1:23650 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules) * 1:23651 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23652 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23653 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23654 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23655 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23656 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23657 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23658 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules) * 1:23659 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules) * 1:23660 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (file-identify.rules) * 1:23661 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules) * 1:23662 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules) * 1:23663 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules) * 1:23664 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules) * 1:23665 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (file-identify.rules) * 1:23666 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:23667 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:23668 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (file-identify.rules) * 1:23669 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules) * 1:23670 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules) * 1:23671 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (file-identify.rules) * 1:23672 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (file-identify.rules) * 1:23673 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules) * 1:23674 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (file-identify.rules) * 1:23675 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (file-identify.rules) * 1:23676 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules) * 1:23677 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules) * 1:23678 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules) * 1:23679 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23680 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23681 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23682 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23683 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23684 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23685 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23687 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23688 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules) * 1:23689 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules) * 1:23690 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules) * 1:23691 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules) * 1:23692 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (file-identify.rules) * 1:23693 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules) * 1:23694 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (file-identify.rules) * 1:23695 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules) * 1:23696 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules) * 1:23697 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules) * 1:23698 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules) * 1:23701 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules) * 1:23703 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules) * 1:23707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules) * 1:23709 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules) * 1:23710 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules) * 1:23711 <-> ENABLED <-> FILE-IDENTIFY OLE Document file magic detected (file-identify.rules) * 1:23712 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules) * 1:23720 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules) * 1:23721 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules) * 1:23723 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules) * 1:23724 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules) * 1:23725 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules) * 1:23726 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules) * 1:23727 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules) * 1:23728 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules) * 1:23729 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules) * 1:23730 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules) * 1:23731 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (file-identify.rules) * 1:23732 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player .asf file magic detected (file-identify.rules) * 1:23733 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules) * 1:23734 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules) * 1:23735 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules) * 1:23736 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules) * 1:23737 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:23738 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23739 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23740 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23741 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23742 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23743 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23744 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23745 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23746 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23747 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23748 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules) * 1:23749 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules) * 1:23750 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules) * 1:23751 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:23752 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules) * 1:23753 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules) * 1:23754 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules) * 1:23755 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules) * 1:23758 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:23759 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:23760 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules) * 1:23761 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules) * 1:23762 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules) * 1:23763 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules) * 1:23764 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules) * 1:23765 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules) * 1:23769 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (file-identify.rules) * 1:23770 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (file-identify.rules) * 1:23771 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (file-identify.rules) * 1:23772 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (file-identify.rules) * 1:23773 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (file-identify.rules) * 1:23774 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules) * 1:23775 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (file-identify.rules) * 1:23776 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (file-identify.rules) * 1:23777 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.xx - v2.xx file magic detected (file-identify.rules) * 1:23807 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23808 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23809 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23810 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23811 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23812 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23813 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23814 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23815 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23816 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23817 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23818 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23819 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23820 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23821 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23822 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules) * 1:23823 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules) * 1:23839 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules) * 1:23849 <-> ENABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules) * 1:23969 <-> ENABLED <-> OS-MOBILE Android SMSZombie APK file download (os-mobile.rules) * 1:24004 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:24005 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:24045 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file download request (file-identify.rules) * 1:24046 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (file-identify.rules) * 1:24047 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (file-identify.rules) * 1:24048 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file download request (file-identify.rules) * 1:24049 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (file-identify.rules) * 1:24050 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (file-identify.rules) * 1:24074 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules) * 1:24075 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules) * 1:24076 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules) * 1:24078 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules) * 1:24079 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules) * 1:24080 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:24081 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:24089 <-> ENABLED <-> OS-WINDOWS Microsoft WebDAV PROPFIND request (os-windows.rules) * 1:24100 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules) * 1:24101 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules) * 1:2419 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .ram playlist file download request (file-identify.rules) * 1:24190 <-> ENABLED <-> FILE-IDENTIFY X PixMap file magic detected (file-identify.rules) * 1:2420 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rmp playlist file download request (file-identify.rules) * 1:24206 <-> ENABLED <-> FILE-IDENTIFY LZH archive file magic detected (file-identify.rules) * 1:24213 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24218 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:24219 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:2422 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rt playlist file download request (file-identify.rules) * 1:2423 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rp playlist file download request (file-identify.rules) * 1:24284 <-> ENABLED <-> FILE-OFFICE Microsoft Office Drawing object code execution attempt (file-office.rules) * 1:24313 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent request attempt (server-webapp.rules) * 1:24359 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules) * 1:2436 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file download request (file-identify.rules) * 1:24406 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MiniFlame variant outbound connection (malware-cnc.rules) * 1:24407 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MiniFlame variant outbound connection (malware-cnc.rules) * 1:24412 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules) * 1:24413 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules) * 1:24453 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules) * 1:24454 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules) * 1:24455 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24456 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24457 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24458 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24459 <-> ENABLED <-> FILE-IDENTIFY PSD file download request (file-identify.rules) * 1:24460 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (file-identify.rules) * 1:24461 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (file-identify.rules) * 1:24462 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (file-identify.rules) * 1:24463 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:24464 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:24465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules) * 1:24466 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (file-identify.rules) * 1:24467 <-> ENABLED <-> FILE-IDENTIFY XCF file download request (file-identify.rules) * 1:24468 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (file-identify.rules) * 1:24469 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (file-identify.rules) * 1:24470 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (file-identify.rules) * 1:24471 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (file-identify.rules) * 1:24472 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules) * 1:24473 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules) * 1:24483 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:24484 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:24554 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules) * 1:24555 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules) * 1:24599 <-> ENABLED <-> FILE-IDENTIFY Alt-N MDaemon IMAP Server (file-identify.rules) * 1:24651 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file download request (file-identify.rules) * 1:24708 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file download request (file-identify.rules) * 1:24709 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules) * 1:24710 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules) * 1:24719 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP call state message offhook (protocol-voip.rules) * 1:24816 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24817 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24818 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules) * 1:24819 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules) * 1:24820 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file download request (file-identify.rules) * 1:24821 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules) * 1:24822 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules) * 1:24824 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file download request (file-identify.rules) * 1:24825 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules) * 1:24826 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules) * 1:24901 <-> ENABLED <-> FILE-IDENTIFY JNLP file download request (file-identify.rules) * 1:24902 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules) * 1:24903 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules) * 1:24972 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 find file and directory info request (netbios.rules) * 1:25014 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file magic detected (file-identify.rules) * 1:25032 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file download request (file-identify.rules) * 1:25033 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules) * 1:25034 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules) * 1:25041 <-> ENABLED <-> EXPLOIT-KIT Java User-Agent flowbit set (exploit-kit.rules) * 1:25062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (file-identify.rules) * 1:25305 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file magic detected (file-identify.rules) * 1:25306 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file download request (file-identify.rules) * 1:25307 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules) * 1:25308 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules) * 1:25373 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file download request (file-identify.rules) * 1:25374 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (file-identify.rules) * 1:25375 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (file-identify.rules) * 1:25516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (file-identify.rules) * 1:25517 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (file-identify.rules) * 1:25602 <-> ENABLED <-> SERVER-OTHER Sybase Open Server TDS login request (server-other.rules) * 1:25604 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file download request (file-identify.rules) * 1:25605 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (file-identify.rules) * 1:25606 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (file-identify.rules) * 1:25680 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player embedded compact font detected (file-identify.rules) * 1:25682 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player embedded compact font detected (file-identify.rules) * 1:25928 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25929 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25930 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25931 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25932 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53963 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784064-0 download attempt (snort3-malware-other.rules) * 1:53984 <-> DISABLED <-> OS-WINDOWS Windows print spooler elevation of privilege attempt (snort3-os-windows.rules) * 1:53973 <-> DISABLED <-> MALWARE-OTHER CobaltStrike powershell web delivery attempt (snort3-malware-other.rules) * 1:53964 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784064-0 download attempt (snort3-malware-other.rules) * 1:53966 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784063-0 download attempt (snort3-malware-other.rules) * 1:53974 <-> DISABLED <-> MALWARE-OTHER CobaltStrike powershell web delivery attempt (snort3-malware-other.rules) * 1:53960 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif malicious outbound connection attempt - gravity generated detection (snort3-malware-other.rules) * 1:53977 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (snort3-malware-other.rules) * 1:53976 <-> DISABLED <-> BROWSER-WEBKIT WebKit use-after-free remote code execution attempt (snort3-browser-webkit.rules) * 1:53961 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7783851-0 download attempt (snort3-malware-other.rules) * 1:53972 <-> ENABLED <-> MALWARE-OTHER CobaltStrike beacon.dll DNS download attempt (snort3-malware-other.rules) * 1:53967 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (snort3-server-webapp.rules) * 1:53968 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (snort3-server-webapp.rules) * 1:53969 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (snort3-server-webapp.rules) * 1:53981 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Palevo-7785322-0 download attempt (snort3-malware-other.rules) * 1:53971 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andariel outbound connection attempt (snort3-malware-cnc.rules) * 1:53975 <-> DISABLED <-> INDICATOR-COMPROMISE CobaltStrike multiple large DNS TXT query responses (snort3-indicator-compromise.rules) * 1:53970 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (snort3-server-webapp.rules) * 1:53985 <-> ENABLED <-> INDICATOR-COMPROMISE msiexec.exe command execution over DNS attempt (snort3-indicator-compromise.rules) * 1:53965 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784063-0 download attempt (snort3-malware-other.rules) * 1:53982 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Palevo-7785322-0 download attempt (snort3-malware-other.rules) * 1:53978 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (snort3-malware-other.rules) * 1:53980 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-7784396-0 download attempt (snort3-malware-other.rules) * 1:53979 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-7784396-0 download attempt (snort3-malware-other.rules) * 1:53962 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7783851-0 download attempt (snort3-malware-other.rules) * 1:53983 <-> ENABLED <-> OS-WINDOWS Windows print spooler elevation of privilege attempt (snort3-os-windows.rules)
* 1:38854 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (snort3-file-identify.rules) * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (snort3-server-other.rules) * 1:35979 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file download request (snort3-file-identify.rules) * 1:25944 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (snort3-file-identify.rules) * 1:34397 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download request (snort3-file-identify.rules) * 1:3140 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 andx attempt (snort3-netbios.rules) * 1:49520 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (snort3-malware-cnc.rules) * 1:49518 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (snort3-malware-cnc.rules) * 1:49793 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (snort3-malware-cnc.rules) * 1:28897 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (snort3-file-identify.rules) * 1:49792 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (snort3-malware-cnc.rules) * 1:49794 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (snort3-malware-cnc.rules) * 1:10462 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - explorer (snort3-malware-backdoor.rules) * 1:51994 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (snort3-file-identify.rules) * 1:11322 <-> ENABLED <-> MALWARE-BACKDOOR sohoanywhere runtime detection (snort3-malware-backdoor.rules) * 1:51993 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (snort3-file-identify.rules) * 1:29162 <-> ENABLED <-> FILE-IDENTIFY CIS file download request (snort3-file-identify.rules) * 1:25945 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (snort3-file-identify.rules) * 1:28571 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (snort3-file-identify.rules) * 1:3138 <-> ENABLED <-> NETBIOS SMB-DS Trans2 QUERY_FILE_INFO andx attempt (snort3-netbios.rules) * 1:32345 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (snort3-server-other.rules) * 1:52056 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (snort3-file-identify.rules) * 1:26644 <-> ENABLED <-> SERVER-OTHER SSL TLS DEFLATE compression detected (snort3-server-other.rules) * 1:43363 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (snort3-file-identify.rules) * 1:44231 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word doc file attachment detected (snort3-file-identify.rules) * 1:33668 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (snort3-file-identify.rules) * 1:51024 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (snort3-file-identify.rules) * 1:49791 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (snort3-malware-cnc.rules) * 1:53861 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Astaroth outbound beacon (snort3-malware-cnc.rules) * 1:49519 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (snort3-malware-cnc.rules) * 1:26057 <-> ENABLED <-> FILE-IDENTIFY ZIP file download detected (snort3-file-identify.rules) * 1:6010 <-> ENABLED <-> SERVER-OTHER VERITAS NetBackup vnetd connection attempt (snort3-server-other.rules) * 1:50870 <-> ENABLED <-> APP-DETECT Quagga password challenge detected (snort3-app-detect.rules) * 1:26058 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (snort3-file-identify.rules) * 1:6469 <-> ENABLED <-> SERVER-OTHER RealVNC connection attempt (snort3-server-other.rules) * 1:10099 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (snort3-malware-other.rules) * 1:10104 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (snort3-malware-backdoor.rules) * 1:51992 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (snort3-file-identify.rules) * 1:29386 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (snort3-file-identify.rules) * 1:50874 <-> ENABLED <-> FILE-IDENTIFY Fax Cover Page file magic detected (snort3-file-identify.rules) * 1:11835 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (snort3-file-identify.rules) * 1:51268 <-> ENABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 download load file attempt (snort3-file-other.rules) * 1:10110 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.1.2 runtime detection (snort3-malware-backdoor.rules) * 1:11004 <-> ENABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication request detected (snort3-protocol-imap.rules) * 1:53213 <-> ENABLED <-> PROTOCOL-OTHER MQTT Connect control packet detected (snort3-protocol-other.rules) * 1:6472 <-> ENABLED <-> MALWARE-BACKDOOR bugs runtime detection - file manager client-to-server (snort3-malware-backdoor.rules) * 1:7106 <-> ENABLED <-> MALWARE-BACKDOOR girlfriend runtime detection (snort3-malware-backdoor.rules) * 1:7111 <-> ENABLED <-> MALWARE-BACKDOOR fearless lite 1.01 runtime detection (snort3-malware-backdoor.rules) * 1:7506 <-> ENABLED <-> MALWARE-TOOLS Hacker-Tool coma runtime detection - init connection - flowbit set (snort3-malware-tools.rules) * 1:7641 <-> ENABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client-to-server (snort3-malware-backdoor.rules) * 1:8355 <-> ENABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection (snort3-malware-other.rules) * 1:8445 <-> ENABLED <-> FILE-OFFICE Microsoft Windows RTF file with embedded object package download attempt (snort3-file-office.rules) * 1:9845 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (snort3-file-identify.rules) * 1:11953 <-> ENABLED <-> MALWARE-BACKDOOR supervisor plus runtime detection (snort3-malware-backdoor.rules) * 1:12054 <-> ENABLED <-> MALWARE-BACKDOOR tron runtime detection - init connection - flowbit set (snort3-malware-backdoor.rules) * 1:12129 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - get sys info (snort3-malware-other.rules) * 1:12131 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - keylogging (snort3-malware-other.rules) * 1:12133 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - open url (snort3-malware-other.rules) * 1:12135 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - fun (snort3-malware-other.rules) * 1:12142 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - init connection (snort3-malware-backdoor.rules) * 1:12144 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - rpc setup (snort3-malware-backdoor.rules) * 1:12146 <-> ENABLED <-> MALWARE-BACKDOOR blue eye 1.0b runtime detection - init connection (snort3-malware-backdoor.rules) * 1:12148 <-> ENABLED <-> MALWARE-BACKDOOR back orifice 2006 - v1.1.5 runtime detection - init connection (snort3-malware-backdoor.rules) * 1:12150 <-> ENABLED <-> MALWARE-BACKDOOR cafeini 1.0 runtime detection - init connection (snort3-malware-backdoor.rules) * 1:12153 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (snort3-malware-backdoor.rules) * 1:12154 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (snort3-malware-backdoor.rules) * 1:12156 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (snort3-malware-backdoor.rules) * 1:12157 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (snort3-malware-backdoor.rules) * 1:12160 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (snort3-malware-backdoor.rules) * 1:12161 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (snort3-malware-backdoor.rules) * 1:12163 <-> ENABLED <-> MALWARE-BACKDOOR cobra uploader 1.0 runtime detection (snort3-malware-backdoor.rules) * 1:12182 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (snort3-file-identify.rules) * 1:12233 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with no password (snort3-malware-backdoor.rules) * 1:12235 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with password (snort3-malware-backdoor.rules) * 1:12237 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - ftp (snort3-malware-backdoor.rules) * 1:12240 <-> ENABLED <-> MALWARE-BACKDOOR genie 1.7 runtime detection - init connection (snort3-malware-backdoor.rules) * 1:12242 <-> ENABLED <-> MALWARE-BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (snort3-malware-backdoor.rules) * 1:12283 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (snort3-file-identify.rules) * 1:12297 <-> ENABLED <-> MALWARE-BACKDOOR bifrost v1.2.1 runtime detection (snort3-malware-backdoor.rules) * 1:12373 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - initial connection (snort3-malware-backdoor.rules) * 1:12375 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - login & remote control (snort3-malware-backdoor.rules) * 1:12377 <-> ENABLED <-> MALWARE-BACKDOOR shark 2.3.2 runtime detection (snort3-malware-backdoor.rules) * 1:12454 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (snort3-file-identify.rules) * 1:12455 <-> ENABLED <-> FILE-IDENTIFY SAP Crystal Reports file download request (snort3-file-identify.rules) * 1:12699 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.3.0 runtime detection - init connection (snort3-malware-backdoor.rules) * 1:12724 <-> ENABLED <-> MALWARE-BACKDOOR dark moon 4.11 runtime detection (snort3-malware-backdoor.rules) * 1:12726 <-> ENABLED <-> MALWARE-BACKDOOR bandook 1.35 runtime detection (snort3-malware-backdoor.rules) * 1:12758 <-> ENABLED <-> MALWARE-OTHER Keylogger/RAT digi watcher 2.32 runtime detection (snort3-malware-other.rules) * 1:12760 <-> ENABLED <-> MALWARE-OTHER Keylogger powered Keylogger 2.2 runtime detection (snort3-malware-other.rules) * 1:12792 <-> ENABLED <-> MALWARE-OTHER Keylogger spy lantern Keylogger pro 6.0 runtime detection (snort3-malware-other.rules) * 1:12972 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player asf/wmv/wma file magic detected (snort3-file-identify.rules) * 1:13236 <-> ENABLED <-> MALWARE-OTHER Keylogger active Keylogger 3.9.2 runtime detection (snort3-malware-other.rules) * 1:13243 <-> ENABLED <-> MALWARE-OTHER Keylogger computer monitor 1.1 by lastcomfort runtime detection (snort3-malware-other.rules) * 1:13247 <-> ENABLED <-> MALWARE-BACKDOOR yuri 1.2 runtime detection - init connection (snort3-malware-backdoor.rules) * 1:13278 <-> ENABLED <-> MALWARE-OTHER Keylogger advanced spy 4.0 runtime detection (snort3-malware-other.rules) * 1:13280 <-> ENABLED <-> MALWARE-OTHER Keylogger email spy monitor 6.9 runtime detection (snort3-malware-other.rules) * 1:13346 <-> ENABLED <-> PUA-ADWARE Snoopware remote desktop inspector outbound connection - init connection (snort3-pua-adware.rules) * 1:13465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file download request (snort3-file-identify.rules) * 1:13479 <-> ENABLED <-> MALWARE-OTHER Keylogger findnot guarddog 4.0 runtime detection (snort3-malware-other.rules) * 1:13483 <-> ENABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - updates automatically (snort3-pua-toolbars.rules) * 1:13506 <-> ENABLED <-> MALWARE-BACKDOOR evilotus 1.3.2 runtime detection - init connection (snort3-malware-backdoor.rules) * 1:13515 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime user agent (snort3-file-multimedia.rules) * 1:13583 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file download request (snort3-file-identify.rules) * 1:13584 <-> ENABLED <-> FILE-IDENTIFY CSV file download request (snort3-file-identify.rules) * 1:13585 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (snort3-file-identify.rules) * 1:13767 <-> ENABLED <-> MALWARE-OTHER Keylogger cyber sitter runtime detection (snort3-malware-other.rules) * 1:13797 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (snort3-file-identify.rules) * 1:13801 <-> ENABLED <-> FILE-IDENTIFY RTF file download request (snort3-file-identify.rules) * 1:13898 <-> ENABLED <-> APP-DETECT Apple iTunes client request for server info (snort3-app-detect.rules) * 1:13915 <-> ENABLED <-> FILE-IDENTIFY BAK file download request (snort3-file-identify.rules) * 1:13938 <-> ENABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant outbound connection (snort3-pua-adware.rules) * 1:13943 <-> ENABLED <-> PUA-ADWARE Trickler dropper agent.rqg outbound connection (snort3-pua-adware.rules) * 1:13983 <-> ENABLED <-> FILE-IDENTIFY EPS file download request (snort3-file-identify.rules) * 1:14017 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file download request (snort3-file-identify.rules) * 1:14018 <-> ENABLED <-> FILE-IDENTIFY PLS multimedia playlist file download request (snort3-file-identify.rules) * 1:14264 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player playlist download (snort3-file-identify.rules) * 1:15013 <-> ENABLED <-> FILE-IDENTIFY PDF file download request (snort3-file-identify.rules) * 1:15079 <-> ENABLED <-> FILE-IDENTIFY WAV file download request (snort3-file-identify.rules) * 1:15158 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file download request (snort3-file-identify.rules) * 1:15237 <-> ENABLED <-> FILE-IDENTIFY Java .class file download request (snort3-file-identify.rules) * 1:15239 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (snort3-file-identify.rules) * 1:15240 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (snort3-file-identify.rules) * 1:15294 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file download request (snort3-file-identify.rules) * 1:15319 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (snort3-netbios.rules) * 1:15320 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (snort3-netbios.rules) * 1:15321 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (snort3-netbios.rules) * 1:15322 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (snort3-netbios.rules) * 1:15323 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (snort3-netbios.rules) * 1:15324 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (snort3-netbios.rules) * 1:15325 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (snort3-netbios.rules) * 1:15326 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (snort3-netbios.rules) * 1:15361 <-> ENABLED <-> FILE-PDF pdf file sent via email (snort3-file-pdf.rules) * 1:15385 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file download request (snort3-file-identify.rules) * 1:15426 <-> ENABLED <-> FILE-IDENTIFY MAKI file download request (snort3-file-identify.rules) * 1:15427 <-> ENABLED <-> FILE-IDENTIFY SVG file download request (snort3-file-identify.rules) * 1:15444 <-> ENABLED <-> FILE-IDENTIFY Core Audio Format file download request (snort3-file-identify.rules) * 1:15463 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (snort3-file-identify.rules) * 1:15464 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (snort3-file-identify.rules) * 1:15468 <-> ENABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat dll request (snort3-browser-ie.rules) * 1:15483 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (snort3-file-identify.rules) * 1:15516 <-> ENABLED <-> FILE-IDENTIFY AVI multimedia file download request (snort3-file-identify.rules) * 1:15518 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file download request (snort3-file-identify.rules) * 1:15582 <-> ENABLED <-> FILE-IDENTIFY ARJ format file download request (snort3-file-identify.rules) * 1:15586 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (snort3-file-identify.rules) * 1:15587 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (snort3-file-identify.rules) * 1:15865 <-> ENABLED <-> FILE-IDENTIFY MP4 file download request (snort3-file-identify.rules) * 1:15870 <-> ENABLED <-> FILE-IDENTIFY 4XM file download request (snort3-file-identify.rules) * 1:15900 <-> ENABLED <-> FILE-IDENTIFY Audio Interchange file download request (snort3-file-identify.rules) * 1:15921 <-> ENABLED <-> FILE-IDENTIFY Microsoft multimedia format file download request (snort3-file-identify.rules) * 1:15922 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (snort3-file-identify.rules) * 1:15945 <-> ENABLED <-> FILE-IDENTIFY RSS file download request (snort3-file-identify.rules) * 1:15987 <-> ENABLED <-> FILE-IDENTIFY DXF file download request (snort3-file-identify.rules) * 1:16061 <-> ENABLED <-> FILE-IDENTIFY X PixMap file download request (snort3-file-identify.rules) * 1:16143 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (snort3-file-identify.rules) * 1:16205 <-> ENABLED <-> FILE-IDENTIFY BMP file download request (snort3-file-identify.rules) * 1:16219 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (snort3-file-identify.rules) * 1:16254 <-> ENABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (snort3-pua-adware.rules) * 1:16286 <-> ENABLED <-> FILE-IDENTIFY TrueType font file download request (snort3-file-identify.rules) * 1:16381 <-> ENABLED <-> NETBIOS SMB session negotiation request (snort3-netbios.rules) * 1:16406 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (snort3-file-identify.rules) * 1:16407 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (snort3-file-identify.rules) * 1:16473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker project file download request (snort3-file-identify.rules) * 1:16474 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (snort3-file-identify.rules) * 1:16476 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducer file download request (snort3-file-identify.rules) * 1:16477 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerZ file download request (snort3-file-identify.rules) * 1:16478 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerBF file download request (snort3-file-identify.rules) * 1:16529 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (snort3-file-identify.rules) * 1:16538 <-> ENABLED <-> NETBIOS NT QUERY SECURITY DESC flowbit (snort3-netbios.rules) * 1:16556 <-> ENABLED <-> FILE-OTHER 2imaegshack/lmageshack IM worm get request attempt (snort3-file-other.rules) * 1:16594 <-> ENABLED <-> PROTOCOL-POP STAT command (snort3-protocol-pop.rules) * 1:16630 <-> ENABLED <-> FILE-IDENTIFY DAT file download request (snort3-file-identify.rules) * 1:16691 <-> ENABLED <-> FILE-IDENTIFY PLF playlist file download request (snort3-file-identify.rules) * 1:16742 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file download request (snort3-file-identify.rules) * 1:16754 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand andx create tree attempt (snort3-netbios.rules) * 1:16755 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand create tree attempt (snort3-netbios.rules) * 1:16756 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode andx create tree attempt (snort3-netbios.rules) * 1:16757 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode create tree attempt (snort3-netbios.rules) * 1:17116 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASX file download request (snort3-file-identify.rules) * 1:17151 <-> ENABLED <-> NETBIOS SMB negotiate protocol request - ascii strings (snort3-netbios.rules) * 1:17229 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (snort3-file-identify.rules) * 1:17230 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (snort3-file-identify.rules) * 1:17241 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media wmv file download request (snort3-file-identify.rules) * 1:17259 <-> ENABLED <-> FILE-IDENTIFY MOV file download request (snort3-file-identify.rules) * 1:17314 <-> ENABLED <-> FILE-IDENTIFY OLE document file magic detected (snort3-file-identify.rules) * 1:17327 <-> ENABLED <-> SERVER-MAIL Qualcomm WorldMail Server Response (snort3-server-mail.rules) * 1:17332 <-> ENABLED <-> SERVER-MAIL Content-Disposition attachment (snort3-server-mail.rules) * 1:17359 <-> ENABLED <-> FILE-IDENTIFY XBM image file download request (snort3-file-identify.rules) * 1:17364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Help Workshop CNT Help file download request (snort3-file-identify.rules) * 1:17370 <-> ENABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (snort3-server-webapp.rules) * 1:17380 <-> ENABLED <-> FILE-IDENTIFY PNG file download request (snort3-file-identify.rules) * 1:17394 <-> ENABLED <-> FILE-IDENTIFY GIF file download request (snort3-file-identify.rules) * 1:17396 <-> ENABLED <-> SERVER-OTHER VNC client authentication response (snort3-server-other.rules) * 1:17418 <-> ENABLED <-> SERVER-ORACLE Oracle connection established (snort3-server-oracle.rules) * 1:17426 <-> ENABLED <-> FILE-IDENTIFY RAT file download request (snort3-file-identify.rules) * 1:17441 <-> ENABLED <-> FILE-IDENTIFY LNK file download request (snort3-file-identify.rules) * 1:17447 <-> ENABLED <-> SERVER-WEBAPP 407 Proxy Authentication Required (snort3-server-webapp.rules) * 1:17508 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file download request (snort3-file-identify.rules) * 1:17509 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Manifest file download request (snort3-file-identify.rules) * 1:17534 <-> ENABLED <-> SERVER-OTHER IPP Application Content (snort3-server-other.rules) * 1:17540 <-> ENABLED <-> FILE-IDENTIFY LZH file download request (snort3-file-identify.rules) * 1:17547 <-> ENABLED <-> FILE-IDENTIFY SMIL file download request (snort3-file-identify.rules) * 1:17552 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file download request (snort3-file-identify.rules) * 1:17598 <-> ENABLED <-> SERVER-OTHER IBM DB2 Universal Database accsec command without rdbnam (snort3-server-other.rules) * 1:17600 <-> ENABLED <-> FILE-IDENTIFY XUL file download request (snort3-file-identify.rules) * 1:17679 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (snort3-file-identify.rules) * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (snort3-file-identify.rules) * 1:17733 <-> ENABLED <-> FILE-IDENTIFY XML file download request (snort3-file-identify.rules) * 1:17739 <-> ENABLED <-> FILE-IDENTIFY FlashPix file download request (snort3-file-identify.rules) * 1:17745 <-> ENABLED <-> NETBIOS SMB TRANS2 Find_First2 request attempt (snort3-netbios.rules) * 1:17751 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file download request (snort3-file-identify.rules) * 1:17801 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (snort3-file-identify.rules) * 1:17802 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (snort3-file-identify.rules) * 1:17809 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime qt file download request (snort3-file-identify.rules) * 1:18234 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (snort3-file-identify.rules) * 1:18273 <-> ENABLED <-> FILE-IDENTIFY BAT file download request (snort3-file-identify.rules) * 1:18274 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Mail file download request (snort3-file-identify.rules) * 1:18516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (snort3-file-identify.rules) * 1:18593 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file download request (snort3-file-identify.rules) * 1:18675 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (snort3-file-identify.rules) * 1:19128 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (snort3-file-identify.rules) * 1:19129 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (snort3-file-identify.rules) * 1:19166 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (snort3-file-identify.rules) * 1:19190 <-> ENABLED <-> NETBIOS SMB-DS Trans2 Distributed File System GET_DFS_REFERRAL request (snort3-netbios.rules) * 1:19211 <-> ENABLED <-> FILE-IDENTIFY ZIP archive file download request (snort3-file-identify.rules) * 1:19215 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file download request (snort3-file-identify.rules) * 1:19218 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (snort3-file-identify.rules) * 1:19224 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex wrf file download request (snort3-file-identify.rules) * 1:19252 <-> ENABLED <-> FILE-IDENTIFY language.engtesselate.ln file download request (snort3-file-identify.rules) * 1:19289 <-> ENABLED <-> FILE-IDENTIFY MHTML file download request (snort3-file-identify.rules) * 1:19299 <-> ENABLED <-> SERVER-OTHER banner.txt access - possible compromised multi-mesh injection server (snort3-server-other.rules) * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (snort3-server-other.rules) * 1:19324 <-> ENABLED <-> MALWARE-OTHER Keylogger WL-Keylogger inbound connection (snort3-malware-other.rules) * 1:19326 <-> ENABLED <-> PUA-ADWARE Classroom Spy Professional outbound connection - initial connection (snort3-pua-adware.rules) * 1:19392 <-> ENABLED <-> MALWARE-OTHER Keylogger Monitor.win32.perflogger (snort3-malware-other.rules) * 1:19422 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (snort3-file-identify.rules) * 1:19423 <-> ENABLED <-> FILE-IDENTIFY MKV file download request (snort3-file-identify.rules) * 1:19424 <-> ENABLED <-> FILE-IDENTIFY MKA file download request (snort3-file-identify.rules) * 1:19425 <-> ENABLED <-> FILE-IDENTIFY MKS file download request (snort3-file-identify.rules) * 1:19430 <-> ENABLED <-> FILE-IDENTIFY MIDI file download request (snort3-file-identify.rules) * 1:19816 <-> ENABLED <-> NETBIOS Juniper NeoterisSetupService named pipe access attempt (snort3-netbios.rules) * 1:19899 <-> ENABLED <-> MALWARE-OTHER Tong Keylogger outbound connectiooutbound connection (snort3-malware-other.rules) * 1:19907 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (snort3-file-identify.rules) * 1:20032 <-> ENABLED <-> FILE-IDENTIFY MIME file type file download request (snort3-file-identify.rules) * 1:20223 <-> ENABLED <-> FILE-IDENTIFY SMI file download request (snort3-file-identify.rules) * 1:20225 <-> ENABLED <-> FILE-OTHER SMI file download request (snort3-file-other.rules) * 1:20260 <-> ENABLED <-> FILE-IDENTIFY Microsoft Client Agent Helper JAR file download request (snort3-file-identify.rules) * 1:20269 <-> ENABLED <-> FILE-IDENTIFY FON font file download request (snort3-file-identify.rules) * 1:20274 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP NetShareEnumAll request (snort3-netbios.rules) * 1:20282 <-> ENABLED <-> FILE-IDENTIFY S3M file download request (snort3-file-identify.rules) * 1:20287 <-> ENABLED <-> FILE-IDENTIFY QCP file download request (snort3-file-identify.rules) * 1:20450 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (snort3-file-identify.rules) * 1:20451 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (snort3-file-identify.rules) * 1:20453 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (snort3-file-identify.rules) * 1:20454 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (snort3-file-identify.rules) * 1:20455 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (snort3-file-identify.rules) * 1:20456 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (snort3-file-identify.rules) * 1:20458 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (snort3-file-identify.rules) * 1:20459 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (snort3-file-identify.rules) * 1:20460 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (snort3-file-identify.rules) * 1:20461 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (snort3-file-identify.rules) * 1:20462 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (snort3-file-identify.rules) * 1:20463 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (snort3-file-identify.rules) * 1:20464 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (snort3-file-identify.rules) * 1:20465 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (snort3-file-identify.rules) * 1:20466 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (snort3-file-identify.rules) * 1:20467 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (snort3-file-identify.rules) * 1:20468 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (snort3-file-identify.rules) * 1:20469 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (snort3-file-identify.rules) * 1:20471 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (snort3-file-identify.rules) * 1:20472 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (snort3-file-identify.rules) * 1:20474 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (snort3-file-identify.rules) * 1:20475 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (snort3-file-identify.rules) * 1:20476 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (snort3-file-identify.rules) * 1:20477 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (snort3-file-identify.rules) * 1:20478 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (snort3-file-identify.rules) * 1:20479 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (snort3-file-identify.rules) * 1:20480 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (snort3-file-identify.rules) * 1:20481 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (snort3-file-identify.rules) * 1:20483 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (snort3-file-identify.rules) * 1:20484 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (snort3-file-identify.rules) * 1:20485 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (snort3-file-identify.rules) * 1:20486 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (snort3-file-identify.rules) * 1:20487 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (snort3-file-identify.rules) * 1:20488 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (snort3-file-identify.rules) * 1:20489 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (snort3-file-identify.rules) * 1:20490 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (snort3-file-identify.rules) * 1:20491 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (snort3-file-identify.rules) * 1:20492 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (snort3-file-identify.rules) * 1:20493 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (snort3-file-identify.rules) * 1:20494 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (snort3-file-identify.rules) * 1:20495 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (snort3-file-identify.rules) * 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (snort3-file-identify.rules) * 1:20497 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (snort3-file-identify.rules) * 1:20500 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:20501 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:20502 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:20503 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:20507 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (snort3-file-identify.rules) * 1:20511 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (snort3-file-identify.rules) * 1:20512 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (snort3-file-identify.rules) * 1:20513 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (snort3-file-identify.rules) * 1:20514 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (snort3-file-identify.rules) * 1:20515 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (snort3-file-identify.rules) * 1:20516 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (snort3-file-identify.rules) * 1:20518 <-> ENABLED <-> FILE-IDENTIFY rmf file download request (snort3-file-identify.rules) * 1:20519 <-> ENABLED <-> FILE-IDENTIFY vmd file download request (snort3-file-identify.rules) * 1:20520 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (snort3-file-identify.rules) * 1:20521 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (snort3-file-identify.rules) * 1:20522 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (snort3-file-identify.rules) * 1:20544 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player FLV file download request (snort3-file-identify.rules) * 1:20554 <-> ENABLED <-> PUA-OTHER Microsoft MSN Messenger and Windows Live Messenger Code Execution attempt (snort3-pua-other.rules) * 1:20563 <-> ENABLED <-> FILE-IDENTIFY amf file download request (snort3-file-identify.rules) * 1:20564 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (snort3-file-identify.rules) * 1:20588 <-> ENABLED <-> FILE-IDENTIFY CDR file download request (snort3-file-identify.rules) * 1:20589 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (snort3-file-identify.rules) * 1:20621 <-> ENABLED <-> FILE-IDENTIFY JAR file download request (snort3-file-identify.rules) * 1:20723 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file download request (snort3-file-identify.rules) * 1:20733 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file download request (snort3-file-identify.rules) * 1:20750 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (snort3-file-identify.rules) * 1:20751 <-> ENABLED <-> FILE-IDENTIFY webm file download request (snort3-file-identify.rules) * 1:20792 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (snort3-file-identify.rules) * 1:20793 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (snort3-file-identify.rules) * 1:20795 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (snort3-file-identify.rules) * 1:20796 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (snort3-file-identify.rules) * 1:20798 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (snort3-file-identify.rules) * 1:20799 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (snort3-file-identify.rules) * 1:20800 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (snort3-file-identify.rules) * 1:20801 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (snort3-file-identify.rules) * 1:20839 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file download request (snort3-file-identify.rules) * 1:20840 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file download request (snort3-file-identify.rules) * 1:20841 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file download request (snort3-file-identify.rules) * 1:20848 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (snort3-file-identify.rules) * 1:20849 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (snort3-file-identify.rules) * 1:20852 <-> ENABLED <-> FILE-IDENTIFY DAZ Studio script download request (snort3-file-identify.rules) * 1:20854 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (snort3-file-identify.rules) * 1:20855 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (snort3-file-identify.rules) * 1:20856 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (snort3-file-identify.rules) * 1:20857 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (snort3-file-identify.rules) * 1:20859 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya embedded language script download request (snort3-file-identify.rules) * 1:20860 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (snort3-file-identify.rules) * 1:20869 <-> ENABLED <-> FILE-IDENTIFY Autodesk 3D Studio Maxscript download request (snort3-file-identify.rules) * 1:20871 <-> ENABLED <-> SERVER-WEBAPP Worldweaver DX Studio Player shell.execute command execution attempt (snort3-server-webapp.rules) * 1:20874 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup initialization packet (snort3-server-other.rules) * 1:20882 <-> ENABLED <-> FILE-OFFICE Microsoft Windows embedded packager object identifier (snort3-file-office.rules) * 1:20888 <-> ENABLED <-> FILE-IDENTIFY Video Spirit visprj download attempt (snort3-file-identify.rules) * 1:20893 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (snort3-file-identify.rules) * 1:20894 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (snort3-file-identify.rules) * 1:20895 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (snort3-file-identify.rules) * 1:20896 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (snort3-file-identify.rules) * 1:20897 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (snort3-file-identify.rules) * 1:20898 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (snort3-file-identify.rules) * 1:20899 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (snort3-file-identify.rules) * 1:20905 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (snort3-file-identify.rules) * 1:20906 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (snort3-file-identify.rules) * 1:20907 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (snort3-file-identify.rules) * 1:20908 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (snort3-file-identify.rules) * 1:20909 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (snort3-file-identify.rules) * 1:20910 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (snort3-file-identify.rules) * 1:20911 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (snort3-file-identify.rules) * 1:20912 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (snort3-file-identify.rules) * 1:20913 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (snort3-file-identify.rules) * 1:20914 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (snort3-file-identify.rules) * 1:20915 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (snort3-file-identify.rules) * 1:20916 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (snort3-file-identify.rules) * 1:20917 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (snort3-file-identify.rules) * 1:20918 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (snort3-file-identify.rules) * 1:20924 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (snort3-file-identify.rules) * 1:20925 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (snort3-file-identify.rules) * 1:20926 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (snort3-file-identify.rules) * 1:20928 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (snort3-file-identify.rules) * 1:20929 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (snort3-file-identify.rules) * 1:20930 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (snort3-file-identify.rules) * 1:20931 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (snort3-file-identify.rules) * 1:20932 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (snort3-file-identify.rules) * 1:20933 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (snort3-file-identify.rules) * 1:20934 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (snort3-file-identify.rules) * 1:20935 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (snort3-file-identify.rules) * 1:20936 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (snort3-file-identify.rules) * 1:20937 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (snort3-file-identify.rules) * 1:20938 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (snort3-file-identify.rules) * 1:20939 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (snort3-file-identify.rules) * 1:20940 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (snort3-file-identify.rules) * 1:20941 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (snort3-file-identify.rules) * 1:20942 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (snort3-file-identify.rules) * 1:20943 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (snort3-file-identify.rules) * 1:20944 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (snort3-file-identify.rules) * 1:20945 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (snort3-file-identify.rules) * 1:20946 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (snort3-file-identify.rules) * 1:20947 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (snort3-file-identify.rules) * 1:20948 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (snort3-file-identify.rules) * 1:20950 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:20951 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:20952 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:20953 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:20954 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:20955 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:20956 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:20957 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:20958 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:20959 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:20960 <-> ENABLED <-> FILE-IDENTIFY Flac file download request (snort3-file-identify.rules) * 1:20961 <-> ENABLED <-> FILE-IDENTIFY TTE file download request (snort3-file-identify.rules) * 1:20962 <-> ENABLED <-> FILE-IDENTIFY OTF file download request (snort3-file-identify.rules) * 1:20963 <-> ENABLED <-> FILE-IDENTIFY DIB file download request (snort3-file-identify.rules) * 1:20964 <-> ENABLED <-> FILE-IDENTIFY SAMI file download request (snort3-file-identify.rules) * 1:20965 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (snort3-file-identify.rules) * 1:20966 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (snort3-file-identify.rules) * 1:20967 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (snort3-file-identify.rules) * 1:20968 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (snort3-file-identify.rules) * 1:20969 <-> ENABLED <-> FILE-IDENTIFY M4A file download request (snort3-file-identify.rules) * 1:20970 <-> ENABLED <-> FILE-IDENTIFY M4P file download request (snort3-file-identify.rules) * 1:20971 <-> ENABLED <-> FILE-IDENTIFY M4R file download request (snort3-file-identify.rules) * 1:20972 <-> ENABLED <-> FILE-IDENTIFY M4V file magic request (snort3-file-identify.rules) * 1:20973 <-> ENABLED <-> FILE-IDENTIFY M4B file download request (snort3-file-identify.rules) * 1:20974 <-> ENABLED <-> FILE-IDENTIFY 3GP file download request (snort3-file-identify.rules) * 1:20975 <-> ENABLED <-> FILE-IDENTIFY 3G2 file download request (snort3-file-identify.rules) * 1:20976 <-> ENABLED <-> FILE-IDENTIFY K3G file download request (snort3-file-identify.rules) * 1:20977 <-> ENABLED <-> FILE-IDENTIFY SKM file download request (snort3-file-identify.rules) * 1:20978 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (snort3-file-identify.rules) * 1:20979 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (snort3-file-identify.rules) * 1:20980 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (snort3-file-identify.rules) * 1:20981 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (snort3-file-identify.rules) * 1:20982 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (snort3-file-identify.rules) * 1:20983 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (snort3-file-identify.rules) * 1:20986 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (snort3-file-identify.rules) * 1:20987 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (snort3-file-identify.rules) * 1:20991 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (snort3-file-identify.rules) * 1:20992 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (snort3-file-identify.rules) * 1:21005 <-> ENABLED <-> MALWARE-CNC Yang Pack yg.htm download request (snort3-malware-cnc.rules) * 1:21007 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (snort3-file-identify.rules) * 1:21008 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file download request (snort3-file-identify.rules) * 1:21009 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (snort3-file-identify.rules) * 1:21010 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (snort3-file-identify.rules) * 1:21011 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (snort3-file-identify.rules) * 1:21012 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file download request (snort3-file-identify.rules) * 1:21013 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (snort3-file-identify.rules) * 1:21014 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (snort3-file-identify.rules) * 1:21015 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (snort3-file-identify.rules) * 1:21016 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cyb file attachment detected (snort3-file-identify.rules) * 1:21017 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file attachment detected (snort3-file-identify.rules) * 1:21018 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file download request (snort3-file-identify.rules) * 1:21035 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (snort3-file-identify.rules) * 1:21036 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (snort3-file-identify.rules) * 1:21052 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file download request (snort3-file-identify.rules) * 1:21053 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (snort3-file-identify.rules) * 1:21054 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (snort3-file-identify.rules) * 1:21059 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (snort3-file-identify.rules) * 1:21061 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (snort3-file-identify.rules) * 1:21062 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (snort3-file-identify.rules) * 1:21109 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file download request (snort3-file-identify.rules) * 1:21110 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (snort3-file-identify.rules) * 1:21111 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (snort3-file-identify.rules) * 1:21113 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (snort3-file-identify.rules) * 1:21152 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (snort3-file-identify.rules) * 1:21153 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (snort3-file-identify.rules) * 1:21174 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer realtext file download request (snort3-file-identify.rules) * 1:21282 <-> ENABLED <-> FILE-IDENTIFY XSL file download request (snort3-file-identify.rules) * 1:21283 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (snort3-file-identify.rules) * 1:21284 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (snort3-file-identify.rules) * 1:21285 <-> ENABLED <-> FILE-IDENTIFY XSLT file download request (snort3-file-identify.rules) * 1:21286 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (snort3-file-identify.rules) * 1:21287 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (snort3-file-identify.rules) * 1:21288 <-> ENABLED <-> FILE-IDENTIFY XML download detected (snort3-file-identify.rules) * 1:21295 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (snort3-file-identify.rules) * 1:21296 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (snort3-file-identify.rules) * 1:21345 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar request (snort3-exploit-kit.rules) * 1:21347 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - .php?page= (snort3-exploit-kit.rules) * 1:21410 <-> ENABLED <-> FILE-IDENTIFY paq8o file download request (snort3-file-identify.rules) * 1:21411 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (snort3-file-identify.rules) * 1:21412 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (snort3-file-identify.rules) * 1:21432 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (snort3-file-identify.rules) * 1:21433 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (snort3-file-identify.rules) * 1:21434 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mentor variant outbound connection (snort3-malware-cnc.rules) * 1:21480 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (snort3-file-identify.rules) * 1:21498 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (snort3-file-identify.rules) * 1:21499 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (snort3-file-identify.rules) * 1:21500 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (snort3-file-identify.rules) * 1:21573 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file download request (snort3-file-identify.rules) * 1:21574 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (snort3-file-identify.rules) * 1:21575 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (snort3-file-identify.rules) * 1:21584 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file download request (snort3-file-identify.rules) * 1:21585 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (snort3-file-identify.rules) * 1:21586 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (snort3-file-identify.rules) * 1:21611 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (snort3-file-identify.rules) * 1:21612 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (snort3-file-identify.rules) * 1:21613 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (snort3-file-identify.rules) * 1:21614 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (snort3-file-identify.rules) * 1:21615 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (snort3-file-identify.rules) * 1:21616 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (snort3-file-identify.rules) * 1:21617 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (snort3-file-identify.rules) * 1:21618 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (snort3-file-identify.rules) * 1:21620 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (snort3-file-identify.rules) * 1:21621 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (snort3-file-identify.rules) * 1:21623 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (snort3-file-identify.rules) * 1:21624 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (snort3-file-identify.rules) * 1:21625 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (snort3-file-identify.rules) * 1:21626 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (snort3-file-identify.rules) * 1:21627 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (snort3-file-identify.rules) * 1:21628 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (snort3-file-identify.rules) * 1:21648 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (snort3-file-identify.rules) * 1:21649 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (snort3-file-identify.rules) * 1:21650 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (snort3-file-identify.rules) * 1:21651 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (snort3-file-identify.rules) * 1:21652 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (snort3-file-identify.rules) * 1:21659 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page Requested - /Home/index.php (snort3-exploit-kit.rules) * 1:21660 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page Requested - /Index/index.php (snort3-exploit-kit.rules) * 1:21687 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (snort3-file-identify.rules) * 1:21688 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (snort3-file-identify.rules) * 1:21691 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (snort3-file-identify.rules) * 1:21692 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (snort3-file-identify.rules) * 1:21693 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (snort3-file-identify.rules) * 1:21694 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (snort3-file-identify.rules) * 1:21695 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (snort3-file-identify.rules) * 1:21696 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (snort3-file-identify.rules) * 1:21697 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (snort3-file-identify.rules) * 1:21698 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (snort3-file-identify.rules) * 1:21699 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (snort3-file-identify.rules) * 1:21700 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (snort3-file-identify.rules) * 1:21701 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (snort3-file-identify.rules) * 1:21702 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (snort3-file-identify.rules) * 1:21703 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (snort3-file-identify.rules) * 1:21704 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (snort3-file-identify.rules) * 1:21705 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (snort3-file-identify.rules) * 1:21706 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (snort3-file-identify.rules) * 1:21707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (snort3-file-identify.rules) * 1:21708 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (snort3-file-identify.rules) * 1:21709 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (snort3-file-identify.rules) * 1:21710 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (snort3-file-identify.rules) * 1:21711 <-> ENABLED <-> FILE-IDENTIFY PFA file download request (snort3-file-identify.rules) * 1:21712 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (snort3-file-identify.rules) * 1:21713 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (snort3-file-identify.rules) * 1:21714 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (snort3-file-identify.rules) * 1:21715 <-> ENABLED <-> FILE-IDENTIFY PFB file download request (snort3-file-identify.rules) * 1:21716 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (snort3-file-identify.rules) * 1:21717 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (snort3-file-identify.rules) * 1:21718 <-> ENABLED <-> FILE-IDENTIFY PFM file download request (snort3-file-identify.rules) * 1:21719 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (snort3-file-identify.rules) * 1:21720 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (snort3-file-identify.rules) * 1:21721 <-> ENABLED <-> FILE-IDENTIFY AFM file download request (snort3-file-identify.rules) * 1:21722 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (snort3-file-identify.rules) * 1:21723 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (snort3-file-identify.rules) * 1:21724 <-> ENABLED <-> FILE-IDENTIFY ANI file download request (snort3-file-identify.rules) * 1:21725 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (snort3-file-identify.rules) * 1:21726 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (snort3-file-identify.rules) * 1:21727 <-> ENABLED <-> FILE-IDENTIFY ANI file magic detection (snort3-file-identify.rules) * 1:21728 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (snort3-file-identify.rules) * 1:21729 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (snort3-file-identify.rules) * 1:21730 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (snort3-file-identify.rules) * 1:21731 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (snort3-file-identify.rules) * 1:21732 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (snort3-file-identify.rules) * 1:21733 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (snort3-file-identify.rules) * 1:21734 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (snort3-file-identify.rules) * 1:21735 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (snort3-file-identify.rules) * 1:21736 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (snort3-file-identify.rules) * 1:21737 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (snort3-file-identify.rules) * 1:21738 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (snort3-file-identify.rules) * 1:21739 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (snort3-file-identify.rules) * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (snort3-file-identify.rules) * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (snort3-file-identify.rules) * 1:21742 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (snort3-file-identify.rules) * 1:21743 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (snort3-file-identify.rules) * 1:21744 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (snort3-file-identify.rules) * 1:21745 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (snort3-file-identify.rules) * 1:21746 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (snort3-file-identify.rules) * 1:21747 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (snort3-file-identify.rules) * 1:21748 <-> ENABLED <-> FILE-IDENTIFY HPJ file download request (snort3-file-identify.rules) * 1:21749 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (snort3-file-identify.rules) * 1:21750 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (snort3-file-identify.rules) * 1:21751 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (snort3-file-identify.rules) * 1:21802 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file download request (snort3-file-identify.rules) * 1:21803 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (snort3-file-identify.rules) * 1:21804 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (snort3-file-identify.rules) * 1:21807 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file download request (snort3-file-identify.rules) * 1:21808 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (snort3-file-identify.rules) * 1:21809 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (snort3-file-identify.rules) * 1:21810 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (snort3-file-identify.rules) * 1:21811 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file download request (snort3-file-identify.rules) * 1:21812 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (snort3-file-identify.rules) * 1:21813 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (snort3-file-identify.rules) * 1:21814 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (snort3-file-identify.rules) * 1:21815 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (snort3-file-identify.rules) * 1:21816 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (snort3-file-identify.rules) * 1:21854 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (snort3-file-identify.rules) * 1:21855 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (snort3-file-identify.rules) * 1:21856 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (snort3-file-identify.rules) * 1:21857 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (snort3-file-identify.rules) * 1:21861 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (snort3-file-identify.rules) * 1:21862 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (snort3-file-identify.rules) * 1:21863 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (snort3-file-identify.rules) * 1:21864 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (snort3-file-identify.rules) * 1:21865 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (snort3-file-identify.rules) * 1:21866 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (snort3-file-identify.rules) * 1:21867 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (snort3-file-identify.rules) * 1:21868 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (snort3-file-identify.rules) * 1:21870 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (snort3-file-identify.rules) * 1:21871 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (snort3-file-identify.rules) * 1:21872 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (snort3-file-identify.rules) * 1:21873 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (snort3-file-identify.rules) * 1:21886 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (snort3-file-identify.rules) * 1:21887 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (snort3-file-identify.rules) * 1:21888 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (snort3-file-identify.rules) * 1:21889 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (snort3-file-identify.rules) * 1:21890 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (snort3-file-identify.rules) * 1:21891 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (snort3-file-identify.rules) * 1:21892 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (snort3-file-identify.rules) * 1:21893 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (snort3-file-identify.rules) * 1:21894 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (snort3-file-identify.rules) * 1:21895 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (snort3-file-identify.rules) * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (snort3-server-other.rules) * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (snort3-server-other.rules) * 1:21931 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (snort3-file-office.rules) * 1:21939 <-> ENABLED <-> PROTOCOL-TELNET RuggedCom telnet initial banner (snort3-protocol-telnet.rules) * 1:21999 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file magic detection (snort3-file-identify.rules) * 1:22013 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file download request (snort3-file-identify.rules) * 1:22014 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (snort3-file-identify.rules) * 1:22015 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (snort3-file-identify.rules) * 1:22016 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (snort3-file-identify.rules) * 1:22017 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file download request (snort3-file-identify.rules) * 1:22018 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (snort3-file-identify.rules) * 1:22019 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (snort3-file-identify.rules) * 1:22020 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (snort3-file-identify.rules) * 1:22021 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file download request (snort3-file-identify.rules) * 1:22022 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (snort3-file-identify.rules) * 1:22023 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (snort3-file-identify.rules) * 1:22024 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (snort3-file-identify.rules) * 1:22025 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file download request (snort3-file-identify.rules) * 1:22026 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (snort3-file-identify.rules) * 1:22027 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (snort3-file-identify.rules) * 1:22028 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (snort3-file-identify.rules) * 1:22043 <-> ENABLED <-> FILE-IDENTIFY XM file download request (snort3-file-identify.rules) * 1:22044 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (snort3-file-identify.rules) * 1:22045 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (snort3-file-identify.rules) * 1:22046 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (snort3-file-identify.rules) * 1:22082 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file download request (snort3-file-identify.rules) * 1:22083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file attachment detected (snort3-file-identify.rules) * 1:22084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file attachment detected (snort3-file-identify.rules) * 1:22943 <-> ENABLED <-> FILE-IDENTIFY NAB file download request (snort3-file-identify.rules) * 1:22944 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (snort3-file-identify.rules) * 1:22945 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (snort3-file-identify.rules) * 1:22946 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (snort3-file-identify.rules) * 1:22955 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (snort3-file-identify.rules) * 1:22956 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (snort3-file-identify.rules) * 1:22961 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (snort3-file-identify.rules) * 1:22962 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (snort3-file-identify.rules) * 1:22963 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RMP file attachment detected (snort3-file-identify.rules) * 1:22964 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RMP file attachment detected (snort3-file-identify.rules) * 1:22965 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (snort3-file-identify.rules) * 1:22966 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (snort3-file-identify.rules) * 1:22967 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (snort3-file-identify.rules) * 1:22968 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (snort3-file-identify.rules) * 1:22969 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (snort3-file-identify.rules) * 1:22970 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (snort3-file-identify.rules) * 1:22971 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file attachment detected (snort3-file-identify.rules) * 1:22972 <-> ENABLED <-> FILE-IDENTIFY m3u playlist file file attachment detected (snort3-file-identify.rules) * 1:22973 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (snort3-file-identify.rules) * 1:22974 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (snort3-file-identify.rules) * 1:22975 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (snort3-file-identify.rules) * 1:22976 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (snort3-file-identify.rules) * 1:22977 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (snort3-file-identify.rules) * 1:22978 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (snort3-file-identify.rules) * 1:22979 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (snort3-file-identify.rules) * 1:22980 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (snort3-file-identify.rules) * 1:22981 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (snort3-file-identify.rules) * 1:22982 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (snort3-file-identify.rules) * 1:22983 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (snort3-file-identify.rules) * 1:22984 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (snort3-file-identify.rules) * 1:22985 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (snort3-file-identify.rules) * 1:22986 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (snort3-file-identify.rules) * 1:22987 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (snort3-file-identify.rules) * 1:22988 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (snort3-file-identify.rules) * 1:22989 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (snort3-file-identify.rules) * 1:22990 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (snort3-file-identify.rules) * 1:22991 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (snort3-file-identify.rules) * 1:22992 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (snort3-file-identify.rules) * 1:22993 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (snort3-file-identify.rules) * 1:22994 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (snort3-file-identify.rules) * 1:22995 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (snort3-file-identify.rules) * 1:22996 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (snort3-file-identify.rules) * 1:22997 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (snort3-file-identify.rules) * 1:22998 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (snort3-file-identify.rules) * 1:22999 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (snort3-file-identify.rules) * 1:23000 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (snort3-file-identify.rules) * 1:23001 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (snort3-file-identify.rules) * 1:23002 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (snort3-file-identify.rules) * 1:23003 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (snort3-file-identify.rules) * 1:23011 <-> ENABLED <-> FILE-IDENTIFY Collada file download request (snort3-file-identify.rules) * 1:23012 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (snort3-file-identify.rules) * 1:23013 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (snort3-file-identify.rules) * 1:23167 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file download request (snort3-file-identify.rules) * 1:23168 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (snort3-file-identify.rules) * 1:23169 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (snort3-file-identify.rules) * 1:23188 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (snort3-file-identify.rules) * 1:23189 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (snort3-file-identify.rules) * 1:23190 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (snort3-file-identify.rules) * 1:23191 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (snort3-file-identify.rules) * 1:23192 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (snort3-file-identify.rules) * 1:23193 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (snort3-file-identify.rules) * 1:23194 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (snort3-file-identify.rules) * 1:23195 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (snort3-file-identify.rules) * 1:23196 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (snort3-file-identify.rules) * 1:23197 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (snort3-file-identify.rules) * 1:23198 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (snort3-file-identify.rules) * 1:23199 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (snort3-file-identify.rules) * 1:23200 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (snort3-file-identify.rules) * 1:23201 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (snort3-file-identify.rules) * 1:23202 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (snort3-file-identify.rules) * 1:23205 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (snort3-file-identify.rules) * 1:23206 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (snort3-file-identify.rules) * 1:23207 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (snort3-file-identify.rules) * 1:23208 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk Manager Interface initial banner (snort3-protocol-voip.rules) * 1:23224 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit landing page Requested - 8Digit.html (snort3-exploit-kit.rules) * 1:23319 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (snort3-file-identify.rules) * 1:23320 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (snort3-file-identify.rules) * 1:23321 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (snort3-file-identify.rules) * 1:23322 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (snort3-file-identify.rules) * 1:23347 <-> ENABLED <-> FILE-IDENTIFY Lotus file download request (snort3-file-identify.rules) * 1:23348 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (snort3-file-identify.rules) * 1:23349 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (snort3-file-identify.rules) * 1:23393 <-> ENABLED <-> SQL IBM SolidDB initial banner (snort3-sql.rules) * 1:23474 <-> ENABLED <-> FILE-IDENTIFY PLP file download request (snort3-file-identify.rules) * 1:23475 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (snort3-file-identify.rules) * 1:23476 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (snort3-file-identify.rules) * 1:23477 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (snort3-file-identify.rules) * 1:23486 <-> ENABLED <-> FILE-IDENTIFY JOB file download request (snort3-file-identify.rules) * 1:23487 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (snort3-file-identify.rules) * 1:23488 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (snort3-file-identify.rules) * 1:23496 <-> ENABLED <-> FILE-IDENTIFY CUR file download request (snort3-file-identify.rules) * 1:23497 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (snort3-file-identify.rules) * 1:23498 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (snort3-file-identify.rules) * 1:23605 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.xx - v2.xx file magic detected (snort3-file-identify.rules) * 1:23616 <-> ENABLED <-> APP-DETECT Amazon Kindle 3.0 User-Agent string requested (snort3-app-detect.rules) * 1:23637 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (snort3-file-identify.rules) * 1:23638 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (snort3-file-identify.rules) * 1:23639 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (snort3-file-identify.rules) * 1:23640 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (snort3-file-identify.rules) * 1:23642 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (snort3-file-identify.rules) * 1:23643 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (snort3-file-identify.rules) * 1:23644 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (snort3-file-identify.rules) * 1:23645 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (snort3-file-identify.rules) * 1:23646 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (snort3-file-identify.rules) * 1:23647 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (snort3-file-identify.rules) * 1:23648 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (snort3-file-identify.rules) * 1:23649 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (snort3-file-identify.rules) * 1:23650 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (snort3-file-identify.rules) * 1:23651 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (snort3-file-identify.rules) * 1:23652 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (snort3-file-identify.rules) * 1:23653 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (snort3-file-identify.rules) * 1:23654 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (snort3-file-identify.rules) * 1:23655 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (snort3-file-identify.rules) * 1:23656 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (snort3-file-identify.rules) * 1:23657 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (snort3-file-identify.rules) * 1:23658 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (snort3-file-identify.rules) * 1:23659 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (snort3-file-identify.rules) * 1:23660 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (snort3-file-identify.rules) * 1:23661 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (snort3-file-identify.rules) * 1:23662 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (snort3-file-identify.rules) * 1:23663 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (snort3-file-identify.rules) * 1:23664 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (snort3-file-identify.rules) * 1:23665 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (snort3-file-identify.rules) * 1:23666 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (snort3-file-identify.rules) * 1:23667 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (snort3-file-identify.rules) * 1:23668 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (snort3-file-identify.rules) * 1:23669 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (snort3-file-identify.rules) * 1:23670 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (snort3-file-identify.rules) * 1:23671 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (snort3-file-identify.rules) * 1:23672 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (snort3-file-identify.rules) * 1:23673 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (snort3-file-identify.rules) * 1:23674 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (snort3-file-identify.rules) * 1:23675 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (snort3-file-identify.rules) * 1:23676 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (snort3-file-identify.rules) * 1:23677 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (snort3-file-identify.rules) * 1:23678 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (snort3-file-identify.rules) * 1:23679 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (snort3-file-identify.rules) * 1:23680 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (snort3-file-identify.rules) * 1:23681 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (snort3-file-identify.rules) * 1:23682 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:23683 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:23684 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:23685 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:23687 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (snort3-file-identify.rules) * 1:23688 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (snort3-file-identify.rules) * 1:23689 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (snort3-file-identify.rules) * 1:23690 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (snort3-file-identify.rules) * 1:23691 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (snort3-file-identify.rules) * 1:23692 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (snort3-file-identify.rules) * 1:23693 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (snort3-file-identify.rules) * 1:23694 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (snort3-file-identify.rules) * 1:23695 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (snort3-file-identify.rules) * 1:23696 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (snort3-file-identify.rules) * 1:23697 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (snort3-file-identify.rules) * 1:23698 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (snort3-file-identify.rules) * 1:23701 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (snort3-file-identify.rules) * 1:23703 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (snort3-file-identify.rules) * 1:23707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (snort3-file-identify.rules) * 1:23709 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (snort3-file-identify.rules) * 1:23710 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (snort3-file-identify.rules) * 1:23711 <-> ENABLED <-> FILE-IDENTIFY OLE Document file magic detected (snort3-file-identify.rules) * 1:23712 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (snort3-file-identify.rules) * 1:23720 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (snort3-file-identify.rules) * 1:23721 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (snort3-file-identify.rules) * 1:23723 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (snort3-file-identify.rules) * 1:23724 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (snort3-file-identify.rules) * 1:23725 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (snort3-file-identify.rules) * 1:23726 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (snort3-file-identify.rules) * 1:23727 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (snort3-file-identify.rules) * 1:23728 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (snort3-file-identify.rules) * 1:23729 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (snort3-file-identify.rules) * 1:23730 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (snort3-file-identify.rules) * 1:23731 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (snort3-file-identify.rules) * 1:23732 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player .asf file magic detected (snort3-file-identify.rules) * 1:23733 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (snort3-file-identify.rules) * 1:23734 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (snort3-file-identify.rules) * 1:23735 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (snort3-file-identify.rules) * 1:23736 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (snort3-file-identify.rules) * 1:23737 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (snort3-file-identify.rules) * 1:23738 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:23739 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:23740 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:23741 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:23742 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:23743 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:23744 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:23745 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:23746 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:23747 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:23748 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (snort3-file-identify.rules) * 1:23749 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (snort3-file-identify.rules) * 1:23750 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (snort3-file-identify.rules) * 1:23751 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (snort3-file-identify.rules) * 1:23752 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (snort3-file-identify.rules) * 1:23753 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (snort3-file-identify.rules) * 1:23754 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (snort3-file-identify.rules) * 1:23755 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (snort3-file-identify.rules) * 1:23758 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (snort3-file-identify.rules) * 1:23759 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (snort3-file-identify.rules) * 1:23760 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (snort3-file-identify.rules) * 1:23761 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (snort3-file-identify.rules) * 1:23762 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (snort3-file-identify.rules) * 1:23763 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (snort3-file-identify.rules) * 1:23764 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (snort3-file-identify.rules) * 1:23765 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (snort3-file-identify.rules) * 1:23769 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (snort3-file-identify.rules) * 1:23770 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (snort3-file-identify.rules) * 1:23771 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (snort3-file-identify.rules) * 1:23772 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (snort3-file-identify.rules) * 1:23773 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (snort3-file-identify.rules) * 1:23774 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (snort3-file-identify.rules) * 1:23775 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (snort3-file-identify.rules) * 1:23776 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (snort3-file-identify.rules) * 1:23777 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.xx - v2.xx file magic detected (snort3-file-identify.rules) * 1:23807 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (snort3-file-identify.rules) * 1:23808 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (snort3-file-identify.rules) * 1:23809 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (snort3-file-identify.rules) * 1:23810 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (snort3-file-identify.rules) * 1:23811 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (snort3-file-identify.rules) * 1:23812 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (snort3-file-identify.rules) * 1:23813 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (snort3-file-identify.rules) * 1:23814 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (snort3-file-identify.rules) * 1:23815 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (snort3-file-identify.rules) * 1:23816 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (snort3-file-identify.rules) * 1:23817 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (snort3-file-identify.rules) * 1:23818 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (snort3-file-identify.rules) * 1:23819 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (snort3-file-identify.rules) * 1:23820 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (snort3-file-identify.rules) * 1:23821 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (snort3-file-identify.rules) * 1:23822 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (snort3-file-identify.rules) * 1:23823 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (snort3-file-identify.rules) * 1:23839 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long server name buffer overflow attempt (snort3-os-windows.rules) * 1:23849 <-> ENABLED <-> EXPLOIT-KIT Blackhole redirection attempt (snort3-exploit-kit.rules) * 1:23969 <-> ENABLED <-> OS-MOBILE Android SMSZombie APK file download (snort3-os-mobile.rules) * 1:24004 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (snort3-file-office.rules) * 1:24005 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (snort3-file-office.rules) * 1:24045 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file download request (snort3-file-identify.rules) * 1:24046 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (snort3-file-identify.rules) * 1:24047 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (snort3-file-identify.rules) * 1:24048 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file download request (snort3-file-identify.rules) * 1:24049 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (snort3-file-identify.rules) * 1:24050 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (snort3-file-identify.rules) * 1:24074 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (snort3-file-identify.rules) * 1:24075 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (snort3-file-identify.rules) * 1:24076 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (snort3-file-identify.rules) * 1:24078 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (snort3-file-identify.rules) * 1:24079 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (snort3-file-identify.rules) * 1:24080 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (snort3-file-identify.rules) * 1:24081 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (snort3-file-identify.rules) * 1:24089 <-> ENABLED <-> OS-WINDOWS Microsoft WebDAV PROPFIND request (snort3-os-windows.rules) * 1:24100 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (snort3-file-identify.rules) * 1:24101 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (snort3-file-identify.rules) * 1:2419 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .ram playlist file download request (snort3-file-identify.rules) * 1:24190 <-> ENABLED <-> FILE-IDENTIFY X PixMap file magic detected (snort3-file-identify.rules) * 1:2420 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rmp playlist file download request (snort3-file-identify.rules) * 1:24206 <-> ENABLED <-> FILE-IDENTIFY LZH archive file magic detected (snort3-file-identify.rules) * 1:24213 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (snort3-file-identify.rules) * 1:24218 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (snort3-file-identify.rules) * 1:24219 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (snort3-file-identify.rules) * 1:2422 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rt playlist file download request (snort3-file-identify.rules) * 1:2423 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rp playlist file download request (snort3-file-identify.rules) * 1:24284 <-> ENABLED <-> FILE-OFFICE Microsoft Office Drawing object code execution attempt (snort3-file-office.rules) * 1:24313 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent request attempt (snort3-server-webapp.rules) * 1:24359 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (snort3-os-windows.rules) * 1:2436 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file download request (snort3-file-identify.rules) * 1:24406 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MiniFlame variant outbound connection (snort3-malware-cnc.rules) * 1:24407 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MiniFlame variant outbound connection (snort3-malware-cnc.rules) * 1:24412 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (snort3-file-flash.rules) * 1:24413 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (snort3-file-flash.rules) * 1:24453 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (snort3-file-identify.rules) * 1:24454 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (snort3-file-identify.rules) * 1:24455 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (snort3-file-identify.rules) * 1:24456 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (snort3-file-identify.rules) * 1:24457 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (snort3-file-identify.rules) * 1:24458 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (snort3-file-identify.rules) * 1:24459 <-> ENABLED <-> FILE-IDENTIFY PSD file download request (snort3-file-identify.rules) * 1:24460 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (snort3-file-identify.rules) * 1:24461 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (snort3-file-identify.rules) * 1:24462 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (snort3-file-identify.rules) * 1:24463 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (snort3-file-identify.rules) * 1:24464 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (snort3-file-identify.rules) * 1:24465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (snort3-file-identify.rules) * 1:24466 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (snort3-file-identify.rules) * 1:24467 <-> ENABLED <-> FILE-IDENTIFY XCF file download request (snort3-file-identify.rules) * 1:24468 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (snort3-file-identify.rules) * 1:24469 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (snort3-file-identify.rules) * 1:24470 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (snort3-file-identify.rules) * 1:24471 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (snort3-file-identify.rules) * 1:24472 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (snort3-file-identify.rules) * 1:24473 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (snort3-file-identify.rules) * 1:24483 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (snort3-file-identify.rules) * 1:24484 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (snort3-file-identify.rules) * 1:24554 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (snort3-file-identify.rules) * 1:24555 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (snort3-file-identify.rules) * 1:24599 <-> ENABLED <-> FILE-IDENTIFY Alt-N MDaemon IMAP Server (snort3-file-identify.rules) * 1:24651 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file download request (snort3-file-identify.rules) * 1:24708 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file download request (snort3-file-identify.rules) * 1:24709 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (snort3-file-identify.rules) * 1:24710 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (snort3-file-identify.rules) * 1:24719 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP call state message offhook (snort3-protocol-voip.rules) * 1:24816 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (snort3-file-identify.rules) * 1:24817 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (snort3-file-identify.rules) * 1:24818 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (snort3-file-identify.rules) * 1:24819 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (snort3-file-identify.rules) * 1:24820 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file download request (snort3-file-identify.rules) * 1:24821 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (snort3-file-identify.rules) * 1:24822 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (snort3-file-identify.rules) * 1:24824 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file download request (snort3-file-identify.rules) * 1:24825 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (snort3-file-identify.rules) * 1:24826 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (snort3-file-identify.rules) * 1:24901 <-> ENABLED <-> FILE-IDENTIFY JNLP file download request (snort3-file-identify.rules) * 1:24902 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (snort3-file-identify.rules) * 1:24903 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (snort3-file-identify.rules) * 1:24972 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 find file and directory info request (snort3-netbios.rules) * 1:25014 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file magic detected (snort3-file-identify.rules) * 1:25032 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file download request (snort3-file-identify.rules) * 1:25033 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (snort3-file-identify.rules) * 1:25034 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (snort3-file-identify.rules) * 1:25041 <-> ENABLED <-> EXPLOIT-KIT Java User-Agent flowbit set (snort3-exploit-kit.rules) * 1:25062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (snort3-file-identify.rules) * 1:25305 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file magic detected (snort3-file-identify.rules) * 1:25306 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file download request (snort3-file-identify.rules) * 1:25307 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (snort3-file-identify.rules) * 1:25308 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (snort3-file-identify.rules) * 1:25373 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file download request (snort3-file-identify.rules) * 1:25374 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (snort3-file-identify.rules) * 1:25375 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (snort3-file-identify.rules) * 1:25516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (snort3-file-identify.rules) * 1:25517 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (snort3-file-identify.rules) * 1:25602 <-> ENABLED <-> SERVER-OTHER Sybase Open Server TDS login request (snort3-server-other.rules) * 1:25604 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file download request (snort3-file-identify.rules) * 1:25605 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (snort3-file-identify.rules) * 1:25606 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (snort3-file-identify.rules) * 1:25680 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player embedded compact font detected (snort3-file-identify.rules) * 1:25682 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player embedded compact font detected (snort3-file-identify.rules) * 1:25928 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (snort3-file-identify.rules) * 1:25929 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (snort3-file-identify.rules) * 1:25930 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (snort3-file-identify.rules) * 1:25931 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (snort3-file-identify.rules) * 1:25932 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (snort3-file-identify.rules) * 1:25933 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (snort3-file-identify.rules) * 1:25934 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (snort3-file-identify.rules) * 1:25935 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (snort3-file-identify.rules) * 1:25936 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (snort3-file-identify.rules) * 1:25937 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (snort3-file-identify.rules) * 1:25938 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (snort3-file-identify.rules) * 1:25939 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (snort3-file-identify.rules) * 1:25940 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (snort3-file-identify.rules) * 1:25941 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (snort3-file-identify.rules) * 1:25942 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (snort3-file-identify.rules) * 1:25943 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (snort3-file-identify.rules) * 1:34631 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file download request (snort3-file-identify.rules) * 1:40017 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file download request (snort3-file-identify.rules) * 1:28895 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (snort3-file-identify.rules) * 1:3137 <-> ENABLED <-> NETBIOS SMB-DS Trans2 QUERY_FILE_INFO attempt (snort3-netbios.rules) * 1:26061 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (snort3-file-identify.rules) * 1:26062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (snort3-file-identify.rules) * 1:32253 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file download request (snort3-file-identify.rules) * 1:31483 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt (snort3-server-other.rules) * 1:43002 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (snort3-protocol-other.rules) * 1:38852 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (snort3-file-identify.rules) * 1:26063 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file download request (snort3-file-identify.rules) * 1:42364 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (snort3-file-identify.rules) * 1:37786 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (snort3-file-identify.rules) * 1:40019 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (snort3-file-identify.rules) * 1:28610 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit exploit payload retreive attempt (snort3-exploit-kit.rules) * 1:30969 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Internet Explorer landing page (snort3-exploit-kit.rules) * 1:40391 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file download request (snort3-file-identify.rules) * 1:26064 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file attachment detected (snort3-file-identify.rules) * 1:28896 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file attachment detected (snort3-file-identify.rules) * 1:49514 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (snort3-malware-cnc.rules) * 1:33028 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file download request (snort3-file-identify.rules) * 1:42223 <-> ENABLED <-> FILE-IDENTIFY AOP file download request (snort3-file-identify.rules) * 1:36531 <-> ENABLED <-> FILE-IDENTIFY Oracle Java JMX management loading mlet detected (snort3-file-identify.rules) * 1:26516 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (snort3-file-identify.rules) * 1:40893 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (snort3-file-identify.rules) * 1:30758 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (snort3-file-identify.rules) * 1:4143 <-> ENABLED <-> SERVER-OTHER lpd receive printer job cascade adaptor protocol request (snort3-server-other.rules) * 1:44275 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (snort3-file-identify.rules) * 1:31675 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (snort3-file-flash.rules) * 1:26903 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (snort3-file-identify.rules) * 1:32947 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file download request (snort3-file-identify.rules) * 1:29006 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (snort3-file-identify.rules) * 1:26514 <-> ENABLED <-> FILE-IDENTIFY maplet file download attempt (snort3-file-identify.rules) * 1:43067 <-> ENABLED <-> PROTOCOL-IMAP IMAP CRAM-MD5 authentication attempt (snort3-protocol-imap.rules) * 1:33667 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (snort3-file-identify.rules) * 1:26065 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file attachment detected (snort3-file-identify.rules) * 1:40018 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (snort3-file-identify.rules) * 1:42367 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (snort3-file-identify.rules) * 1:35795 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (snort3-file-identify.rules) * 1:36711 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file attachment detected (snort3-file-identify.rules) * 1:3665 <-> ENABLED <-> SERVER-MYSQL server greeting (snort3-server-mysql.rules) * 1:28572 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (snort3-file-identify.rules) * 1:31776 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (snort3-file-identify.rules) * 1:31591 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (snort3-file-office.rules) * 1:32005 <-> ENABLED <-> MALWARE-BACKDOOR AlienSpy RAT outbound connection (snort3-malware-backdoor.rules) * 1:33641 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (snort3-file-identify.rules) * 1:39776 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (snort3-file-identify.rules) * 1:42918 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (snort3-file-identify.rules) * 1:31774 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (snort3-file-identify.rules) * 1:32946 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (snort3-file-identify.rules) * 1:30757 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (snort3-file-identify.rules) * 1:31676 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (snort3-file-flash.rules) * 1:26083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (snort3-file-identify.rules) * 1:28367 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (snort3-file-identify.rules) * 1:40387 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (snort3-file-identify.rules) * 1:34630 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (snort3-file-identify.rules) * 1:36058 <-> ENABLED <-> FILE-IDENTIFY OLE Document upload detected (snort3-file-identify.rules) * 1:35688 <-> ENABLED <-> PROTOCOL-OTHER MiniUPNP rootdesc.xml file request (snort3-protocol-other.rules) * 1:32945 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (snort3-file-identify.rules) * 1:34398 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download attempt (snort3-file-identify.rules) * 1:29514 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (snort3-os-windows.rules) * 1:32880 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound payload request (snort3-exploit-kit.rules) * 1:42260 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (snort3-file-identify.rules) * 1:40891 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file download request (snort3-file-identify.rules) * 1:26084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (snort3-file-identify.rules) * 1:35796 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (snort3-file-identify.rules) * 1:30532 <-> ENABLED <-> FILE-MULTIMEDIA CoCSoft Stream Download session (snort3-file-multimedia.rules) * 1:48553 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file download request (snort3-file-identify.rules) * 1:40980 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (snort3-file-identify.rules) * 1:26904 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (snort3-file-identify.rules) * 1:32525 <-> ENABLED <-> BROWSER-OTHER FreeBSD tnftp client detected (snort3-browser-other.rules) * 1:31484 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt (snort3-server-other.rules) * 1:29613 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (snort3-file-identify.rules) * 1:35456 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (snort3-file-identify.rules) * 1:28570 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (snort3-file-identify.rules) * 1:35852 <-> ENABLED <-> FILE-IDENTIFY JPEG file upload detected (snort3-file-identify.rules) * 1:26059 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (snort3-file-identify.rules) * 1:42363 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (snort3-file-identify.rules) * 1:28901 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file download request (snort3-file-identify.rules) * 1:35797 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file download request (snort3-file-identify.rules) * 1:27276 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (snort3-file-identify.rules) * 1:40908 <-> ENABLED <-> SERVER-OTHER Foscam C1 backdoor account ftp login attempt (snort3-server-other.rules) * 1:29384 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file download request (snort3-file-identify.rules) * 1:36748 <-> ENABLED <-> FILE-IDENTIFY TTF file attachment detected (snort3-file-identify.rules) * 1:33642 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (snort3-file-identify.rules) * 1:26085 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (snort3-file-identify.rules) * 1:28573 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (snort3-file-identify.rules) * 1:28383 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (snort3-file-identify.rules) * 1:29275 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (snort3-file-identify.rules) * 1:29276 <-> ENABLED <-> FILE-IDENTIFY XFDL file download request (snort3-file-identify.rules) * 1:35432 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (snort3-file-identify.rules) * 1:27542 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (snort3-file-identify.rules) * 1:49516 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (snort3-malware-cnc.rules) * 1:42332 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant ping command (snort3-malware-cnc.rules) * 1:27121 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (snort3-server-other.rules) * 1:38461 <-> ENABLED <-> OS-WINDOWS DCERPC Bind auth level packet privacy connection detected (snort3-os-windows.rules) * 1:39903 <-> ENABLED <-> FILE-OFFICE Microsoft Windows RTF file with embedded object package SMTP upload attempt (snort3-file-office.rules) * 1:34629 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (snort3-file-identify.rules) * 1:49517 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (snort3-malware-cnc.rules) * 1:26902 <-> ENABLED <-> FILE-IDENTIFY Android APK download request (snort3-file-identify.rules) * 1:40021 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (snort3-file-identify.rules) * 1:40035 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (snort3-file-identify.rules) * 1:40892 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (snort3-file-identify.rules) * 1:27022 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (snort3-malware-cnc.rules) * 1:46393 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file detected (snort3-file-identify.rules) * 1:26126 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file download request (snort3-file-identify.rules) * 1:42256 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB anonymous user session setup request detected (snort3-os-windows.rules) * 1:26127 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (snort3-file-identify.rules) * 1:3141 <-> ENABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 attempt (snort3-netbios.rules) * 1:32251 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (snort3-file-identify.rules) * 1:26128 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (snort3-file-identify.rules) * 1:40120 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file attachment detected (snort3-file-identify.rules) * 1:42257 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (snort3-file-identify.rules) * 1:29614 <-> ENABLED <-> FILE-IDENTIFY XPS file download request (snort3-file-identify.rules) * 1:35457 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (snort3-file-identify.rules) * 1:40036 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (snort3-file-identify.rules) * 1:28497 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file magic detected (snort3-file-identify.rules) * 1:34396 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (snort3-file-identify.rules) * 1:30759 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (snort3-file-identify.rules) * 1:44441 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (snort3-file-identify.rules) * 1:31702 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (snort3-file-identify.rules) * 1:26494 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (snort3-file-identify.rules) * 1:28369 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (snort3-file-identify.rules) * 1:31871 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (snort3-file-identify.rules) * 1:32616 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (snort3-file-identify.rules) * 1:32252 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (snort3-file-identify.rules) * 1:44165 <-> ENABLED <-> SERVER-WEBAPP websocket protocol upgrade request detected (snort3-server-webapp.rules) * 1:26206 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file download request (snort3-file-identify.rules) * 1:43080 <-> ENABLED <-> BROWSER-OTHER Foscam IP Camera User-Agent string detected (snort3-browser-other.rules) * 1:29385 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (snort3-file-identify.rules) * 1:26207 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (snort3-file-identify.rules) * 1:28384 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (snort3-file-identify.rules) * 1:26515 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (snort3-file-identify.rules) * 1:37546 <-> ENABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager connection attempt (snort3-server-other.rules) * 1:37784 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (snort3-file-identify.rules) * 1:42368 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (snort3-file-identify.rules) * 1:41081 <-> ENABLED <-> SERVER-OTHER Tarantool initial connection banner detected (snort3-server-other.rules) * 1:40065 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NFS Server NULL pointer dereference denial-of-service attempt (snort3-os-windows.rules) * 1:32878 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (snort3-exploit-kit.rules) * 1:38306 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (snort3-file-identify.rules) * 1:40390 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (snort3-file-identify.rules) * 1:31703 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (snort3-file-identify.rules) * 1:32134 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (snort3-file-identify.rules) * 1:40981 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (snort3-file-identify.rules) * 1:29752 <-> ENABLED <-> SERVER-WEBAPP HP Intelligent Management Center SOM authentication bypass attempt (snort3-server-webapp.rules) * 1:35247 <-> ENABLED <-> FILE-IDENTIFY GNI file download request (snort3-file-identify.rules) * 1:30018 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file download request (snort3-file-identify.rules) * 1:30017 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (snort3-file-identify.rules) * 1:38866 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (snort3-file-identify.rules) * 1:38864 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (snort3-file-identify.rules) * 1:28370 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (snort3-file-identify.rules) * 1:3142 <-> ENABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 andx attempt (snort3-netbios.rules) * 1:35980 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (snort3-file-identify.rules) * 1:30760 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file download request (snort3-file-identify.rules) * 1:29405 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (snort3-file-identify.rules) * 1:28898 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (snort3-file-identify.rules) * 1:3136 <-> ENABLED <-> NETBIOS SMB Trans2 QUERY_FILE_INFO andx attempt (snort3-netbios.rules) * 1:33026 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (snort3-file-identify.rules) * 1:38855 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (snort3-file-identify.rules) * 1:38851 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file download request (snort3-file-identify.rules) * 1:35459 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file download request (snort3-file-identify.rules) * 1:26208 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (snort3-file-identify.rules) * 1:30972 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Silverlight landing page (snort3-exploit-kit.rules) * 1:48555 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (snort3-file-identify.rules) * 1:48554 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (snort3-file-identify.rules) * 1:28425 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (snort3-os-windows.rules) * 1:28382 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index file download request (snort3-file-identify.rules) * 1:35455 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (snort3-file-identify.rules) * 1:32380 <-> ENABLED <-> FILE-IDENTIFY dib file attachment detected (snort3-file-identify.rules) * 1:39778 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file download request (snort3-file-identify.rules) * 1:43364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (snort3-file-identify.rules) * 1:37418 <-> ENABLED <-> MALWARE-BACKDOOR Adzok RAT inbound connection (snort3-malware-backdoor.rules) * 1:40389 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (snort3-file-identify.rules) * 1:38292 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (snort3-file-identify.rules) * 1:36815 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO incoming token detected (snort3-server-other.rules) * 1:49515 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (snort3-malware-cnc.rules) * 1:26251 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (snort3-file-identify.rules) * 1:40119 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file attachment detected (snort3-file-identify.rules) * 1:36816 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 IAKERB outbound token detected (snort3-server-other.rules) * 1:30014 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (snort3-file-identify.rules) * 1:26429 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP malformed onStatus message type confusion attempt (snort3-file-flash.rules) * 1:3551 <-> ENABLED <-> FILE-IDENTIFY HTA file download request (snort3-file-identify.rules) * 1:35981 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (snort3-file-identify.rules) * 1:27277 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file download request (snort3-file-identify.rules) * 1:43891 <-> ENABLED <-> MALWARE-OTHER Win.Malware.Emotet variant lateral propagation (snort3-malware-other.rules) * 1:29406 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (snort3-file-identify.rules) * 1:46367 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file download detected (snort3-file-identify.rules) * 1:28900 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (snort3-file-identify.rules) * 1:28507 <-> ENABLED <-> FILE-IDENTIFY Microsoft Write file download file attachment detected (snort3-file-identify.rules) * 1:40388 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (snort3-file-identify.rules) * 1:32617 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (snort3-file-identify.rules) * 1:40979 <-> ENABLED <-> FILE-IDENTIFY ico file download request (snort3-file-identify.rules) * 1:26458 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file download request (snort3-file-identify.rules) * 1:35250 <-> ENABLED <-> FILE-IDENTIFY GNI file magic detected (snort3-file-identify.rules) * 1:42258 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (snort3-file-identify.rules) * 1:32877 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (snort3-exploit-kit.rules) * 1:42366 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (snort3-file-identify.rules) * 1:30016 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (snort3-file-identify.rules) * 1:29008 <-> ENABLED <-> FILE-IDENTIFY XWD image file download request (snort3-file-identify.rules) * 1:45515 <-> ENABLED <-> NETBIOS SMB SESSION_SETUP subcommand detected (snort3-netbios.rules) * 1:29407 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file download request (snort3-file-identify.rules) * 1:37787 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (snort3-file-identify.rules) * 1:27275 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (snort3-file-identify.rules) * 1:28574 <-> ENABLED <-> FILE-IDENTIFY FDF file download request (snort3-file-identify.rules) * 1:28894 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (snort3-file-identify.rules) * 1:31773 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (snort3-file-identify.rules) * 1:26465 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (snort3-file-identify.rules) * 1:44030 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint ppt file attachment detected file attachment detected (snort3-file-identify.rules) * 1:42259 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (snort3-file-identify.rules) * 1:40118 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file download request (snort3-file-identify.rules) * 1:27543 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (snort3-file-identify.rules) * 1:32135 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (snort3-file-identify.rules) * 1:32165 <-> ENABLED <-> FILE-IDENTIFY SVG file magic detected (snort3-file-identify.rules) * 1:26060 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (snort3-file-identify.rules) * 1:32618 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file download request (snort3-file-identify.rules) * 1:42262 <-> ENABLED <-> FILE-IDENTIFY ISO file download request (snort3-file-identify.rules) * 1:26466 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (snort3-file-identify.rules) * 1:32378 <-> ENABLED <-> FILE-IDENTIFY bmp file attachment detected (snort3-file-identify.rules) * 1:42261 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (snort3-file-identify.rules) * 1:26492 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file download request (snort3-file-identify.rules) * 1:3135 <-> ENABLED <-> NETBIOS SMB Trans2 QUERY_FILE_INFO attempt (snort3-netbios.rules) * 1:31775 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (snort3-file-identify.rules) * 1:28508 <-> ENABLED <-> FILE-IDENTIFY Microsoft Write file download file attachment detected (snort3-file-identify.rules) * 1:39777 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (snort3-file-identify.rules) * 1:42370 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (snort3-file-identify.rules) * 1:31481 <-> ENABLED <-> SERVER-OTHER OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt (snort3-server-other.rules) * 1:40020 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (snort3-file-identify.rules) * 1:33640 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file download request (snort3-file-identify.rules) * 1:37785 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (snort3-file-identify.rules) * 1:35249 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (snort3-file-identify.rules) * 1:33221 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (snort3-malware-cnc.rules) * 1:38291 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (snort3-file-identify.rules) * 1:31482 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt (snort3-server-other.rules) * 1:38862 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file download request (snort3-file-identify.rules) * 1:33666 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file download request (snort3-file-identify.rules) * 1:42369 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (snort3-file-identify.rules) * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (snort3-policy-other.rules) * 1:48556 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (snort3-file-identify.rules) * 1:26493 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (snort3-file-identify.rules) * 1:33825 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (snort3-os-windows.rules) * 1:30015 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (snort3-file-identify.rules) * 1:33027 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (snort3-file-identify.rules) * 1:38307 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (snort3-file-identify.rules) * 1:46394 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file attachment detected (snort3-file-identify.rules) * 1:26517 <-> ENABLED <-> FILE-IDENTIFY maplet bin file download attempt (snort3-file-identify.rules) * 1:38865 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (snort3-file-identify.rules) * 1:35433 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (snort3-file-identify.rules) * 1:29007 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (snort3-file-identify.rules) * 1:29612 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (snort3-file-identify.rules) * 1:49513 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (snort3-malware-cnc.rules) * 1:29274 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (snort3-file-identify.rules) * 1:3139 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 attempt (snort3-netbios.rules) * 1:49495 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (snort3-file-office.rules) * 1:44442 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (snort3-file-identify.rules) * 1:42371 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (snort3-file-identify.rules) * 1:49512 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (snort3-malware-cnc.rules) * 1:35248 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (snort3-file-identify.rules) * 1:49497 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (snort3-file-office.rules) * 1:43099 <-> ENABLED <-> SERVER-WEBAPP Simple SCADA web-socket connection initialization attempt (snort3-server-webapp.rules) * 1:37788 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file download request (snort3-file-identify.rules) * 1:34395 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (snort3-file-identify.rules) * 1:43003 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (snort3-protocol-other.rules) * 1:38863 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (snort3-file-identify.rules) * 1:38853 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (snort3-file-identify.rules) * 1:42072 <-> DISABLED <-> SERVER-WEBAPP Aultware pwStore denial of service attempt (snort3-server-webapp.rules) * 1:35458 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (snort3-file-identify.rules) * 1:30756 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (snort3-file-identify.rules) * 1:28368 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (snort3-file-identify.rules) * 1:29439 <-> ENABLED <-> FILE-IDENTIFY MSI file download request (snort3-file-identify.rules) * 1:42365 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (snort3-file-identify.rules) * 1:50875 <-> ENABLED <-> FILE-IDENTIFY Fax Cover Page file magic detected (snort3-file-identify.rules) * 1:10097 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (snort3-malware-other.rules) * 1:28899 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (snort3-file-identify.rules) * 1:10455 <-> ENABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (snort3-malware-backdoor.rules) * 1:10103 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (snort3-malware-backdoor.rules) * 1:10460 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - get system info (snort3-malware-backdoor.rules) * 1:10450 <-> ENABLED <-> MALWARE-BACKDOOR only 1 rat runtime detection - control command (snort3-malware-backdoor.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53984 <-> DISABLED <-> OS-WINDOWS Windows print spooler elevation of privilege attempt (os-windows.rules) * 1:53972 <-> ENABLED <-> MALWARE-OTHER CobaltStrike beacon.dll DNS download attempt (malware-other.rules) * 1:53983 <-> ENABLED <-> OS-WINDOWS Windows print spooler elevation of privilege attempt (os-windows.rules) * 1:53976 <-> DISABLED <-> BROWSER-WEBKIT WebKit use-after-free remote code execution attempt (browser-webkit.rules) * 1:53971 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andariel outbound connection attempt (malware-cnc.rules) * 1:53969 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules) * 1:53962 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7783851-0 download attempt (malware-other.rules) * 1:53977 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules) * 1:53982 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Palevo-7785322-0 download attempt (malware-other.rules) * 1:53975 <-> DISABLED <-> INDICATOR-COMPROMISE CobaltStrike multiple large DNS TXT query responses (indicator-compromise.rules) * 1:53974 <-> DISABLED <-> MALWARE-OTHER CobaltStrike powershell web delivery attempt (malware-other.rules) * 1:53978 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules) * 1:53981 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Palevo-7785322-0 download attempt (malware-other.rules) * 1:53965 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784063-0 download attempt (malware-other.rules) * 1:53967 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules) * 1:53970 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules) * 1:53968 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules) * 1:53973 <-> DISABLED <-> MALWARE-OTHER CobaltStrike powershell web delivery attempt (malware-other.rules) * 1:53961 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7783851-0 download attempt (malware-other.rules) * 1:53960 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif malicious outbound connection attempt - gravity generated detection (malware-other.rules) * 1:53979 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-7784396-0 download attempt (malware-other.rules) * 1:53966 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784063-0 download attempt (malware-other.rules) * 1:53980 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-7784396-0 download attempt (malware-other.rules) * 1:53964 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784064-0 download attempt (malware-other.rules) * 1:53963 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784064-0 download attempt (malware-other.rules)
* 1:26064 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file attachment detected (file-identify.rules) * 1:35458 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules) * 1:23003 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules) * 1:26126 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file download request (file-identify.rules) * 1:3135 <-> ENABLED <-> NETBIOS SMB Trans2 QUERY_FILE_INFO attempt (netbios.rules) * 1:26084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:32380 <-> ENABLED <-> FILE-IDENTIFY dib file attachment detected (file-identify.rules) * 1:30969 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Internet Explorer landing page (exploit-kit.rules) * 1:48556 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules) * 1:26060 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules) * 1:26208 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (file-identify.rules) * 1:26517 <-> ENABLED <-> FILE-IDENTIFY maplet bin file download attempt (file-identify.rules) * 1:49791 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:35795 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (file-identify.rules) * 1:31702 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:40036 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules) * 1:28570 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules) * 1:40065 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NFS Server NULL pointer dereference denial-of-service attempt (os-windows.rules) * 1:26058 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:41081 <-> ENABLED <-> SERVER-OTHER Tarantool initial connection banner detected (server-other.rules) * 1:28896 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file attachment detected (file-identify.rules) * 1:26251 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:28574 <-> ENABLED <-> FILE-IDENTIFY FDF file download request (file-identify.rules) * 1:32251 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules) * 1:49518 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:44442 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (file-identify.rules) * 1:32165 <-> ENABLED <-> FILE-IDENTIFY SVG file magic detected (file-identify.rules) * 1:23190 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:38866 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules) * 1:30016 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules) * 1:34396 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules) * 1:42918 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:29384 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file download request (file-identify.rules) * 1:29614 <-> ENABLED <-> FILE-IDENTIFY XPS file download request (file-identify.rules) * 1:26062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:35459 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file download request (file-identify.rules) * 1:32880 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound payload request (exploit-kit.rules) * 1:40387 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (file-identify.rules) * 1:37786 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules) * 1:26063 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file download request (file-identify.rules) * 1:28898 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules) * 1:23167 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file download request (file-identify.rules) * 1:33028 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file download request (file-identify.rules) * 1:42072 <-> DISABLED <-> SERVER-WEBAPP Aultware pwStore denial of service attempt (server-webapp.rules) * 1:32252 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules) * 1:31774 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:42365 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:42369 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:33666 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file download request (file-identify.rules) * 1:3142 <-> ENABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 andx attempt (netbios.rules) * 1:28897 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules) * 1:31591 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules) * 1:35688 <-> ENABLED <-> PROTOCOL-OTHER MiniUPNP rootdesc.xml file request (protocol-other.rules) * 1:29006 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (file-identify.rules) * 1:40120 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file attachment detected (file-identify.rules) * 1:30017 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules) * 1:31483 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:6010 <-> ENABLED <-> SERVER-OTHER VERITAS NetBackup vnetd connection attempt (server-other.rules) * 1:35457 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules) * 1:40019 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules) * 1:26458 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file download request (file-identify.rules) * 1:28571 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules) * 1:26085 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:42262 <-> ENABLED <-> FILE-IDENTIFY ISO file download request (file-identify.rules) * 1:30757 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:28370 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules) * 1:28572 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules) * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:31871 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules) * 1:29752 <-> ENABLED <-> SERVER-WEBAPP HP Intelligent Management Center SOM authentication bypass attempt (server-webapp.rules) * 1:42261 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (file-identify.rules) * 1:35852 <-> ENABLED <-> FILE-IDENTIFY JPEG file upload detected (file-identify.rules) * 1:26644 <-> ENABLED <-> SERVER-OTHER SSL TLS DEFLATE compression detected (server-other.rules) * 1:27121 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules) * 1:34397 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download request (file-identify.rules) * 1:40018 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules) * 1:32617 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (file-identify.rules) * 1:29386 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules) * 1:46394 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file attachment detected (file-identify.rules) * 1:45515 <-> ENABLED <-> NETBIOS SMB SESSION_SETUP subcommand detected (netbios.rules) * 1:30759 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:46367 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file download detected (file-identify.rules) * 1:42370 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:31676 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules) * 1:42223 <-> ENABLED <-> FILE-IDENTIFY AOP file download request (file-identify.rules) * 1:34631 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file download request (file-identify.rules) * 1:28899 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules) * 1:39903 <-> ENABLED <-> FILE-OFFICE Microsoft Windows RTF file with embedded object package SMTP upload attempt (file-office.rules) * 1:36531 <-> ENABLED <-> FILE-IDENTIFY Oracle Java JMX management loading mlet detected (file-identify.rules) * 1:39778 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file download request (file-identify.rules) * 1:32618 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file download request (file-identify.rules) * 1:38291 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (file-identify.rules) * 1:31703 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:43080 <-> ENABLED <-> BROWSER-OTHER Foscam IP Camera User-Agent string detected (browser-other.rules) * 1:38854 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (file-identify.rules) * 1:42256 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB anonymous user session setup request detected (os-windows.rules) * 1:40981 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules) * 1:29008 <-> ENABLED <-> FILE-IDENTIFY XWD image file download request (file-identify.rules) * 1:29385 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules) * 1:27542 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules) * 1:3137 <-> ENABLED <-> NETBIOS SMB-DS Trans2 QUERY_FILE_INFO attempt (netbios.rules) * 1:49514 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:38851 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file download request (file-identify.rules) * 1:39776 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (file-identify.rules) * 1:35979 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file download request (file-identify.rules) * 1:40390 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (file-identify.rules) * 1:29274 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules) * 1:27275 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules) * 1:40908 <-> ENABLED <-> SERVER-OTHER Foscam C1 backdoor account ftp login attempt (server-other.rules) * 1:44275 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:33641 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (file-identify.rules) * 1:33640 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file download request (file-identify.rules) * 1:30758 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:29613 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules) * 1:51992 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:26057 <-> ENABLED <-> FILE-IDENTIFY ZIP file download detected (file-identify.rules) * 1:28382 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index file download request (file-identify.rules) * 1:48553 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file download request (file-identify.rules) * 1:30014 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules) * 1:26492 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file download request (file-identify.rules) * 1:28894 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules) * 1:40388 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (file-identify.rules) * 1:7106 <-> ENABLED <-> MALWARE-BACKDOOR girlfriend runtime detection (malware-backdoor.rules) * 1:26493 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules) * 1:48554 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules) * 1:35797 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file download request (file-identify.rules) * 1:39777 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (file-identify.rules) * 1:44165 <-> ENABLED <-> SERVER-WEBAPP websocket protocol upgrade request detected (server-webapp.rules) * 1:29007 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (file-identify.rules) * 1:28497 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file magic detected (file-identify.rules) * 1:40892 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (file-identify.rules) * 1:38852 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (file-identify.rules) * 1:38306 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (file-identify.rules) * 1:28383 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (file-identify.rules) * 1:28895 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules) * 1:34629 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules) * 1:35433 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules) * 1:29514 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules) * 1:33668 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (file-identify.rules) * 1:43364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:38863 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules) * 1:44030 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint ppt file attachment detected file attachment detected (file-identify.rules) * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules) * 1:3141 <-> ENABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 attempt (netbios.rules) * 1:42257 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (file-identify.rules) * 1:37788 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file download request (file-identify.rules) * 1:27277 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file download request (file-identify.rules) * 1:33667 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (file-identify.rules) * 1:28367 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules) * 1:40119 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file attachment detected (file-identify.rules) * 1:42364 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:46393 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file detected (file-identify.rules) * 1:33221 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules) * 1:32253 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file download request (file-identify.rules) * 1:31776 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:43067 <-> ENABLED <-> PROTOCOL-IMAP IMAP CRAM-MD5 authentication attempt (protocol-imap.rules) * 1:35980 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (file-identify.rules) * 1:31773 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:4143 <-> ENABLED <-> SERVER-OTHER lpd receive printer job cascade adaptor protocol request (server-other.rules) * 1:26206 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file download request (file-identify.rules) * 1:26083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:38307 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (file-identify.rules) * 1:32878 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules) * 1:28368 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules) * 1:36058 <-> ENABLED <-> FILE-IDENTIFY OLE Document upload detected (file-identify.rules) * 1:44231 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word doc file attachment detected (file-identify.rules) * 1:37418 <-> ENABLED <-> MALWARE-BACKDOOR Adzok RAT inbound connection (malware-backdoor.rules) * 1:43002 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules) * 1:31675 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules) * 1:37787 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules) * 1:40035 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules) * 1:28507 <-> ENABLED <-> FILE-IDENTIFY Microsoft Write file download file attachment detected (file-identify.rules) * 1:29612 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules) * 1:33026 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules) * 1:34395 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules) * 1:49516 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:32378 <-> ENABLED <-> FILE-IDENTIFY bmp file attachment detected (file-identify.rules) * 1:3665 <-> ENABLED <-> SERVER-MYSQL server greeting (server-mysql.rules) * 1:38853 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (file-identify.rules) * 1:35248 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (file-identify.rules) * 1:40891 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file download request (file-identify.rules) * 1:3139 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 attempt (netbios.rules) * 1:32005 <-> ENABLED <-> MALWARE-BACKDOOR AlienSpy RAT outbound connection (malware-backdoor.rules) * 1:26128 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules) * 1:42332 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant ping command (malware-cnc.rules) * 1:30760 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file download request (file-identify.rules) * 1:26514 <-> ENABLED <-> FILE-IDENTIFY maplet file download attempt (file-identify.rules) * 1:29162 <-> ENABLED <-> FILE-IDENTIFY CIS file download request (file-identify.rules) * 1:42258 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:35250 <-> ENABLED <-> FILE-IDENTIFY GNI file magic detected (file-identify.rules) * 1:32947 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file download request (file-identify.rules) * 1:37785 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules) * 1:43003 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules) * 1:28425 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules) * 1:26465 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules) * 1:32946 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (file-identify.rules) * 1:26429 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP malformed onStatus message type confusion attempt (file-flash.rules) * 1:35981 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (file-identify.rules) * 1:38862 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file download request (file-identify.rules) * 1:42260 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:27022 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules) * 1:44441 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (file-identify.rules) * 1:35247 <-> ENABLED <-> FILE-IDENTIFY GNI file download request (file-identify.rules) * 1:29405 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules) * 1:49515 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:27543 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules) * 1:29406 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules) * 1:30756 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:28369 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules) * 1:30972 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Silverlight landing page (exploit-kit.rules) * 1:35456 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules) * 1:27276 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules) * 1:49497 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:26127 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules) * 1:25945 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:40017 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file download request (file-identify.rules) * 1:49517 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:53861 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Astaroth outbound beacon (malware-cnc.rules) * 1:26207 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (file-identify.rules) * 1:33642 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (file-identify.rules) * 1:50875 <-> ENABLED <-> FILE-IDENTIFY Fax Cover Page file magic detected (file-identify.rules) * 1:31484 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:49793 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49792 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:51994 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:49520 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:29439 <-> ENABLED <-> FILE-IDENTIFY MSI file download request (file-identify.rules) * 1:31482 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:34630 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules) * 1:36815 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO incoming token detected (server-other.rules) * 1:38292 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (file-identify.rules) * 1:35249 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (file-identify.rules) * 1:42366 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:42363 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:26516 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (file-identify.rules) * 1:40389 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (file-identify.rules) * 1:28610 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit exploit payload retreive attempt (exploit-kit.rules) * 1:29276 <-> ENABLED <-> FILE-IDENTIFY XFDL file download request (file-identify.rules) * 1:26515 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (file-identify.rules) * 1:28384 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (file-identify.rules) * 1:32525 <-> ENABLED <-> BROWSER-OTHER FreeBSD tnftp client detected (browser-other.rules) * 1:26061 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:26494 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules) * 1:3140 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 andx attempt (netbios.rules) * 1:38855 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (file-identify.rules) * 1:28573 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules) * 1:31775 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:42371 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:40391 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file download request (file-identify.rules) * 1:48555 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules) * 1:42368 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:35455 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules) * 1:40021 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules) * 1:38865 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules) * 1:43363 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:40118 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file download request (file-identify.rules) * 1:32877 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules) * 1:31481 <-> ENABLED <-> SERVER-OTHER OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:10097 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules) * 1:10103 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules) * 1:10110 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.1.2 runtime detection (malware-backdoor.rules) * 1:10455 <-> ENABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (malware-backdoor.rules) * 1:10462 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - explorer (malware-backdoor.rules) * 1:10099 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules) * 1:11322 <-> ENABLED <-> MALWARE-BACKDOOR sohoanywhere runtime detection (malware-backdoor.rules) * 1:10104 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules) * 1:11953 <-> ENABLED <-> MALWARE-BACKDOOR supervisor plus runtime detection (malware-backdoor.rules) * 1:10450 <-> ENABLED <-> MALWARE-BACKDOOR only 1 rat runtime detection - control command (malware-backdoor.rules) * 1:12129 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - get sys info (malware-other.rules) * 1:10460 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - get system info (malware-backdoor.rules) * 1:12133 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - open url (malware-other.rules) * 1:11004 <-> ENABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication request detected (protocol-imap.rules) * 1:12142 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - init connection (malware-backdoor.rules) * 1:11835 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules) * 1:12146 <-> ENABLED <-> MALWARE-BACKDOOR blue eye 1.0b runtime detection - init connection (malware-backdoor.rules) * 1:12054 <-> ENABLED <-> MALWARE-BACKDOOR tron runtime detection - init connection - flowbit set (malware-backdoor.rules) * 1:12150 <-> ENABLED <-> MALWARE-BACKDOOR cafeini 1.0 runtime detection - init connection (malware-backdoor.rules) * 1:12131 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - keylogging (malware-other.rules) * 1:12154 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules) * 1:12135 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - fun (malware-other.rules) * 1:12157 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules) * 1:12144 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - rpc setup (malware-backdoor.rules) * 1:12161 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules) * 1:12148 <-> ENABLED <-> MALWARE-BACKDOOR back orifice 2006 - v1.1.5 runtime detection - init connection (malware-backdoor.rules) * 1:12182 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules) * 1:12153 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules) * 1:12235 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with password (malware-backdoor.rules) * 1:12156 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules) * 1:12240 <-> ENABLED <-> MALWARE-BACKDOOR genie 1.7 runtime detection - init connection (malware-backdoor.rules) * 1:12160 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules) * 1:12283 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules) * 1:12163 <-> ENABLED <-> MALWARE-BACKDOOR cobra uploader 1.0 runtime detection (malware-backdoor.rules) * 1:12373 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - initial connection (malware-backdoor.rules) * 1:12233 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with no password (malware-backdoor.rules) * 1:12377 <-> ENABLED <-> MALWARE-BACKDOOR shark 2.3.2 runtime detection (malware-backdoor.rules) * 1:12237 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - ftp (malware-backdoor.rules) * 1:12455 <-> ENABLED <-> FILE-IDENTIFY SAP Crystal Reports file download request (file-identify.rules) * 1:12242 <-> ENABLED <-> MALWARE-BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (malware-backdoor.rules) * 1:12724 <-> ENABLED <-> MALWARE-BACKDOOR dark moon 4.11 runtime detection (malware-backdoor.rules) * 1:12297 <-> ENABLED <-> MALWARE-BACKDOOR bifrost v1.2.1 runtime detection (malware-backdoor.rules) * 1:12758 <-> ENABLED <-> MALWARE-OTHER Keylogger/RAT digi watcher 2.32 runtime detection (malware-other.rules) * 1:12375 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - login & remote control (malware-backdoor.rules) * 1:12792 <-> ENABLED <-> MALWARE-OTHER Keylogger spy lantern Keylogger pro 6.0 runtime detection (malware-other.rules) * 1:12454 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules) * 1:13236 <-> ENABLED <-> MALWARE-OTHER Keylogger active Keylogger 3.9.2 runtime detection (malware-other.rules) * 1:12699 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.3.0 runtime detection - init connection (malware-backdoor.rules) * 1:13247 <-> ENABLED <-> MALWARE-BACKDOOR yuri 1.2 runtime detection - init connection (malware-backdoor.rules) * 1:12726 <-> ENABLED <-> MALWARE-BACKDOOR bandook 1.35 runtime detection (malware-backdoor.rules) * 1:13280 <-> ENABLED <-> MALWARE-OTHER Keylogger email spy monitor 6.9 runtime detection (malware-other.rules) * 1:12760 <-> ENABLED <-> MALWARE-OTHER Keylogger powered Keylogger 2.2 runtime detection (malware-other.rules) * 1:13465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file download request (file-identify.rules) * 1:12972 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player asf/wmv/wma file magic detected (file-identify.rules) * 1:13483 <-> ENABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - updates automatically (pua-toolbars.rules) * 1:13243 <-> ENABLED <-> MALWARE-OTHER Keylogger computer monitor 1.1 by lastcomfort runtime detection (malware-other.rules) * 1:13515 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime user agent (file-multimedia.rules) * 1:13278 <-> ENABLED <-> MALWARE-OTHER Keylogger advanced spy 4.0 runtime detection (malware-other.rules) * 1:13584 <-> ENABLED <-> FILE-IDENTIFY CSV file download request (file-identify.rules) * 1:13346 <-> ENABLED <-> PUA-ADWARE Snoopware remote desktop inspector outbound connection - init connection (pua-adware.rules) * 1:13767 <-> ENABLED <-> MALWARE-OTHER Keylogger cyber sitter runtime detection (malware-other.rules) * 1:13479 <-> ENABLED <-> MALWARE-OTHER Keylogger findnot guarddog 4.0 runtime detection (malware-other.rules) * 1:13801 <-> ENABLED <-> FILE-IDENTIFY RTF file download request (file-identify.rules) * 1:13506 <-> ENABLED <-> MALWARE-BACKDOOR evilotus 1.3.2 runtime detection - init connection (malware-backdoor.rules) * 1:13915 <-> ENABLED <-> FILE-IDENTIFY BAK file download request (file-identify.rules) * 1:13583 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file download request (file-identify.rules) * 1:13943 <-> ENABLED <-> PUA-ADWARE Trickler dropper agent.rqg outbound connection (pua-adware.rules) * 1:13585 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules) * 1:14017 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file download request (file-identify.rules) * 1:13797 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules) * 1:14264 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player playlist download (file-identify.rules) * 1:13898 <-> ENABLED <-> APP-DETECT Apple iTunes client request for server info (app-detect.rules) * 1:15079 <-> ENABLED <-> FILE-IDENTIFY WAV file download request (file-identify.rules) * 1:13938 <-> ENABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant outbound connection (pua-adware.rules) * 1:15237 <-> ENABLED <-> FILE-IDENTIFY Java .class file download request (file-identify.rules) * 1:13983 <-> ENABLED <-> FILE-IDENTIFY EPS file download request (file-identify.rules) * 1:15240 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules) * 1:14018 <-> ENABLED <-> FILE-IDENTIFY PLS multimedia playlist file download request (file-identify.rules) * 1:15319 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules) * 1:15013 <-> ENABLED <-> FILE-IDENTIFY PDF file download request (file-identify.rules) * 1:15321 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules) * 1:15158 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file download request (file-identify.rules) * 1:15323 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules) * 1:15239 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules) * 1:15325 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules) * 1:15294 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file download request (file-identify.rules) * 1:15361 <-> ENABLED <-> FILE-PDF pdf file sent via email (file-pdf.rules) * 1:15320 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules) * 1:15426 <-> ENABLED <-> FILE-IDENTIFY MAKI file download request (file-identify.rules) * 1:15322 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules) * 1:15444 <-> ENABLED <-> FILE-IDENTIFY Core Audio Format file download request (file-identify.rules) * 1:15324 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules) * 1:15464 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:15326 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules) * 1:15483 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:15385 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file download request (file-identify.rules) * 1:15518 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file download request (file-identify.rules) * 1:15427 <-> ENABLED <-> FILE-IDENTIFY SVG file download request (file-identify.rules) * 1:15586 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules) * 1:15463 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:15865 <-> ENABLED <-> FILE-IDENTIFY MP4 file download request (file-identify.rules) * 1:15468 <-> ENABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat dll request (browser-ie.rules) * 1:15900 <-> ENABLED <-> FILE-IDENTIFY Audio Interchange file download request (file-identify.rules) * 1:15516 <-> ENABLED <-> FILE-IDENTIFY AVI multimedia file download request (file-identify.rules) * 1:15922 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules) * 1:15582 <-> ENABLED <-> FILE-IDENTIFY ARJ format file download request (file-identify.rules) * 1:15987 <-> ENABLED <-> FILE-IDENTIFY DXF file download request (file-identify.rules) * 1:15587 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules) * 1:16143 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules) * 1:15870 <-> ENABLED <-> FILE-IDENTIFY 4XM file download request (file-identify.rules) * 1:16219 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules) * 1:15921 <-> ENABLED <-> FILE-IDENTIFY Microsoft multimedia format file download request (file-identify.rules) * 1:16286 <-> ENABLED <-> FILE-IDENTIFY TrueType font file download request (file-identify.rules) * 1:15945 <-> ENABLED <-> FILE-IDENTIFY RSS file download request (file-identify.rules) * 1:16406 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16061 <-> ENABLED <-> FILE-IDENTIFY X PixMap file download request (file-identify.rules) * 1:16473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker project file download request (file-identify.rules) * 1:16205 <-> ENABLED <-> FILE-IDENTIFY BMP file download request (file-identify.rules) * 1:16476 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducer file download request (file-identify.rules) * 1:16254 <-> ENABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (pua-adware.rules) * 1:16478 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerBF file download request (file-identify.rules) * 1:16381 <-> ENABLED <-> NETBIOS SMB session negotiation request (netbios.rules) * 1:16538 <-> ENABLED <-> NETBIOS NT QUERY SECURITY DESC flowbit (netbios.rules) * 1:16407 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16594 <-> ENABLED <-> PROTOCOL-POP STAT command (protocol-pop.rules) * 1:16474 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules) * 1:16691 <-> ENABLED <-> FILE-IDENTIFY PLF playlist file download request (file-identify.rules) * 1:16477 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerZ file download request (file-identify.rules) * 1:16754 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand andx create tree attempt (netbios.rules) * 1:16529 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16756 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode andx create tree attempt (netbios.rules) * 1:16556 <-> ENABLED <-> FILE-OTHER 2imaegshack/lmageshack IM worm get request attempt (file-other.rules) * 1:17116 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASX file download request (file-identify.rules) * 1:16630 <-> ENABLED <-> FILE-IDENTIFY DAT file download request (file-identify.rules) * 1:17229 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules) * 1:16742 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file download request (file-identify.rules) * 1:17241 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media wmv file download request (file-identify.rules) * 1:16755 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand create tree attempt (netbios.rules) * 1:17314 <-> ENABLED <-> FILE-IDENTIFY OLE document file magic detected (file-identify.rules) * 1:16757 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode create tree attempt (netbios.rules) * 1:17332 <-> ENABLED <-> SERVER-MAIL Content-Disposition attachment (server-mail.rules) * 1:17151 <-> ENABLED <-> NETBIOS SMB negotiate protocol request - ascii strings (netbios.rules) * 1:17364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Help Workshop CNT Help file download request (file-identify.rules) * 1:17230 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules) * 1:17380 <-> ENABLED <-> FILE-IDENTIFY PNG file download request (file-identify.rules) * 1:17259 <-> ENABLED <-> FILE-IDENTIFY MOV file download request (file-identify.rules) * 1:17396 <-> ENABLED <-> SERVER-OTHER VNC client authentication response (server-other.rules) * 1:17327 <-> ENABLED <-> SERVER-MAIL Qualcomm WorldMail Server Response (server-mail.rules) * 1:17426 <-> ENABLED <-> FILE-IDENTIFY RAT file download request (file-identify.rules) * 1:17359 <-> ENABLED <-> FILE-IDENTIFY XBM image file download request (file-identify.rules) * 1:17447 <-> ENABLED <-> SERVER-WEBAPP 407 Proxy Authentication Required (server-webapp.rules) * 1:17370 <-> ENABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules) * 1:17509 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Manifest file download request (file-identify.rules) * 1:17394 <-> ENABLED <-> FILE-IDENTIFY GIF file download request (file-identify.rules) * 1:17540 <-> ENABLED <-> FILE-IDENTIFY LZH file download request (file-identify.rules) * 1:17418 <-> ENABLED <-> SERVER-ORACLE Oracle connection established (server-oracle.rules) * 1:17552 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file download request (file-identify.rules) * 1:17441 <-> ENABLED <-> FILE-IDENTIFY LNK file download request (file-identify.rules) * 1:17600 <-> ENABLED <-> FILE-IDENTIFY XUL file download request (file-identify.rules) * 1:17508 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file download request (file-identify.rules) * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (file-identify.rules) * 1:17534 <-> ENABLED <-> SERVER-OTHER IPP Application Content (server-other.rules) * 1:17739 <-> ENABLED <-> FILE-IDENTIFY FlashPix file download request (file-identify.rules) * 1:17547 <-> ENABLED <-> FILE-IDENTIFY SMIL file download request (file-identify.rules) * 1:17751 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file download request (file-identify.rules) * 1:17598 <-> ENABLED <-> SERVER-OTHER IBM DB2 Universal Database accsec command without rdbnam (server-other.rules) * 1:17802 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules) * 1:17679 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules) * 1:18234 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules) * 1:17733 <-> ENABLED <-> FILE-IDENTIFY XML file download request (file-identify.rules) * 1:18274 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Mail file download request (file-identify.rules) * 1:17745 <-> ENABLED <-> NETBIOS SMB TRANS2 Find_First2 request attempt (netbios.rules) * 1:18593 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file download request (file-identify.rules) * 1:17801 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules) * 1:19128 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules) * 1:17809 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime qt file download request (file-identify.rules) * 1:19166 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules) * 1:18273 <-> ENABLED <-> FILE-IDENTIFY BAT file download request (file-identify.rules) * 1:19211 <-> ENABLED <-> FILE-IDENTIFY ZIP archive file download request (file-identify.rules) * 1:18516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules) * 1:19218 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules) * 1:18675 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules) * 1:19252 <-> ENABLED <-> FILE-IDENTIFY language.engtesselate.ln file download request (file-identify.rules) * 1:19129 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules) * 1:19299 <-> ENABLED <-> SERVER-OTHER banner.txt access - possible compromised multi-mesh injection server (server-other.rules) * 1:19190 <-> ENABLED <-> NETBIOS SMB-DS Trans2 Distributed File System GET_DFS_REFERRAL request (netbios.rules) * 1:19324 <-> ENABLED <-> MALWARE-OTHER Keylogger WL-Keylogger inbound connection (malware-other.rules) * 1:19215 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file download request (file-identify.rules) * 1:19392 <-> ENABLED <-> MALWARE-OTHER Keylogger Monitor.win32.perflogger (malware-other.rules) * 1:19224 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex wrf file download request (file-identify.rules) * 1:19423 <-> ENABLED <-> FILE-IDENTIFY MKV file download request (file-identify.rules) * 1:19289 <-> ENABLED <-> FILE-IDENTIFY MHTML file download request (file-identify.rules) * 1:19425 <-> ENABLED <-> FILE-IDENTIFY MKS file download request (file-identify.rules) * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:19816 <-> ENABLED <-> NETBIOS Juniper NeoterisSetupService named pipe access attempt (netbios.rules) * 1:19326 <-> ENABLED <-> PUA-ADWARE Classroom Spy Professional outbound connection - initial connection (pua-adware.rules) * 1:19907 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules) * 1:19422 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules) * 1:20223 <-> ENABLED <-> FILE-IDENTIFY SMI file download request (file-identify.rules) * 1:19424 <-> ENABLED <-> FILE-IDENTIFY MKA file download request (file-identify.rules) * 1:20260 <-> ENABLED <-> FILE-IDENTIFY Microsoft Client Agent Helper JAR file download request (file-identify.rules) * 1:19430 <-> ENABLED <-> FILE-IDENTIFY MIDI file download request (file-identify.rules) * 1:20274 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP NetShareEnumAll request (netbios.rules) * 1:19899 <-> ENABLED <-> MALWARE-OTHER Tong Keylogger outbound connectiooutbound connection (malware-other.rules) * 1:20287 <-> ENABLED <-> FILE-IDENTIFY QCP file download request (file-identify.rules) * 1:20032 <-> ENABLED <-> FILE-IDENTIFY MIME file type file download request (file-identify.rules) * 1:20451 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules) * 1:20225 <-> ENABLED <-> FILE-OTHER SMI file download request (file-other.rules) * 1:20454 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (file-identify.rules) * 1:20269 <-> ENABLED <-> FILE-IDENTIFY FON font file download request (file-identify.rules) * 1:20456 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules) * 1:20282 <-> ENABLED <-> FILE-IDENTIFY S3M file download request (file-identify.rules) * 1:20459 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules) * 1:20450 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules) * 1:20461 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (file-identify.rules) * 1:20453 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (file-identify.rules) * 1:20463 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20455 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (file-identify.rules) * 1:20465 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20458 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (file-identify.rules) * 1:20467 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20460 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:20469 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20462 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules) * 1:20472 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules) * 1:20464 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20475 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules) * 1:20466 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20477 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules) * 1:20468 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20479 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (file-identify.rules) * 1:20471 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules) * 1:20481 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:20474 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (file-identify.rules) * 1:20484 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (file-identify.rules) * 1:20476 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules) * 1:20486 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules) * 1:20478 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules) * 1:20488 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (file-identify.rules) * 1:20480 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules) * 1:20490 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (file-identify.rules) * 1:20483 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:20492 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules) * 1:20485 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules) * 1:20494 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules) * 1:20487 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (file-identify.rules) * 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20489 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules) * 1:20500 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20491 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (file-identify.rules) * 1:20502 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20493 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules) * 1:20507 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20495 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20512 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules) * 1:20497 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20514 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules) * 1:20501 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20516 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules) * 1:20503 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20519 <-> ENABLED <-> FILE-IDENTIFY vmd file download request (file-identify.rules) * 1:20511 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules) * 1:20521 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules) * 1:20513 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules) * 1:20544 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player FLV file download request (file-identify.rules) * 1:20515 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (file-identify.rules) * 1:20563 <-> ENABLED <-> FILE-IDENTIFY amf file download request (file-identify.rules) * 1:20518 <-> ENABLED <-> FILE-IDENTIFY rmf file download request (file-identify.rules) * 1:20588 <-> ENABLED <-> FILE-IDENTIFY CDR file download request (file-identify.rules) * 1:20520 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (file-identify.rules) * 1:20621 <-> ENABLED <-> FILE-IDENTIFY JAR file download request (file-identify.rules) * 1:20522 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules) * 1:20733 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file download request (file-identify.rules) * 1:20554 <-> ENABLED <-> PUA-OTHER Microsoft MSN Messenger and Windows Live Messenger Code Execution attempt (pua-other.rules) * 1:20751 <-> ENABLED <-> FILE-IDENTIFY webm file download request (file-identify.rules) * 1:20564 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules) * 1:20793 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:20589 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (file-identify.rules) * 1:20796 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules) * 1:20723 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file download request (file-identify.rules) * 1:20799 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20750 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules) * 1:20801 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules) * 1:20792 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:20840 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file download request (file-identify.rules) * 1:20795 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules) * 1:20848 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules) * 1:20798 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20852 <-> ENABLED <-> FILE-IDENTIFY DAZ Studio script download request (file-identify.rules) * 1:20800 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules) * 1:20855 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules) * 1:20839 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file download request (file-identify.rules) * 1:20857 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules) * 1:20841 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file download request (file-identify.rules) * 1:20860 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules) * 1:20849 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules) * 1:20871 <-> ENABLED <-> SERVER-WEBAPP Worldweaver DX Studio Player shell.execute command execution attempt (server-webapp.rules) * 1:20854 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules) * 1:20882 <-> ENABLED <-> FILE-OFFICE Microsoft Windows embedded packager object identifier (file-office.rules) * 1:20856 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules) * 1:20893 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules) * 1:20859 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya embedded language script download request (file-identify.rules) * 1:20895 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules) * 1:20869 <-> ENABLED <-> FILE-IDENTIFY Autodesk 3D Studio Maxscript download request (file-identify.rules) * 1:20897 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules) * 1:20874 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup initialization packet (server-other.rules) * 1:20899 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules) * 1:20888 <-> ENABLED <-> FILE-IDENTIFY Video Spirit visprj download attempt (file-identify.rules) * 1:20906 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules) * 1:20894 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules) * 1:20908 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules) * 1:20896 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules) * 1:20910 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules) * 1:20898 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules) * 1:20912 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules) * 1:20905 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules) * 1:20914 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules) * 1:20907 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules) * 1:20916 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules) * 1:20909 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules) * 1:20918 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules) * 1:20911 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules) * 1:20925 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules) * 1:20913 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules) * 1:20928 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:20915 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules) * 1:20930 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules) * 1:20917 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules) * 1:20932 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules) * 1:20924 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules) * 1:20934 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules) * 1:20926 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules) * 1:20936 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules) * 1:20929 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules) * 1:20938 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20931 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules) * 1:20940 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20933 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules) * 1:20942 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20935 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules) * 1:20944 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20937 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20946 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20939 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20948 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20941 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20951 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20943 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20953 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20945 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20955 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20947 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20957 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20950 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20959 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20952 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20961 <-> ENABLED <-> FILE-IDENTIFY TTE file download request (file-identify.rules) * 1:20954 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20963 <-> ENABLED <-> FILE-IDENTIFY DIB file download request (file-identify.rules) * 1:20956 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20965 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20958 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20967 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20960 <-> ENABLED <-> FILE-IDENTIFY Flac file download request (file-identify.rules) * 1:20969 <-> ENABLED <-> FILE-IDENTIFY M4A file download request (file-identify.rules) * 1:20962 <-> ENABLED <-> FILE-IDENTIFY OTF file download request (file-identify.rules) * 1:20971 <-> ENABLED <-> FILE-IDENTIFY M4R file download request (file-identify.rules) * 1:20964 <-> ENABLED <-> FILE-IDENTIFY SAMI file download request (file-identify.rules) * 1:20973 <-> ENABLED <-> FILE-IDENTIFY M4B file download request (file-identify.rules) * 1:20966 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20975 <-> ENABLED <-> FILE-IDENTIFY 3G2 file download request (file-identify.rules) * 1:20968 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules) * 1:20977 <-> ENABLED <-> FILE-IDENTIFY SKM file download request (file-identify.rules) * 1:20970 <-> ENABLED <-> FILE-IDENTIFY M4P file download request (file-identify.rules) * 1:20979 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules) * 1:20972 <-> ENABLED <-> FILE-IDENTIFY M4V file magic request (file-identify.rules) * 1:20981 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules) * 1:20974 <-> ENABLED <-> FILE-IDENTIFY 3GP file download request (file-identify.rules) * 1:20983 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:20976 <-> ENABLED <-> FILE-IDENTIFY K3G file download request (file-identify.rules) * 1:20987 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules) * 1:20978 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules) * 1:20992 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules) * 1:20980 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules) * 1:21007 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules) * 1:20982 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:21009 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules) * 1:20986 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules) * 1:21011 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:20991 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules) * 1:21013 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules) * 1:21005 <-> ENABLED <-> MALWARE-CNC Yang Pack yg.htm download request (malware-cnc.rules) * 1:21015 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules) * 1:21008 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file download request (file-identify.rules) * 1:21017 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file attachment detected (file-identify.rules) * 1:21010 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules) * 1:21035 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules) * 1:21012 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file download request (file-identify.rules) * 1:21052 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file download request (file-identify.rules) * 1:21014 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules) * 1:21054 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules) * 1:21016 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cyb file attachment detected (file-identify.rules) * 1:21061 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21018 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file download request (file-identify.rules) * 1:21109 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file download request (file-identify.rules) * 1:21036 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules) * 1:21111 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules) * 1:21053 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules) * 1:21152 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules) * 1:21059 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules) * 1:21174 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer realtext file download request (file-identify.rules) * 1:21062 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21283 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules) * 1:21110 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules) * 1:21285 <-> ENABLED <-> FILE-IDENTIFY XSLT file download request (file-identify.rules) * 1:21113 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules) * 1:21287 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules) * 1:21153 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules) * 1:21295 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules) * 1:21282 <-> ENABLED <-> FILE-IDENTIFY XSL file download request (file-identify.rules) * 1:21345 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar request (exploit-kit.rules) * 1:21284 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules) * 1:21410 <-> ENABLED <-> FILE-IDENTIFY paq8o file download request (file-identify.rules) * 1:21286 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules) * 1:21412 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules) * 1:21288 <-> ENABLED <-> FILE-IDENTIFY XML download detected (file-identify.rules) * 1:21433 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules) * 1:21296 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules) * 1:21480 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:21347 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - .php?page= (exploit-kit.rules) * 1:21499 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules) * 1:21411 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules) * 1:21573 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file download request (file-identify.rules) * 1:21432 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules) * 1:21575 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules) * 1:21434 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mentor variant outbound connection (malware-cnc.rules) * 1:21585 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules) * 1:21498 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:21611 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules) * 1:21500 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules) * 1:21613 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules) * 1:21574 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules) * 1:21615 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules) * 1:21584 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file download request (file-identify.rules) * 1:21617 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules) * 1:21586 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules) * 1:21620 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules) * 1:21612 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules) * 1:21623 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules) * 1:21614 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules) * 1:21625 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules) * 1:21616 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules) * 1:21627 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules) * 1:21618 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules) * 1:21648 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21621 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules) * 1:21650 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules) * 1:21624 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules) * 1:21652 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21626 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules) * 1:21660 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page Requested - /Index/index.php (exploit-kit.rules) * 1:21628 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules) * 1:21688 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules) * 1:21649 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21692 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules) * 1:21651 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21694 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules) * 1:21659 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page Requested - /Home/index.php (exploit-kit.rules) * 1:21696 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules) * 1:21687 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules) * 1:21698 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules) * 1:21691 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules) * 1:21700 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules) * 1:21693 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules) * 1:21702 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:21695 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules) * 1:21704 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21697 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules) * 1:21706 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:21699 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules) * 1:21708 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:21701 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:21710 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules) * 1:21703 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21712 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules) * 1:21705 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:21714 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules) * 1:21707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:21716 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules) * 1:21709 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules) * 1:21718 <-> ENABLED <-> FILE-IDENTIFY PFM file download request (file-identify.rules) * 1:21711 <-> ENABLED <-> FILE-IDENTIFY PFA file download request (file-identify.rules) * 1:21720 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules) * 1:21713 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules) * 1:21722 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules) * 1:21715 <-> ENABLED <-> FILE-IDENTIFY PFB file download request (file-identify.rules) * 1:21724 <-> ENABLED <-> FILE-IDENTIFY ANI file download request (file-identify.rules) * 1:21717 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules) * 1:21726 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules) * 1:21719 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules) * 1:21728 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21721 <-> ENABLED <-> FILE-IDENTIFY AFM file download request (file-identify.rules) * 1:21730 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21723 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules) * 1:21732 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21725 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules) * 1:21734 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21727 <-> ENABLED <-> FILE-IDENTIFY ANI file magic detection (file-identify.rules) * 1:21736 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21729 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21738 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21731 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules) * 1:21733 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21742 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:21735 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21744 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21737 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21746 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules) * 1:21739 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21748 <-> ENABLED <-> FILE-IDENTIFY HPJ file download request (file-identify.rules) * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules) * 1:21750 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules) * 1:21743 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:21802 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file download request (file-identify.rules) * 1:21745 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21804 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules) * 1:21747 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules) * 1:21808 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules) * 1:21749 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules) * 1:21810 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules) * 1:21751 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules) * 1:21812 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules) * 1:21803 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules) * 1:21814 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules) * 1:21807 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file download request (file-identify.rules) * 1:21816 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules) * 1:21809 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules) * 1:21855 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules) * 1:21811 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file download request (file-identify.rules) * 1:21857 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:21813 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules) * 1:21862 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules) * 1:21815 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules) * 1:21864 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules) * 1:21854 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules) * 1:21866 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21856 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:21868 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21861 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules) * 1:21871 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules) * 1:21863 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules) * 1:21873 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules) * 1:21865 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21887 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules) * 1:21867 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21889 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules) * 1:21870 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules) * 1:21891 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21872 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules) * 1:21893 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21886 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules) * 1:21895 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules) * 1:21888 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules) * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21890 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21939 <-> ENABLED <-> PROTOCOL-TELNET RuggedCom telnet initial banner (protocol-telnet.rules) * 1:21892 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:22013 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file download request (file-identify.rules) * 1:21894 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules) * 1:22015 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (file-identify.rules) * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:22017 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file download request (file-identify.rules) * 1:21931 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules) * 1:22019 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (file-identify.rules) * 1:21999 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file magic detection (file-identify.rules) * 1:22021 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file download request (file-identify.rules) * 1:22014 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (file-identify.rules) * 1:22023 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (file-identify.rules) * 1:22016 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (file-identify.rules) * 1:22025 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file download request (file-identify.rules) * 1:22018 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (file-identify.rules) * 1:22027 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (file-identify.rules) * 1:22020 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (file-identify.rules) * 1:22043 <-> ENABLED <-> FILE-IDENTIFY XM file download request (file-identify.rules) * 1:22022 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (file-identify.rules) * 1:22045 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (file-identify.rules) * 1:22024 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (file-identify.rules) * 1:22082 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file download request (file-identify.rules) * 1:22026 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (file-identify.rules) * 1:22084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file attachment detected (file-identify.rules) * 1:22028 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (file-identify.rules) * 1:22944 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules) * 1:22044 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (file-identify.rules) * 1:22946 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules) * 1:22046 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (file-identify.rules) * 1:22956 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules) * 1:22083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file attachment detected (file-identify.rules) * 1:22962 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules) * 1:22943 <-> ENABLED <-> FILE-IDENTIFY NAB file download request (file-identify.rules) * 1:22964 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RMP file attachment detected (file-identify.rules) * 1:22945 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules) * 1:22966 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules) * 1:22955 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules) * 1:22968 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules) * 1:22961 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules) * 1:22970 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules) * 1:22963 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RMP file attachment detected (file-identify.rules) * 1:22972 <-> ENABLED <-> FILE-IDENTIFY m3u playlist file file attachment detected (file-identify.rules) * 1:22965 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules) * 1:22974 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules) * 1:22967 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules) * 1:22976 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules) * 1:22969 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules) * 1:22978 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules) * 1:22971 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file attachment detected (file-identify.rules) * 1:22980 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules) * 1:22973 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules) * 1:22982 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules) * 1:22975 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules) * 1:22984 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules) * 1:22977 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules) * 1:22986 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules) * 1:22979 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules) * 1:22988 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules) * 1:22981 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules) * 1:22990 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules) * 1:22983 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules) * 1:22992 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules) * 1:22985 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules) * 1:22994 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules) * 1:22987 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules) * 1:22996 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules) * 1:22989 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules) * 1:22998 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules) * 1:22991 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules) * 1:23000 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules) * 1:22993 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules) * 1:23002 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules) * 1:22995 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules) * 1:23011 <-> ENABLED <-> FILE-IDENTIFY Collada file download request (file-identify.rules) * 1:22997 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules) * 1:23013 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules) * 1:22999 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules) * 1:23168 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules) * 1:23001 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules) * 1:23012 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules) * 1:23192 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23194 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23169 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules) * 1:23196 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23189 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23198 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23191 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23200 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23193 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23202 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23195 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23206 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23197 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23208 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk Manager Interface initial banner (protocol-voip.rules) * 1:23199 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23319 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (file-identify.rules) * 1:23201 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23321 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (file-identify.rules) * 1:23205 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23347 <-> ENABLED <-> FILE-IDENTIFY Lotus file download request (file-identify.rules) * 1:23207 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:28901 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file download request (file-identify.rules) * 1:23349 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules) * 1:23224 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit landing page Requested - 8Digit.html (exploit-kit.rules) * 1:23474 <-> ENABLED <-> FILE-IDENTIFY PLP file download request (file-identify.rules) * 1:23320 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (file-identify.rules) * 1:23476 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (file-identify.rules) * 1:23322 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (file-identify.rules) * 1:23486 <-> ENABLED <-> FILE-IDENTIFY JOB file download request (file-identify.rules) * 1:23348 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules) * 1:23488 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules) * 1:23393 <-> ENABLED <-> SQL IBM SolidDB initial banner (sql.rules) * 1:23497 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules) * 1:23475 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (file-identify.rules) * 1:23605 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.xx - v2.xx file magic detected (file-identify.rules) * 1:23477 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (file-identify.rules) * 1:23637 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules) * 1:23487 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules) * 1:23639 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules) * 1:23496 <-> ENABLED <-> FILE-IDENTIFY CUR file download request (file-identify.rules) * 1:23642 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (file-identify.rules) * 1:23498 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules) * 1:23644 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (file-identify.rules) * 1:23616 <-> ENABLED <-> APP-DETECT Amazon Kindle 3.0 User-Agent string requested (app-detect.rules) * 1:52056 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules) * 1:23646 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (file-identify.rules) * 1:23638 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules) * 1:23648 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:23640 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules) * 1:23650 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules) * 1:23643 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (file-identify.rules) * 1:23652 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23645 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules) * 1:23654 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23647 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules) * 1:23656 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23649 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (file-identify.rules) * 1:23658 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules) * 1:23651 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:49519 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:23660 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (file-identify.rules) * 1:23653 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23662 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules) * 1:23655 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23664 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules) * 1:23657 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23666 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:23659 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules) * 1:23668 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (file-identify.rules) * 1:23661 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules) * 1:23670 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules) * 1:23663 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules) * 1:23672 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (file-identify.rules) * 1:23665 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (file-identify.rules) * 1:23674 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (file-identify.rules) * 1:51993 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23667 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:23676 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules) * 1:23669 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules) * 1:23678 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules) * 1:23671 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (file-identify.rules) * 1:23680 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23673 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules) * 1:23682 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23675 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (file-identify.rules) * 1:23684 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23677 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules) * 1:23687 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23679 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23689 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules) * 1:23681 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23691 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules) * 1:23683 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23693 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules) * 1:23685 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23695 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules) * 1:23688 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules) * 1:23697 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules) * 1:23690 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules) * 1:23701 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules) * 1:23692 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (file-identify.rules) * 1:23707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules) * 1:23694 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (file-identify.rules) * 1:23710 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules) * 1:23696 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules) * 1:23712 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules) * 1:23698 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules) * 1:23721 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules) * 1:23703 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules) * 1:23724 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules) * 1:23709 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules) * 1:23726 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules) * 1:23711 <-> ENABLED <-> FILE-IDENTIFY OLE Document file magic detected (file-identify.rules) * 1:23728 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules) * 1:23720 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules) * 1:23730 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules) * 1:23723 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules) * 1:23732 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player .asf file magic detected (file-identify.rules) * 1:23725 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules) * 1:23734 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules) * 1:23727 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules) * 1:23736 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules) * 1:23729 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules) * 1:23738 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23731 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (file-identify.rules) * 1:23740 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23733 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules) * 1:23742 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23735 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules) * 1:23744 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23737 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:23746 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23739 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23748 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules) * 1:23741 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23750 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules) * 1:23743 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23752 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules) * 1:23745 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23754 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules) * 1:23747 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23758 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:23749 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules) * 1:23760 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules) * 1:23751 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:23762 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules) * 1:23753 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules) * 1:23764 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules) * 1:23755 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules) * 1:23769 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (file-identify.rules) * 1:23759 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:23771 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (file-identify.rules) * 1:23761 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules) * 1:23773 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (file-identify.rules) * 1:23763 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules) * 1:23775 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (file-identify.rules) * 1:23765 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules) * 1:23777 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.xx - v2.xx file magic detected (file-identify.rules) * 1:23770 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (file-identify.rules) * 1:23808 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23772 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (file-identify.rules) * 1:23810 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23774 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules) * 1:23812 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23776 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (file-identify.rules) * 1:23814 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:50870 <-> ENABLED <-> APP-DETECT Quagga password challenge detected (app-detect.rules) * 1:23807 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23816 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23809 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23818 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23811 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23820 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23813 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23822 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules) * 1:23815 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23839 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules) * 1:23817 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23969 <-> ENABLED <-> OS-MOBILE Android SMSZombie APK file download (os-mobile.rules) * 1:23819 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:24005 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:23821 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:24046 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (file-identify.rules) * 1:23823 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules) * 1:24048 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file download request (file-identify.rules) * 1:23849 <-> ENABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules) * 1:24050 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (file-identify.rules) * 1:24004 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:24075 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules) * 1:24045 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file download request (file-identify.rules) * 1:24078 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules) * 1:24047 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (file-identify.rules) * 1:24080 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:24049 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (file-identify.rules) * 1:24089 <-> ENABLED <-> OS-WINDOWS Microsoft WebDAV PROPFIND request (os-windows.rules) * 1:24074 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules) * 1:24101 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules) * 1:24076 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules) * 1:24190 <-> ENABLED <-> FILE-IDENTIFY X PixMap file magic detected (file-identify.rules) * 1:24079 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules) * 1:24206 <-> ENABLED <-> FILE-IDENTIFY LZH archive file magic detected (file-identify.rules) * 1:24081 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:24218 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:24100 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules) * 1:2422 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rt playlist file download request (file-identify.rules) * 1:2419 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .ram playlist file download request (file-identify.rules) * 1:24284 <-> ENABLED <-> FILE-OFFICE Microsoft Office Drawing object code execution attempt (file-office.rules) * 1:2420 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rmp playlist file download request (file-identify.rules) * 1:24359 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules) * 1:24213 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24406 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MiniFlame variant outbound connection (malware-cnc.rules) * 1:24219 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:24412 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules) * 1:2423 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rp playlist file download request (file-identify.rules) * 1:24453 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules) * 1:24313 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent request attempt (server-webapp.rules) * 1:24455 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:2436 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file download request (file-identify.rules) * 1:24457 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24407 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MiniFlame variant outbound connection (malware-cnc.rules) * 1:24459 <-> ENABLED <-> FILE-IDENTIFY PSD file download request (file-identify.rules) * 1:24413 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules) * 1:24461 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (file-identify.rules) * 1:24454 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules) * 1:24463 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:24456 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules) * 1:24458 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24467 <-> ENABLED <-> FILE-IDENTIFY XCF file download request (file-identify.rules) * 1:24460 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (file-identify.rules) * 1:24469 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (file-identify.rules) * 1:24462 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (file-identify.rules) * 1:24471 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (file-identify.rules) * 1:24464 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:24473 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules) * 1:24466 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (file-identify.rules) * 1:24484 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:24468 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (file-identify.rules) * 1:24555 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules) * 1:24470 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (file-identify.rules) * 1:24651 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file download request (file-identify.rules) * 1:24472 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules) * 1:24709 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules) * 1:24483 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:24719 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP call state message offhook (protocol-voip.rules) * 1:24554 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules) * 1:24817 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24599 <-> ENABLED <-> FILE-IDENTIFY Alt-N MDaemon IMAP Server (file-identify.rules) * 1:24819 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules) * 1:24708 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file download request (file-identify.rules) * 1:24821 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules) * 1:24710 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules) * 1:24824 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file download request (file-identify.rules) * 1:24816 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24826 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules) * 1:24818 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules) * 1:24902 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules) * 1:24820 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file download request (file-identify.rules) * 1:24972 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 find file and directory info request (netbios.rules) * 1:24822 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules) * 1:25032 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file download request (file-identify.rules) * 1:24825 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules) * 1:25034 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules) * 1:24901 <-> ENABLED <-> FILE-IDENTIFY JNLP file download request (file-identify.rules) * 1:25062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (file-identify.rules) * 1:24903 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules) * 1:25306 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file download request (file-identify.rules) * 1:25014 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file magic detected (file-identify.rules) * 1:25308 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules) * 1:25033 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules) * 1:25374 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (file-identify.rules) * 1:50874 <-> ENABLED <-> FILE-IDENTIFY Fax Cover Page file magic detected (file-identify.rules) * 1:25041 <-> ENABLED <-> EXPLOIT-KIT Java User-Agent flowbit set (exploit-kit.rules) * 1:25516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (file-identify.rules) * 1:25305 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file magic detected (file-identify.rules) * 1:25602 <-> ENABLED <-> SERVER-OTHER Sybase Open Server TDS login request (server-other.rules) * 1:25307 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules) * 1:25605 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (file-identify.rules) * 1:25373 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file download request (file-identify.rules) * 1:25680 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player embedded compact font detected (file-identify.rules) * 1:25375 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (file-identify.rules) * 1:25928 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25517 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (file-identify.rules) * 1:25930 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25604 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file download request (file-identify.rules) * 1:25932 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25606 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (file-identify.rules) * 1:25934 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25682 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player embedded compact font detected (file-identify.rules) * 1:25936 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25929 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25938 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25931 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25940 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25933 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25942 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25935 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25944 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25937 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25939 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25941 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25943 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:32345 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules) * 1:51024 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:6472 <-> ENABLED <-> MALWARE-BACKDOOR bugs runtime detection - file manager client-to-server (malware-backdoor.rules) * 1:7111 <-> ENABLED <-> MALWARE-BACKDOOR fearless lite 1.01 runtime detection (malware-backdoor.rules) * 1:7506 <-> ENABLED <-> MALWARE-TOOLS Hacker-Tool coma runtime detection - init connection - flowbit set (malware-tools.rules) * 1:8355 <-> ENABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection (malware-other.rules) * 1:8445 <-> ENABLED <-> FILE-OFFICE Microsoft Windows RTF file with embedded object package download attempt (file-office.rules) * 1:9845 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules) * 1:6469 <-> ENABLED <-> SERVER-OTHER RealVNC connection attempt (server-other.rules) * 1:7641 <-> ENABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client-to-server (malware-backdoor.rules) * 1:49495 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:40020 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules) * 1:3136 <-> ENABLED <-> NETBIOS SMB Trans2 QUERY_FILE_INFO andx attempt (netbios.rules) * 1:26466 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules) * 1:32616 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (file-identify.rules) * 1:40980 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules) * 1:33027 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules) * 1:32945 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (file-identify.rules) * 1:38461 <-> ENABLED <-> OS-WINDOWS DCERPC Bind auth level packet privacy connection detected (os-windows.rules) * 1:42259 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:32135 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules) * 1:3138 <-> ENABLED <-> NETBIOS SMB-DS Trans2 QUERY_FILE_INFO andx attempt (netbios.rules) * 1:29407 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file download request (file-identify.rules) * 1:49513 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:37546 <-> ENABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager connection attempt (server-other.rules) * 1:33825 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules) * 1:26902 <-> ENABLED <-> FILE-IDENTIFY Android APK download request (file-identify.rules) * 1:38864 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules) * 1:35796 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (file-identify.rules) * 1:36816 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 IAKERB outbound token detected (server-other.rules) * 1:40893 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (file-identify.rules) * 1:26059 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:26903 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (file-identify.rules) * 1:32134 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules) * 1:28508 <-> ENABLED <-> FILE-IDENTIFY Microsoft Write file download file attachment detected (file-identify.rules) * 1:30018 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file download request (file-identify.rules) * 1:36711 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file attachment detected (file-identify.rules) * 1:43891 <-> ENABLED <-> MALWARE-OTHER Win.Malware.Emotet variant lateral propagation (malware-other.rules) * 1:3551 <-> ENABLED <-> FILE-IDENTIFY HTA file download request (file-identify.rules) * 1:34398 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download attempt (file-identify.rules) * 1:36748 <-> ENABLED <-> FILE-IDENTIFY TTF file attachment detected (file-identify.rules) * 1:30532 <-> ENABLED <-> FILE-MULTIMEDIA CoCSoft Stream Download session (file-multimedia.rules) * 1:30015 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules) * 1:26065 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file attachment detected (file-identify.rules) * 1:28900 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules) * 1:43099 <-> ENABLED <-> SERVER-WEBAPP Simple SCADA web-socket connection initialization attempt (server-webapp.rules) * 1:42367 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:37784 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules) * 1:26904 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (file-identify.rules) * 1:49512 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:29275 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules) * 1:35432 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules) * 1:40979 <-> ENABLED <-> FILE-IDENTIFY ico file download request (file-identify.rules) * 1:53213 <-> ENABLED <-> PROTOCOL-OTHER MQTT Connect control packet detected (protocol-other.rules) * 1:51268 <-> ENABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 download load file attempt (file-other.rules) * 1:49794 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:23188 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)