Talos has added and modified multiple rules in the malware-cnc, malware-other, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:55868 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agzz8qk-9769774-0 download attempt (malware-other.rules) * 1:55869 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9769987-0 download attempt (malware-other.rules) * 1:55870 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9769987-0 download attempt (malware-other.rules) * 1:55871 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9770089-0 download attempt (malware-other.rules) * 1:55872 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9770089-0 download attempt (malware-other.rules) * 1:55873 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9770097-0 download attempt (malware-other.rules) * 1:55874 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9770097-0 download attempt (malware-other.rules) * 1:55875 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bdld-9770176-0 download attempt (malware-other.rules) * 1:55876 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bdld-9770176-0 download attempt (malware-other.rules) * 1:55877 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Drolnux-9770173-0 download attempt (malware-other.rules) * 1:55878 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Drolnux-9770173-0 download attempt (malware-other.rules) * 1:55879 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9770611-0 download attempt (malware-other.rules) * 1:55880 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9770611-0 download attempt (malware-other.rules) * 1:55881 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9770992-0 download attempt (malware-other.rules) * 1:55882 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9770992-0 download attempt (malware-other.rules) * 1:55883 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Cutwail-9771166-0 download attempt (malware-other.rules) * 1:55884 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Cutwail-9771166-0 download attempt (malware-other.rules) * 1:55885 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9771263-0 download attempt (malware-other.rules) * 1:55886 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9771263-0 download attempt (malware-other.rules) * 1:55887 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9771413-0 download attempt (malware-other.rules) * 1:55888 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9771413-0 download attempt (malware-other.rules) * 1:55889 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Browsefox-9771664-0 download attempt (malware-other.rules) * 1:55890 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Browsefox-9771664-0 download attempt (malware-other.rules) * 1:55891 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Kovter-9771867-0 download attempt (malware-other.rules) * 1:55892 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Kovter-9771867-0 download attempt (malware-other.rules) * 1:55893 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9771891-0 download attempt (malware-other.rules) * 1:55894 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9771891-0 download attempt (malware-other.rules) * 1:55895 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9772275-0 download attempt (malware-other.rules) * 1:55896 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9772275-0 download attempt (malware-other.rules) * 1:55897 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakesysdef-9772554-0 download attempt (malware-other.rules) * 1:55898 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakesysdef-9772554-0 download attempt (malware-other.rules) * 1:55899 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9772677-0 download attempt (malware-other.rules) * 1:55900 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9772677-0 download attempt (malware-other.rules) * 1:55901 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9772681-0 download attempt (malware-other.rules) * 1:55902 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9772681-0 download attempt (malware-other.rules) * 1:55903 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Sdyn-9772921-0 download attempt (malware-other.rules) * 1:55904 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Sdyn-9772921-0 download attempt (malware-other.rules) * 1:55905 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9773106-0 download attempt (malware-other.rules) * 1:55906 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9773106-0 download attempt (malware-other.rules) * 1:55907 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9773294-0 download attempt (malware-other.rules) * 1:55908 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9773294-0 download attempt (malware-other.rules) * 1:55909 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773289-0 download attempt (malware-other.rules) * 1:55910 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773289-0 download attempt (malware-other.rules) * 1:55911 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773282-0 download attempt (malware-other.rules) * 1:55912 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773282-0 download attempt (malware-other.rules) * 1:55913 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9773470-0 download attempt (malware-other.rules) * 1:55914 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9773470-0 download attempt (malware-other.rules) * 1:55915 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Neobar-9773833-0 download attempt (malware-other.rules) * 1:55916 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Neobar-9773833-0 download attempt (malware-other.rules) * 1:55918 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 1:55919 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 1:55920 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 1:55921 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 1:55922 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender privilege escalation attempt (os-windows.rules) * 1:55923 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender privilege escalation attempt (os-windows.rules) * 1:55926 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant outbound connection (malware-cnc.rules) * 1:55927 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant script download attempt (malware-cnc.rules) * 1:55928 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant script download attempt (malware-cnc.rules) * 1:55863 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ursnif-9769699-0 download attempt (malware-other.rules) * 1:55864 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ursnif-9769699-0 download attempt (malware-other.rules) * 1:55865 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Bulz-9769773-0 download attempt (malware-other.rules) * 1:55866 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Bulz-9769773-0 download attempt (malware-other.rules) * 1:55867 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agzz8qk-9769774-0 download attempt (malware-other.rules) * 3:55917 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1159 attack attempt (server-webapp.rules) * 3:55925 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55924 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules)
* 1:21435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mentor inbound connection - post infection (malware-cnc.rules) * 1:21436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Startpage variant outbound connection (malware-cnc.rules) * 1:21440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Murofet variant outbound connection (malware-cnc.rules) * 1:21441 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules) * 1:21455 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string psi (malware-cnc.rules) * 1:21469 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 1234567890 (malware-cnc.rules) * 1:21475 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string core-project (malware-cnc.rules) * 1:21476 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent YZF (malware-cnc.rules) * 1:21525 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:21526 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent TCYWinHTTPDownload (malware-cnc.rules) * 1:21538 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound payload request (malware-cnc.rules) * 1:21547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:21548 <-> DISABLED <-> MALWARE-CNC Cutwail landing page connection (malware-cnc.rules) * 1:21551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kahn variant outbound connection (malware-cnc.rules) * 1:21552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kahn variant outbound connection (malware-cnc.rules) * 1:21562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bredolab variant outbound connection (malware-cnc.rules) * 1:21563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules) * 1:21564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules) * 1:21565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules) * 1:21591 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent Gamevance tl_v (malware-cnc.rules) * 1:21593 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules) * 1:21622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Georbot variant outbound connection (malware-cnc.rules) * 1:21631 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinowal javascript delivery method (malware-cnc.rules) * 1:21632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules) * 1:21636 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent gbot (malware-cnc.rules) * 1:21638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aluereon TDSS infection variant outbound connection (malware-cnc.rules) * 1:21639 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent mus - TDSS related (malware-cnc.rules) * 1:21755 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules) * 1:21756 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules) * 1:21757 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules) * 1:21758 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules) * 1:21760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:21761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:21852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orsam variant outbound connection (malware-cnc.rules) * 1:21877 <-> DISABLED <-> MALWARE-CNC Apple OSX.Sabpub variant outbound connection (malware-cnc.rules) * 1:21910 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware user-agent (malware-cnc.rules) * 1:21911 <-> DISABLED <-> MALWARE-CNC Aldi variant outbound connection C&C checkin (malware-cnc.rules) * 1:21912 <-> DISABLED <-> MALWARE-CNC Aldi bot variant outbound connection user-agent (malware-cnc.rules) * 1:21925 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent BOT/0.1 (malware-cnc.rules) * 1:21945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (malware-cnc.rules) * 1:21946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (malware-cnc.rules) * 1:21965 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VB WININET (malware-cnc.rules) * 1:21983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BamCompiled variant outbound connection (malware-cnc.rules) * 1:21984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BamCompiled variant inbound updates (malware-cnc.rules) * 1:22033 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware variant outbound connection (malware-cnc.rules) * 1:22034 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware variant outbound connection (malware-cnc.rules) * 1:22047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jokbot variant outbound connection (malware-cnc.rules) * 1:22048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus P2P outbound connection (malware-cnc.rules) * 1:22054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prorat variant outbound connection (malware-cnc.rules) * 1:22058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules) * 1:22059 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:22060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fepgul variant outbound connection (malware-cnc.rules) * 1:22099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Piroxcc variant outbound connection (malware-cnc.rules) * 1:22100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Midhos variant outbound connection (malware-cnc.rules) * 1:22103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coswid.klk variant outbound connection (malware-cnc.rules) * 1:22937 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxyier variant outbound connection (malware-cnc.rules) * 1:22939 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent RAbcLib (malware-cnc.rules) * 1:23019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Flame malware (malware-cnc.rules) * 1:23057 <-> DISABLED <-> MALWARE-CNC Flame malware connection - /view.php (malware-cnc.rules) * 1:23103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik variant outbound connection (malware-cnc.rules) * 1:23104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:23109 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lolbot variant outbound connection (malware-cnc.rules) * 1:23242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.boxg connect to cnc server (malware-cnc.rules) * 1:23244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules) * 1:23245 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:23254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf.CL variant outbound connection (malware-cnc.rules) * 1:23261 <-> DISABLED <-> MALWARE-CNC known command and control traffic - Pushbot (malware-cnc.rules) * 1:23262 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:23307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper connect to server (malware-cnc.rules) * 1:23332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dishigy variant outbound connection (malware-cnc.rules) * 1:23334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader initial C&C checkin (malware-cnc.rules) * 1:23335 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:23342 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:23382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyEye variant outbound connection (malware-cnc.rules) * 1:23391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hioles.C variant outbound connection (malware-cnc.rules) * 1:23394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbvoleur.a variant outbound connection (malware-cnc.rules) * 1:23467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mazben file download (malware-cnc.rules) * 1:23473 <-> DISABLED <-> MALWARE-CNC URI request for runforestrun - JS.Runfore (malware-cnc.rules) * 1:23492 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules) * 1:23493 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules) * 1:23600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue outbound connection (malware-cnc.rules) * 1:23615 <-> DISABLED <-> MALWARE-CNC ACAD.Medre.A variant outbound connection (malware-cnc.rules) * 1:23627 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - PoisonIvy RAT (malware-cnc.rules) * 1:23628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pincav variant outbound connection (malware-cnc.rules) * 1:23633 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kegotip variant report to cnc-server (malware-cnc.rules) * 1:23635 <-> DISABLED <-> MALWARE-CNC Gozi trojan checkin (malware-cnc.rules) * 1:23778 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik variant outbound connection (malware-cnc.rules) * 1:23824 <-> DISABLED <-> MALWARE-CNC Gauss malware check-in (malware-cnc.rules) * 1:23893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DistTrack command and control traffic (malware-cnc.rules) * 1:23903 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - you (malware-cnc.rules) * 1:23938 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ibabyfa.dldr variant outbound connection (malware-cnc.rules) * 1:23942 <-> DISABLED <-> MALWARE-CNC Win.Trojan.C0D0SO0 variant outbound traffic (malware-cnc.rules) * 1:23945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor variant outbound connection (malware-cnc.rules) * 1:23946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor file download (malware-cnc.rules) * 1:23968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crisis variant outbound connection (malware-cnc.rules) * 1:23972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:23978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hostposer variant outbound connection (malware-cnc.rules) * 1:23987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik.Kazy variant outbound connection (malware-cnc.rules) * 1:24062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hufysk variant outbound connection (malware-cnc.rules) * 1:24111 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Post (malware-cnc.rules) * 1:24169 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:24185 <-> DISABLED <-> MALWARE-CNC Win.Work.Rokiwobi inbound command from C&C (malware-cnc.rules) * 1:24211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xamtrav update protocol connection (malware-cnc.rules) * 1:24214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seveto variant outbound connection (malware-cnc.rules) * 1:24215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:24216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Biloky variant outbound connection (malware-cnc.rules) * 1:24217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules) * 1:24224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules) * 1:24235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wuwo initial infection variant outbound connection (malware-cnc.rules) * 1:24236 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wuwo post infection variant outbound connection (malware-cnc.rules) * 1:24361 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi.Prinimalka variant outbound connection (malware-cnc.rules) * 1:24375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules) * 1:24381 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules) * 1:24382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules) * 1:24439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Encriyoko variant outbound connection (malware-cnc.rules) * 1:24440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chiviper variant outbound connection (malware-cnc.rules) * 1:24441 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Testing (malware-cnc.rules) * 1:24442 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alerter COM (malware-cnc.rules) * 1:24482 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chif variant outbound connection (malware-cnc.rules) * 1:24491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo redirection landing page pre-infection (malware-cnc.rules) * 1:24492 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24493 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24495 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24504 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules) * 1:24514 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lucuis variant outbound connection (malware-cnc.rules) * 1:24523 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MautoitRAT variant outbound connection (malware-cnc.rules) * 1:24531 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scondatie.A variant outbound connection (malware-cnc.rules) * 1:24532 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scondatie.A inbound connection (malware-cnc.rules) * 1:24533 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:24534 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules) * 1:24563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Veli variant outbound connection (malware-cnc.rules) * 1:24566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules) * 1:24568 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Mozilla/00 (malware-cnc.rules) * 1:24575 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Opera/9.61 (malware-cnc.rules) * 1:24630 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Klovbot variant outbound connection (malware-cnc.rules) * 1:24631 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Lizard/1.0 (malware-cnc.rules) * 1:24632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VaccinePC variant outbound connection (malware-cnc.rules) * 1:24633 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - test_hInternet (malware-cnc.rules) * 1:24634 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - vaccinepc (malware-cnc.rules) * 1:24858 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quarian variant outbound connection - proxy connection (malware-cnc.rules) * 1:24873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gnutler variant outbound connection (malware-cnc.rules) * 1:24885 <-> DISABLED <-> MALWARE-CNC Potential Banking Trojan Config File Download (malware-cnc.rules) * 1:24886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant outbound connection (malware-cnc.rules) * 1:25007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wealwedst variant outbound connection (malware-cnc.rules) * 1:25009 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules) * 1:25010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules) * 1:25011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules) * 1:25016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules) * 1:25021 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Azbreg variant outbound connection (malware-cnc.rules) * 1:25022 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato variant outbound connection (malware-cnc.rules) * 1:25023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:25024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:25025 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Recslurp variant outbound connection (malware-cnc.rules) * 1:25026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Juasek variant outbound connection (malware-cnc.rules) * 1:25027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Opachki variant connect to cnc-server (malware-cnc.rules) * 1:25028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peed variant outbound connection (malware-cnc.rules) * 1:25029 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nevsyn variant outbound connection (malware-cnc.rules) * 1:25049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik.Kolilks variant outbound connection (malware-cnc.rules) * 1:25050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:25054 <-> DISABLED <-> MALWARE-CNC ZeroAccess Clickserver callback (malware-cnc.rules) * 1:25070 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules) * 1:25071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Macnsed variant outbound connection (malware-cnc.rules) * 1:25072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dulom variant outbound connection (malware-cnc.rules) * 1:25073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lowzone variant outbound connection (malware-cnc.rules) * 1:25074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:25075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules) * 1:25076 <-> DISABLED <-> MALWARE-CNC Win.Worm.Joanap variant variant outbound connection (malware-cnc.rules) * 1:25077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Halnine variant outbound connection (malware-cnc.rules) * 1:25093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hacktool variant outbound connection (malware-cnc.rules) * 1:25098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Daws variant outbound connection (malware-cnc.rules) * 1:25099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Daws variant outbound connection (malware-cnc.rules) * 1:25100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Njrat variant outbound connection (malware-cnc.rules) * 1:25107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy.Agent variant outbound connection (malware-cnc.rules) * 1:25109 <-> DISABLED <-> MALWARE-CNC Autoit.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25119 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - NewBrandTest (malware-cnc.rules) * 1:25224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess URI and Referer (malware-cnc.rules) * 1:25229 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkkomet variant inbound connection (malware-cnc.rules) * 1:25230 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkkomet variant outbound connection (malware-cnc.rules) * 1:25231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25237 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Firelog variant outbound connection (malware-cnc.rules) * 1:25239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules) * 1:25240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Menti variant inbound connection (malware-cnc.rules) * 1:25241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetTrash variant outbound connection (malware-cnc.rules) * 1:25242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duapz variant outbound connection (malware-cnc.rules) * 1:25243 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - 04/XP (malware-cnc.rules) * 1:25244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25245 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - me0hoi (malware-cnc.rules) * 1:25249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Basutra variant outbound connection (malware-cnc.rules) * 1:25256 <-> DISABLED <-> MALWARE-CNC Win.Worm.Gamarue variant outbound connection (malware-cnc.rules) * 1:25257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Skintrim variant outbound connection (malware-cnc.rules) * 1:25258 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast variant outbound connection (malware-cnc.rules) * 1:25259 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BancosBanload variant outbound connection (malware-cnc.rules) * 1:25268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules) * 1:25269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules) * 1:25271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules) * 1:25371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ruskill variant outbound connection (malware-cnc.rules) * 1:25372 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - wh (malware-cnc.rules) * 1:25394 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/nt/th (malware-cnc.rules) * 1:25395 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/nt/sk (malware-cnc.rules) * 1:25396 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/dllhost/ac (malware-cnc.rules) * 1:25397 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/ms/check (malware-cnc.rules) * 1:25398 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/ms/flush (malware-cnc.rules) * 1:25399 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/win/wcx (malware-cnc.rules) * 1:25400 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/win/cab (malware-cnc.rules) * 1:25448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Jinch variant outbound connection (malware-cnc.rules) * 1:25465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:25470 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LoDo variant outbound connection (malware-cnc.rules) * 1:25471 <-> DISABLED <-> MALWARE-CNC Pushdo Spiral Traffic (malware-cnc.rules) * 1:25476 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules) * 1:25477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25503 <-> DISABLED <-> MALWARE-CNC Necurs Rootkit sba.cgi (malware-cnc.rules) * 1:25504 <-> DISABLED <-> MALWARE-CNC Necurs Rootkit op.cgi (malware-cnc.rules) * 1:25511 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:25529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25530 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25531 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25532 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25533 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - al (malware-cnc.rules) * 1:25541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sigly variant outbound connection (malware-cnc.rules) * 1:25543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.VB variant outbound connection (malware-cnc.rules) * 1:25544 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ctwopop (malware-cnc.rules) * 1:25545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Printlove variant outbound connection (malware-cnc.rules) * 1:25546 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy.Agent variant outbound connection (malware-cnc.rules) * 1:55281 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zegost-9753424-0 download attempt (malware-other.rules) * 1:55862 <-> ENABLED <-> SERVER-WEBAPP Microsoft SharePoint EntityInstanceIdEncoder remote code execution attempt (server-webapp.rules) * 1:5760 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - OSSProxy (malware-cnc.rules) * 1:5770 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Casino (malware-cnc.rules) * 1:5774 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - FSW (malware-cnc.rules) * 1:5800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWay (malware-cnc.rules) * 1:5805 <-> DISABLED <-> MALWARE-OTHER Trackware myway speedbar runtime detection - switch engines (malware-other.rules) * 1:5808 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules) * 1:5824 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Strip-Player (malware-cnc.rules) * 1:5838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EI (malware-cnc.rules) * 1:5857 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWebSearchSearchAssistance (malware-cnc.rules) * 1:5880 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - smtp delivery (malware-other.rules) * 1:5881 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - ftp delivery (malware-other.rules) * 1:5882 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - alert notification (malware-other.rules) * 1:5900 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Async HTTP Agent (malware-cnc.rules) * 1:5901 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - AdTools (malware-cnc.rules) * 1:5907 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - check update (malware-other.rules) * 1:5908 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - redirect affiliate site request 1 (malware-other.rules) * 1:5909 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - redirect affiliate site request 2 (malware-other.rules) * 1:5913 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - My Agent (malware-cnc.rules) * 1:5954 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Browser Pal (malware-cnc.rules) * 1:5955 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Popup Stopper (malware-cnc.rules) * 1:5970 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Feat2 Updater (malware-cnc.rules) * 1:5978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TM_SEARCH3 (malware-cnc.rules) * 1:5986 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TeomaBar (malware-cnc.rules) * 1:6186 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpywareStrike (malware-cnc.rules) * 1:19019 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jzzer.A variant outbound connection (malware-cnc.rules) * 1:19047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - RCleanT (malware-cnc.rules) * 1:19052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Httpbot.qdc variant outbound connection (malware-cnc.rules) * 1:19053 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Nusump.A variant outbound connection (malware-cnc.rules) * 1:19055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gosik.A registration (malware-cnc.rules) * 1:19056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (malware-cnc.rules) * 1:19057 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (malware-cnc.rules) * 1:19058 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Faketube update request (malware-cnc.rules) * 1:19164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyEye variant outbound connection (malware-cnc.rules) * 1:19165 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Microsoft Internet Explorer (malware-cnc.rules) * 1:19175 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent wget 3.0 (malware-cnc.rules) * 1:19328 <-> DISABLED <-> MALWARE-CNC PointGuide variant outbound connection (malware-cnc.rules) * 1:19339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper Win.Trojan.Agent.alda variant outbound connection (malware-cnc.rules) * 1:19347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poison.banr variant outbound connection (malware-cnc.rules) * 1:19348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.FraudLoad.emq variant outbound connection (malware-cnc.rules) * 1:19351 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Clicker Win.Trojan.Hatigh.C variant outbound connection (malware-cnc.rules) * 1:19353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.bkhu variant outbound connection (malware-cnc.rules) * 1:19357 <-> DISABLED <-> MALWARE-CNC Win.Worm.Sohanad.ila variant outbound connection (malware-cnc.rules) * 1:19358 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XYTvn.A variant outbound connection (malware-cnc.rules) * 1:19429 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy Win.Trojan.Dosenjo.C variant outbound connection (malware-cnc.rules) * 1:19435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmus.203 variant outbound connection (malware-cnc.rules) * 1:19480 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string STORMDDOS - Backdoor.Win32.Inject.ctt (malware-cnc.rules) * 1:19482 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ErrorFix (malware-cnc.rules) * 1:19490 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koceg.B variant outbound connection (malware-cnc.rules) * 1:19493 <-> DISABLED <-> MALWARE-CNC URI request for known malicious uri config.ini on 3322.org domain (malware-cnc.rules) * 1:19579 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Potao.A variant outbound connection (malware-cnc.rules) * 1:19589 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string MacProtector (malware-cnc.rules) * 1:19590 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Savnut.B variant outbound connection (malware-cnc.rules) * 1:19622 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - pte.aspx?ver= (malware-cnc.rules) * 1:19623 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - vic.aspx?ver= (malware-cnc.rules) * 1:19625 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - .sys.php?getexe= (malware-cnc.rules) * 1:19626 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /setup_b.asp?prj= (malware-cnc.rules) * 1:19627 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /r_autoidcnt.asp?mer_seq= (malware-cnc.rules) * 1:19628 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /1cup/script.php (malware-cnc.rules) * 1:19631 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - AnSSip= (malware-cnc.rules) * 1:19632 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/adduser.php?uid= (malware-cnc.rules) * 1:19633 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/tasks.php?uid= (malware-cnc.rules) * 1:19635 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /app/?prj= (malware-cnc.rules) * 1:19636 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /blog/images/3521.jpg?v (malware-cnc.rules) * 1:19637 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /install.asp?mac= (malware-cnc.rules) * 1:19638 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /kx4.txt (malware-cnc.rules) * 1:19657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant traffic (malware-cnc.rules) * 1:19658 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MCnovogic.A variant outbound connection (malware-cnc.rules) * 1:19702 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zboter.E variant outbound connection (malware-cnc.rules) * 1:19703 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dusta.br outbound connnection (malware-cnc.rules) * 1:19704 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (malware-cnc.rules) * 1:19705 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (malware-cnc.rules) * 1:19706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cer variant outbound connection (malware-cnc.rules) * 1:19711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules) * 1:19712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:19722 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poshtroper variant outbound connection (malware-cnc.rules) * 1:19723 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pherbot variant outbound connection (malware-cnc.rules) * 1:19730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KukuBot variant outbound connection (malware-cnc.rules) * 1:19731 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkwebot variant outbound connection (malware-cnc.rules) * 1:19732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Idicaf variant outbound connection (malware-cnc.rules) * 1:19756 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Opera/8.89 - P2P-Worm.Win32.Palevo.ddm (malware-cnc.rules) * 1:19761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftpharvxqq variant outbound connection (malware-cnc.rules) * 1:19765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:19767 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msposer.A variant outbound connection (malware-cnc.rules) * 1:19769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos outbound indicator (malware-cnc.rules) * 1:19770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (malware-cnc.rules) * 1:19771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (malware-cnc.rules) * 1:19778 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /games/java_trust.php?f= (malware-cnc.rules) * 1:19801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules) * 1:19864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nvbpass variant outbound connection (malware-cnc.rules) * 1:19882 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /160.rar - Win32/Morto.A (malware-cnc.rules) * 1:19912 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DelfInject.gen!X variant outbound connection (malware-cnc.rules) * 1:19913 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - optima/index.php (malware-cnc.rules) * 1:19964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:19995 <-> DISABLED <-> MALWARE-CNC Waledac variant outbound connection (malware-cnc.rules) * 1:20009 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string Baby Remote - Win32/Babmote.A (malware-cnc.rules) * 1:20011 <-> DISABLED <-> MALWARE-CNC Briewots.A runtime traffic detected (malware-cnc.rules) * 1:20012 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string feranet/0.4 - Win32/Ferabsa.A (malware-cnc.rules) * 1:20080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi.A variant outbound connection (malware-cnc.rules) * 1:20081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Yakes.cbi variant outbound connection (malware-cnc.rules) * 1:20099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xtrat.A variant outbound connection (malware-cnc.rules) * 1:20104 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - InfoBot (malware-cnc.rules) * 1:20105 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - IPHONE (malware-cnc.rules) * 1:20106 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - darkness (malware-cnc.rules) * 1:20201 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - meterpreter (malware-cnc.rules) * 1:20202 <-> DISABLED <-> MALWARE-CNC Apple OSX.Revir-1 variant outbound connection (malware-cnc.rules) * 1:20213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:20221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules) * 1:20228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant outbound connection (malware-cnc.rules) * 1:20229 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jinchodz variant outbound connection (malware-cnc.rules) * 1:20230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 0pera 10 (malware-cnc.rules) * 1:20231 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozilla//4.0 (malware-cnc.rules) * 1:20232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cycbot variant outbound connection (malware-cnc.rules) * 1:20280 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:20281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:20293 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MBVDFRESCT (malware-cnc.rules) * 1:20527 <-> DISABLED <-> MALWARE-CNC Sirefef initial C&C connection variant outbound connection (malware-cnc.rules) * 1:20754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut-3 variant outbound connection (malware-cnc.rules) * 1:20755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Krap variant outbound connection (malware-cnc.rules) * 1:20756 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules) * 1:20759 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gbot.oce variant outbound connection (malware-cnc.rules) * 1:20762 <-> DISABLED <-> MALWARE-CNC MacOS.Flashback.A variant outbound connection (malware-cnc.rules) * 1:20763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye-206 variant outbound connection (malware-cnc.rules) * 1:20837 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mecklow.C runtime traffic detected (malware-cnc.rules) * 1:20927 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye-207 variant outbound connection (malware-cnc.rules) * 1:21047 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Sykipot C&C (malware-cnc.rules) * 1:21175 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Win32 Amti (malware-cnc.rules) * 1:21188 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string API Guide test program (malware-cnc.rules) * 1:21206 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Aldi Bot (malware-cnc.rules) * 1:21208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RShot.brw variant outbound connection (malware-cnc.rules) * 1:21225 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Flag (malware-cnc.rules) * 1:21230 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Betad variant outbound connection (malware-cnc.rules) * 1:21239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:21240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater variant outbound connection (malware-cnc.rules) * 1:21241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater initial variant outbound connection (malware-cnc.rules) * 1:21242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater variant outbound connection (malware-cnc.rules) * 1:21257 <-> DISABLED <-> MALWARE-CNC URI - known scanner tool muieblackcat (malware-cnc.rules) * 1:21269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cycbot variant outbound connection (malware-cnc.rules) * 1:21278 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Google Bot (malware-cnc.rules) * 1:21306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye variant outbound connectivity check (malware-cnc.rules) * 1:21311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules) * 1:21313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules) * 1:21318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV TDSS/PurpleHaze variant outbound connection - base64 encoded (malware-cnc.rules) * 1:21327 <-> DISABLED <-> MALWARE-CNC User-Agent ASafaWeb Scan (malware-cnc.rules) * 1:21380 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - QvodDown (malware-cnc.rules) * 1:21418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FareIt variant outbound connection (malware-cnc.rules) * 1:21426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:21427 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules) * 1:21428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Generic-24 variant outbound connection (malware-cnc.rules) * 1:21430 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BeeOne runtime traffic detected (malware-cnc.rules) * 1:21434 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mentor variant outbound connection (malware-cnc.rules) * 1:10065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10070 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm command and control propagation detected (malware-cnc.rules) * 1:10114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm command and control propagation detected (malware-cnc.rules) * 1:10179 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - BysooTB (malware-cnc.rules) * 1:10403 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duntek Checkin GET Request (malware-cnc.rules) * 1:11308 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpyDawn (malware-cnc.rules) * 1:11313 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spy-Locked (malware-cnc.rules) * 1:15165 <-> DISABLED <-> MALWARE-CNC Pushdo client communication (malware-cnc.rules) * 1:15481 <-> DISABLED <-> MALWARE-CNC Zeus/Zbot malware config file download request (malware-cnc.rules) * 1:15553 <-> DISABLED <-> MALWARE-CNC Sality virus HTTP GET request (malware-cnc.rules) * 1:15563 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.server connection (malware-cnc.rules) * 1:15564 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.file download (malware-cnc.rules) * 1:15565 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.file download (malware-cnc.rules) * 1:15730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules) * 1:15938 <-> DISABLED <-> MALWARE-CNC SubSeven client connection to server (malware-cnc.rules) * 1:16144 <-> DISABLED <-> MALWARE-CNC Bredolab bot variant outbound connection (malware-cnc.rules) * 1:16268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.tdss.1.gen install-time detection - yournewsblog.net (malware-cnc.rules) * 1:16269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.tdss.1.gen install-time detection - findzproportal1.com (malware-cnc.rules) * 1:16289 <-> DISABLED <-> MALWARE-CNC Clob bot traffic (malware-cnc.rules) * 1:16362 <-> DISABLED <-> MALWARE-CNC SpyForms malware call home (malware-cnc.rules) * 1:16368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hydraq variant outbound connection (malware-cnc.rules) * 1:16809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FraudPack variant outbound connection (malware-cnc.rules) * 1:16391 <-> DISABLED <-> MALWARE-CNC Gozi Win.Trojan.connection to C&C (malware-cnc.rules) * 1:16459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.command and control communication (malware-cnc.rules) * 1:16484 <-> DISABLED <-> MALWARE-CNC Koobface variant outbound connection (malware-cnc.rules) * 1:16485 <-> DISABLED <-> MALWARE-CNC Koobface request for captcha (malware-cnc.rules) * 1:16489 <-> DISABLED <-> MALWARE-CNC Bobax botnet variant outbound connection (malware-cnc.rules) * 1:16493 <-> DISABLED <-> MALWARE-CNC TT-bot botnet variant outbound connection (malware-cnc.rules) * 1:16496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.hacktool variant outbound connection (malware-cnc.rules) * 1:16497 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Tear Application (malware-cnc.rules) * 1:16526 <-> DISABLED <-> MALWARE-CNC VanBot IRC communication (malware-cnc.rules) * 1:16527 <-> DISABLED <-> MALWARE-CNC Zbot malware config file download request (malware-cnc.rules) * 1:16528 <-> DISABLED <-> MALWARE-CNC Zbot malware config file download request (malware-cnc.rules) * 1:16551 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - malware (malware-cnc.rules) * 1:16669 <-> DISABLED <-> MALWARE-CNC Spyeye bot variant outbound connection (malware-cnc.rules) * 1:16670 <-> DISABLED <-> MALWARE-CNC Koobface worm executable download (malware-cnc.rules) * 1:16695 <-> DISABLED <-> MALWARE-CNC Rogue AV download/update (malware-cnc.rules) * 1:16810 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16811 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16812 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16816 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16817 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (malware-cnc.rules) * 1:16822 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FlyStudio known command and control channel traffic (malware-cnc.rules) * 1:16824 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16826 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16827 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16828 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16832 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16833 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16924 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /inst.php?fff= (malware-cnc.rules) * 1:17234 <-> DISABLED <-> MALWARE-CNC VBMania mass mailing worm activity (malware-cnc.rules) * 1:17235 <-> DISABLED <-> MALWARE-CNC VBMania mass mailing worm download (malware-cnc.rules) * 1:17815 <-> DISABLED <-> MALWARE-CNC Thinkpoint fake antivirus - user display (malware-cnc.rules) * 1:17816 <-> DISABLED <-> MALWARE-CNC Thinkpoint fake antivirus - credit card submission (malware-cnc.rules) * 1:18247 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ErrCode - W32/Fujacks.htm (malware-cnc.rules) * 1:18353 <-> DISABLED <-> MALWARE-CNC User-Agent request for known PUA user agent - SelectRebates (malware-cnc.rules) * 1:18388 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RookIE/1.0 (malware-cnc.rules) * 1:18458 <-> DISABLED <-> MALWARE-CNC Night Dragon initial beacon (malware-cnc.rules) * 1:18459 <-> DISABLED <-> MALWARE-CNC Night Dragon keepalive message (malware-cnc.rules) * 1:18715 <-> DISABLED <-> MALWARE-CNC Ozdok botnet communication with C&C server (malware-cnc.rules) * 1:18934 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (Coreflood -- malware-cnc.rules) * 1:18939 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:19016 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19017 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19018 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:6197 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - smrtshpr-cs (malware-cnc.rules) * 1:6198 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SQTR_VERIFY (malware-cnc.rules) * 1:6270 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyBrowser (malware-cnc.rules) * 1:6274 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Stubby (malware-cnc.rules) * 1:6281 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - istsvc (malware-cnc.rules) * 1:6341 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spedia (malware-cnc.rules) * 1:6354 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ProxyDown (malware-cnc.rules) * 1:6357 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Need2Find (malware-cnc.rules) * 1:6362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MGS-Internal-Web-Manager (malware-cnc.rules) * 1:6363 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAcc (malware-cnc.rules) * 1:6364 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - iMeshBar (malware-cnc.rules) * 1:6366 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - eAnthMngr (malware-cnc.rules) * 1:6394 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - CodeguruBrowser (malware-cnc.rules) * 1:6491 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - snprtzdialno (malware-cnc.rules) * 1:7116 <-> DISABLED <-> MALWARE-CNC y3k 1.2 variant outbound connection icq notification (malware-cnc.rules) * 1:7135 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - IEP (malware-cnc.rules) * 1:7145 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - adfsgecoiwnf (malware-cnc.rules) * 1:7187 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules) * 1:7195 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - shprrprt-cs- (malware-cnc.rules) * 1:7511 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ed2k edonkey2000 runtime detection (malware-cnc.rules) * 1:7537 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Arrow Search (malware-cnc.rules) * 1:7540 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - http protocol (malware-cnc.rules) * 1:7572 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - DigExt (malware-cnc.rules) * 1:7582 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pcast Live (malware-cnc.rules) * 1:7587 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - URLBlaze (malware-cnc.rules) * 1:7832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Navhelper (malware-cnc.rules) * 1:8355 <-> ENABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection (malware-other.rules) * 1:8356 <-> DISABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection - send log out through email (malware-other.rules) * 1:8357 <-> DISABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection - send alert out through email (malware-other.rules) * 1:9329 <-> DISABLED <-> MALWARE-CNC yarner.b smtp propagation detection (malware-cnc.rules) * 1:9418 <-> DISABLED <-> MALWARE-CNC bagle.a http notification detection (malware-cnc.rules) * 1:9419 <-> DISABLED <-> MALWARE-OTHER sasser attempt (malware-other.rules) * 1:9420 <-> DISABLED <-> MALWARE-OTHER korgo attempt (malware-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:55922 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender privilege escalation attempt (os-windows.rules) * 1:55868 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agzz8qk-9769774-0 download attempt (malware-other.rules) * 1:55876 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bdld-9770176-0 download attempt (malware-other.rules) * 1:55893 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9771891-0 download attempt (malware-other.rules) * 1:55899 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9772677-0 download attempt (malware-other.rules) * 1:55926 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant outbound connection (malware-cnc.rules) * 1:55878 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Drolnux-9770173-0 download attempt (malware-other.rules) * 1:55912 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773282-0 download attempt (malware-other.rules) * 1:55920 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 1:55890 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Browsefox-9771664-0 download attempt (malware-other.rules) * 1:55902 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9772681-0 download attempt (malware-other.rules) * 1:55907 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9773294-0 download attempt (malware-other.rules) * 1:55895 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9772275-0 download attempt (malware-other.rules) * 1:55903 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Sdyn-9772921-0 download attempt (malware-other.rules) * 1:55911 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773282-0 download attempt (malware-other.rules) * 1:55869 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9769987-0 download attempt (malware-other.rules) * 1:55916 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Neobar-9773833-0 download attempt (malware-other.rules) * 1:55918 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 1:55906 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9773106-0 download attempt (malware-other.rules) * 1:55910 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773289-0 download attempt (malware-other.rules) * 1:55892 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Kovter-9771867-0 download attempt (malware-other.rules) * 1:55864 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ursnif-9769699-0 download attempt (malware-other.rules) * 1:55915 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Neobar-9773833-0 download attempt (malware-other.rules) * 1:55921 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 1:55928 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant script download attempt (malware-cnc.rules) * 1:55872 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9770089-0 download attempt (malware-other.rules) * 1:55884 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Cutwail-9771166-0 download attempt (malware-other.rules) * 1:55898 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakesysdef-9772554-0 download attempt (malware-other.rules) * 1:55881 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9770992-0 download attempt (malware-other.rules) * 1:55889 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Browsefox-9771664-0 download attempt (malware-other.rules) * 1:55896 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9772275-0 download attempt (malware-other.rules) * 1:55897 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakesysdef-9772554-0 download attempt (malware-other.rules) * 1:55888 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9771413-0 download attempt (malware-other.rules) * 1:55894 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9771891-0 download attempt (malware-other.rules) * 1:55875 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bdld-9770176-0 download attempt (malware-other.rules) * 1:55883 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Cutwail-9771166-0 download attempt (malware-other.rules) * 1:55905 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9773106-0 download attempt (malware-other.rules) * 1:55900 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9772677-0 download attempt (malware-other.rules) * 1:55908 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9773294-0 download attempt (malware-other.rules) * 1:55879 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9770611-0 download attempt (malware-other.rules) * 1:55873 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9770097-0 download attempt (malware-other.rules) * 1:55871 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9770089-0 download attempt (malware-other.rules) * 1:55913 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9773470-0 download attempt (malware-other.rules) * 1:55863 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ursnif-9769699-0 download attempt (malware-other.rules) * 1:55904 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Sdyn-9772921-0 download attempt (malware-other.rules) * 1:55886 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9771263-0 download attempt (malware-other.rules) * 1:55923 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender privilege escalation attempt (os-windows.rules) * 1:55874 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9770097-0 download attempt (malware-other.rules) * 1:55919 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 1:55870 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9769987-0 download attempt (malware-other.rules) * 1:55865 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Bulz-9769773-0 download attempt (malware-other.rules) * 1:55882 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9770992-0 download attempt (malware-other.rules) * 1:55887 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9771413-0 download attempt (malware-other.rules) * 1:55880 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9770611-0 download attempt (malware-other.rules) * 1:55927 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant script download attempt (malware-cnc.rules) * 1:55866 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Bulz-9769773-0 download attempt (malware-other.rules) * 1:55901 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9772681-0 download attempt (malware-other.rules) * 1:55891 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Kovter-9771867-0 download attempt (malware-other.rules) * 1:55867 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agzz8qk-9769774-0 download attempt (malware-other.rules) * 1:55909 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773289-0 download attempt (malware-other.rules) * 1:55914 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9773470-0 download attempt (malware-other.rules) * 1:55877 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Drolnux-9770173-0 download attempt (malware-other.rules) * 1:55885 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9771263-0 download attempt (malware-other.rules) * 3:55917 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1159 attack attempt (server-webapp.rules) * 3:55925 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55924 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules)
* 1:10075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm command and control propagation detected (malware-cnc.rules) * 1:10179 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - BysooTB (malware-cnc.rules) * 1:10403 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duntek Checkin GET Request (malware-cnc.rules) * 1:11308 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpyDawn (malware-cnc.rules) * 1:10113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm command and control propagation detected (malware-cnc.rules) * 1:25050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:25049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik.Kolilks variant outbound connection (malware-cnc.rules) * 1:25070 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules) * 1:10071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:25071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Macnsed variant outbound connection (malware-cnc.rules) * 1:11313 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spy-Locked (malware-cnc.rules) * 1:15165 <-> DISABLED <-> MALWARE-CNC Pushdo client communication (malware-cnc.rules) * 1:15481 <-> DISABLED <-> MALWARE-CNC Zeus/Zbot malware config file download request (malware-cnc.rules) * 1:15553 <-> DISABLED <-> MALWARE-CNC Sality virus HTTP GET request (malware-cnc.rules) * 1:15563 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.server connection (malware-cnc.rules) * 1:15564 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.file download (malware-cnc.rules) * 1:15565 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.file download (malware-cnc.rules) * 1:15730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules) * 1:15938 <-> DISABLED <-> MALWARE-CNC SubSeven client connection to server (malware-cnc.rules) * 1:16144 <-> DISABLED <-> MALWARE-CNC Bredolab bot variant outbound connection (malware-cnc.rules) * 1:16268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.tdss.1.gen install-time detection - yournewsblog.net (malware-cnc.rules) * 1:16269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.tdss.1.gen install-time detection - findzproportal1.com (malware-cnc.rules) * 1:16289 <-> DISABLED <-> MALWARE-CNC Clob bot traffic (malware-cnc.rules) * 1:16362 <-> DISABLED <-> MALWARE-CNC SpyForms malware call home (malware-cnc.rules) * 1:16368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hydraq variant outbound connection (malware-cnc.rules) * 1:16391 <-> DISABLED <-> MALWARE-CNC Gozi Win.Trojan.connection to C&C (malware-cnc.rules) * 1:10076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10070 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:25098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Daws variant outbound connection (malware-cnc.rules) * 1:25099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Daws variant outbound connection (malware-cnc.rules) * 1:25100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Njrat variant outbound connection (malware-cnc.rules) * 1:25107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy.Agent variant outbound connection (malware-cnc.rules) * 1:25109 <-> DISABLED <-> MALWARE-CNC Autoit.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25119 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - NewBrandTest (malware-cnc.rules) * 1:25224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess URI and Referer (malware-cnc.rules) * 1:25229 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkkomet variant inbound connection (malware-cnc.rules) * 1:25230 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkkomet variant outbound connection (malware-cnc.rules) * 1:25231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25237 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Firelog variant outbound connection (malware-cnc.rules) * 1:25239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules) * 1:25240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Menti variant inbound connection (malware-cnc.rules) * 1:25241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetTrash variant outbound connection (malware-cnc.rules) * 1:25242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duapz variant outbound connection (malware-cnc.rules) * 1:25243 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - 04/XP (malware-cnc.rules) * 1:25244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25245 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - me0hoi (malware-cnc.rules) * 1:25249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Basutra variant outbound connection (malware-cnc.rules) * 1:25256 <-> DISABLED <-> MALWARE-CNC Win.Worm.Gamarue variant outbound connection (malware-cnc.rules) * 1:25257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Skintrim variant outbound connection (malware-cnc.rules) * 1:25258 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast variant outbound connection (malware-cnc.rules) * 1:25259 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BancosBanload variant outbound connection (malware-cnc.rules) * 1:25268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules) * 1:25269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules) * 1:25271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules) * 1:25371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ruskill variant outbound connection (malware-cnc.rules) * 1:25372 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - wh (malware-cnc.rules) * 1:25394 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/nt/th (malware-cnc.rules) * 1:25395 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/nt/sk (malware-cnc.rules) * 1:25396 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/dllhost/ac (malware-cnc.rules) * 1:25397 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/ms/check (malware-cnc.rules) * 1:25398 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/ms/flush (malware-cnc.rules) * 1:25399 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/win/wcx (malware-cnc.rules) * 1:25400 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/win/cab (malware-cnc.rules) * 1:25448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Jinch variant outbound connection (malware-cnc.rules) * 1:25465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:25470 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LoDo variant outbound connection (malware-cnc.rules) * 1:25471 <-> DISABLED <-> MALWARE-CNC Pushdo Spiral Traffic (malware-cnc.rules) * 1:25476 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules) * 1:25477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:10068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:25054 <-> DISABLED <-> MALWARE-CNC ZeroAccess Clickserver callback (malware-cnc.rules) * 1:25072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dulom variant outbound connection (malware-cnc.rules) * 1:25073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lowzone variant outbound connection (malware-cnc.rules) * 1:25074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:25075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules) * 1:25076 <-> DISABLED <-> MALWARE-CNC Win.Worm.Joanap variant variant outbound connection (malware-cnc.rules) * 1:25077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Halnine variant outbound connection (malware-cnc.rules) * 1:25093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hacktool variant outbound connection (malware-cnc.rules) * 1:25503 <-> DISABLED <-> MALWARE-CNC Necurs Rootkit sba.cgi (malware-cnc.rules) * 1:25504 <-> DISABLED <-> MALWARE-CNC Necurs Rootkit op.cgi (malware-cnc.rules) * 1:25511 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:25529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25530 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25531 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25532 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25533 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - al (malware-cnc.rules) * 1:25541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sigly variant outbound connection (malware-cnc.rules) * 1:25543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.VB variant outbound connection (malware-cnc.rules) * 1:25544 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ctwopop (malware-cnc.rules) * 1:25545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Printlove variant outbound connection (malware-cnc.rules) * 1:25546 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy.Agent variant outbound connection (malware-cnc.rules) * 1:55281 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zegost-9753424-0 download attempt (malware-other.rules) * 1:55862 <-> ENABLED <-> SERVER-WEBAPP Microsoft SharePoint EntityInstanceIdEncoder remote code execution attempt (server-webapp.rules) * 1:5760 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - OSSProxy (malware-cnc.rules) * 1:5770 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Casino (malware-cnc.rules) * 1:5774 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - FSW (malware-cnc.rules) * 1:5800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWay (malware-cnc.rules) * 1:5805 <-> DISABLED <-> MALWARE-OTHER Trackware myway speedbar runtime detection - switch engines (malware-other.rules) * 1:5808 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules) * 1:5824 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Strip-Player (malware-cnc.rules) * 1:5838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EI (malware-cnc.rules) * 1:5857 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWebSearchSearchAssistance (malware-cnc.rules) * 1:5880 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - smtp delivery (malware-other.rules) * 1:5881 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - ftp delivery (malware-other.rules) * 1:5882 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - alert notification (malware-other.rules) * 1:5900 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Async HTTP Agent (malware-cnc.rules) * 1:5901 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - AdTools (malware-cnc.rules) * 1:5907 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - check update (malware-other.rules) * 1:5908 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - redirect affiliate site request 1 (malware-other.rules) * 1:5909 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - redirect affiliate site request 2 (malware-other.rules) * 1:5913 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - My Agent (malware-cnc.rules) * 1:5954 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Browser Pal (malware-cnc.rules) * 1:5955 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Popup Stopper (malware-cnc.rules) * 1:5970 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Feat2 Updater (malware-cnc.rules) * 1:5978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TM_SEARCH3 (malware-cnc.rules) * 1:5986 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TeomaBar (malware-cnc.rules) * 1:6186 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpywareStrike (malware-cnc.rules) * 1:6197 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - smrtshpr-cs (malware-cnc.rules) * 1:6198 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SQTR_VERIFY (malware-cnc.rules) * 1:6270 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyBrowser (malware-cnc.rules) * 1:6274 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Stubby (malware-cnc.rules) * 1:6281 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - istsvc (malware-cnc.rules) * 1:6341 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spedia (malware-cnc.rules) * 1:6354 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ProxyDown (malware-cnc.rules) * 1:6357 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Need2Find (malware-cnc.rules) * 1:6362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MGS-Internal-Web-Manager (malware-cnc.rules) * 1:6363 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAcc (malware-cnc.rules) * 1:6364 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - iMeshBar (malware-cnc.rules) * 1:6366 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - eAnthMngr (malware-cnc.rules) * 1:6394 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - CodeguruBrowser (malware-cnc.rules) * 1:6491 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - snprtzdialno (malware-cnc.rules) * 1:7116 <-> DISABLED <-> MALWARE-CNC y3k 1.2 variant outbound connection icq notification (malware-cnc.rules) * 1:7135 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - IEP (malware-cnc.rules) * 1:7145 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - adfsgecoiwnf (malware-cnc.rules) * 1:7187 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules) * 1:7195 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - shprrprt-cs- (malware-cnc.rules) * 1:7511 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ed2k edonkey2000 runtime detection (malware-cnc.rules) * 1:7537 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Arrow Search (malware-cnc.rules) * 1:7540 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - http protocol (malware-cnc.rules) * 1:7572 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - DigExt (malware-cnc.rules) * 1:7582 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pcast Live (malware-cnc.rules) * 1:7587 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - URLBlaze (malware-cnc.rules) * 1:7832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Navhelper (malware-cnc.rules) * 1:8355 <-> ENABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection (malware-other.rules) * 1:8356 <-> DISABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection - send log out through email (malware-other.rules) * 1:8357 <-> DISABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection - send alert out through email (malware-other.rules) * 1:9329 <-> DISABLED <-> MALWARE-CNC yarner.b smtp propagation detection (malware-cnc.rules) * 1:9418 <-> DISABLED <-> MALWARE-CNC bagle.a http notification detection (malware-cnc.rules) * 1:9419 <-> DISABLED <-> MALWARE-OTHER sasser attempt (malware-other.rules) * 1:9420 <-> DISABLED <-> MALWARE-OTHER korgo attempt (malware-other.rules) * 1:16459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.command and control communication (malware-cnc.rules) * 1:16484 <-> DISABLED <-> MALWARE-CNC Koobface variant outbound connection (malware-cnc.rules) * 1:16485 <-> DISABLED <-> MALWARE-CNC Koobface request for captcha (malware-cnc.rules) * 1:16489 <-> DISABLED <-> MALWARE-CNC Bobax botnet variant outbound connection (malware-cnc.rules) * 1:16493 <-> DISABLED <-> MALWARE-CNC TT-bot botnet variant outbound connection (malware-cnc.rules) * 1:16496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.hacktool variant outbound connection (malware-cnc.rules) * 1:16497 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Tear Application (malware-cnc.rules) * 1:16526 <-> DISABLED <-> MALWARE-CNC VanBot IRC communication (malware-cnc.rules) * 1:16527 <-> DISABLED <-> MALWARE-CNC Zbot malware config file download request (malware-cnc.rules) * 1:16528 <-> DISABLED <-> MALWARE-CNC Zbot malware config file download request (malware-cnc.rules) * 1:16551 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - malware (malware-cnc.rules) * 1:16669 <-> DISABLED <-> MALWARE-CNC Spyeye bot variant outbound connection (malware-cnc.rules) * 1:16670 <-> DISABLED <-> MALWARE-CNC Koobface worm executable download (malware-cnc.rules) * 1:16695 <-> DISABLED <-> MALWARE-CNC Rogue AV download/update (malware-cnc.rules) * 1:16809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FraudPack variant outbound connection (malware-cnc.rules) * 1:16810 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16811 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16812 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16816 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16817 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (malware-cnc.rules) * 1:16822 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FlyStudio known command and control channel traffic (malware-cnc.rules) * 1:16824 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16826 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16827 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16828 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16832 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16833 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16924 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /inst.php?fff= (malware-cnc.rules) * 1:17234 <-> DISABLED <-> MALWARE-CNC VBMania mass mailing worm activity (malware-cnc.rules) * 1:17235 <-> DISABLED <-> MALWARE-CNC VBMania mass mailing worm download (malware-cnc.rules) * 1:17815 <-> DISABLED <-> MALWARE-CNC Thinkpoint fake antivirus - user display (malware-cnc.rules) * 1:17816 <-> DISABLED <-> MALWARE-CNC Thinkpoint fake antivirus - credit card submission (malware-cnc.rules) * 1:18247 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ErrCode - W32/Fujacks.htm (malware-cnc.rules) * 1:18353 <-> DISABLED <-> MALWARE-CNC User-Agent request for known PUA user agent - SelectRebates (malware-cnc.rules) * 1:18388 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RookIE/1.0 (malware-cnc.rules) * 1:18458 <-> DISABLED <-> MALWARE-CNC Night Dragon initial beacon (malware-cnc.rules) * 1:18459 <-> DISABLED <-> MALWARE-CNC Night Dragon keepalive message (malware-cnc.rules) * 1:18715 <-> DISABLED <-> MALWARE-CNC Ozdok botnet communication with C&C server (malware-cnc.rules) * 1:18934 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (Coreflood -- malware-cnc.rules) * 1:18939 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:19016 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19017 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19018 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19019 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jzzer.A variant outbound connection (malware-cnc.rules) * 1:19047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - RCleanT (malware-cnc.rules) * 1:19052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Httpbot.qdc variant outbound connection (malware-cnc.rules) * 1:19053 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Nusump.A variant outbound connection (malware-cnc.rules) * 1:19055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gosik.A registration (malware-cnc.rules) * 1:19056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (malware-cnc.rules) * 1:19057 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (malware-cnc.rules) * 1:19058 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Faketube update request (malware-cnc.rules) * 1:19164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyEye variant outbound connection (malware-cnc.rules) * 1:19165 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Microsoft Internet Explorer (malware-cnc.rules) * 1:19175 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent wget 3.0 (malware-cnc.rules) * 1:19328 <-> DISABLED <-> MALWARE-CNC PointGuide variant outbound connection (malware-cnc.rules) * 1:19339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper Win.Trojan.Agent.alda variant outbound connection (malware-cnc.rules) * 1:19347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poison.banr variant outbound connection (malware-cnc.rules) * 1:19348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.FraudLoad.emq variant outbound connection (malware-cnc.rules) * 1:19351 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Clicker Win.Trojan.Hatigh.C variant outbound connection (malware-cnc.rules) * 1:19353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.bkhu variant outbound connection (malware-cnc.rules) * 1:19357 <-> DISABLED <-> MALWARE-CNC Win.Worm.Sohanad.ila variant outbound connection (malware-cnc.rules) * 1:19358 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XYTvn.A variant outbound connection (malware-cnc.rules) * 1:19429 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy Win.Trojan.Dosenjo.C variant outbound connection (malware-cnc.rules) * 1:19435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmus.203 variant outbound connection (malware-cnc.rules) * 1:19480 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string STORMDDOS - Backdoor.Win32.Inject.ctt (malware-cnc.rules) * 1:19482 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ErrorFix (malware-cnc.rules) * 1:19490 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koceg.B variant outbound connection (malware-cnc.rules) * 1:19493 <-> DISABLED <-> MALWARE-CNC URI request for known malicious uri config.ini on 3322.org domain (malware-cnc.rules) * 1:19579 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Potao.A variant outbound connection (malware-cnc.rules) * 1:19589 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string MacProtector (malware-cnc.rules) * 1:19590 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Savnut.B variant outbound connection (malware-cnc.rules) * 1:19622 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - pte.aspx?ver= (malware-cnc.rules) * 1:19623 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - vic.aspx?ver= (malware-cnc.rules) * 1:19625 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - .sys.php?getexe= (malware-cnc.rules) * 1:19626 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /setup_b.asp?prj= (malware-cnc.rules) * 1:19627 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /r_autoidcnt.asp?mer_seq= (malware-cnc.rules) * 1:19628 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /1cup/script.php (malware-cnc.rules) * 1:19631 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - AnSSip= (malware-cnc.rules) * 1:19632 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/adduser.php?uid= (malware-cnc.rules) * 1:19633 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/tasks.php?uid= (malware-cnc.rules) * 1:19635 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /app/?prj= (malware-cnc.rules) * 1:19636 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /blog/images/3521.jpg?v (malware-cnc.rules) * 1:19637 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /install.asp?mac= (malware-cnc.rules) * 1:19638 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /kx4.txt (malware-cnc.rules) * 1:19657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant traffic (malware-cnc.rules) * 1:19658 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MCnovogic.A variant outbound connection (malware-cnc.rules) * 1:19702 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zboter.E variant outbound connection (malware-cnc.rules) * 1:19703 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dusta.br outbound connnection (malware-cnc.rules) * 1:19704 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (malware-cnc.rules) * 1:19705 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (malware-cnc.rules) * 1:19706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cer variant outbound connection (malware-cnc.rules) * 1:19711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules) * 1:19712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:19722 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poshtroper variant outbound connection (malware-cnc.rules) * 1:19723 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pherbot variant outbound connection (malware-cnc.rules) * 1:19730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KukuBot variant outbound connection (malware-cnc.rules) * 1:19731 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkwebot variant outbound connection (malware-cnc.rules) * 1:19732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Idicaf variant outbound connection (malware-cnc.rules) * 1:19756 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Opera/8.89 - P2P-Worm.Win32.Palevo.ddm (malware-cnc.rules) * 1:19761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftpharvxqq variant outbound connection (malware-cnc.rules) * 1:19765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:19767 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msposer.A variant outbound connection (malware-cnc.rules) * 1:19769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos outbound indicator (malware-cnc.rules) * 1:19770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (malware-cnc.rules) * 1:19771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (malware-cnc.rules) * 1:19778 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /games/java_trust.php?f= (malware-cnc.rules) * 1:19801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules) * 1:19864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nvbpass variant outbound connection (malware-cnc.rules) * 1:19882 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /160.rar - Win32/Morto.A (malware-cnc.rules) * 1:19912 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DelfInject.gen!X variant outbound connection (malware-cnc.rules) * 1:19913 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - optima/index.php (malware-cnc.rules) * 1:19964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:19995 <-> DISABLED <-> MALWARE-CNC Waledac variant outbound connection (malware-cnc.rules) * 1:20009 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string Baby Remote - Win32/Babmote.A (malware-cnc.rules) * 1:20011 <-> DISABLED <-> MALWARE-CNC Briewots.A runtime traffic detected (malware-cnc.rules) * 1:20012 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string feranet/0.4 - Win32/Ferabsa.A (malware-cnc.rules) * 1:20080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi.A variant outbound connection (malware-cnc.rules) * 1:20081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Yakes.cbi variant outbound connection (malware-cnc.rules) * 1:20099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xtrat.A variant outbound connection (malware-cnc.rules) * 1:20104 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - InfoBot (malware-cnc.rules) * 1:20105 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - IPHONE (malware-cnc.rules) * 1:20106 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - darkness (malware-cnc.rules) * 1:20201 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - meterpreter (malware-cnc.rules) * 1:20202 <-> DISABLED <-> MALWARE-CNC Apple OSX.Revir-1 variant outbound connection (malware-cnc.rules) * 1:20213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:20221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules) * 1:20228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant outbound connection (malware-cnc.rules) * 1:20229 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jinchodz variant outbound connection (malware-cnc.rules) * 1:20230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 0pera 10 (malware-cnc.rules) * 1:20231 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozilla//4.0 (malware-cnc.rules) * 1:20232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cycbot variant outbound connection (malware-cnc.rules) * 1:20280 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:20281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:20293 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MBVDFRESCT (malware-cnc.rules) * 1:20527 <-> DISABLED <-> MALWARE-CNC Sirefef initial C&C connection variant outbound connection (malware-cnc.rules) * 1:20754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut-3 variant outbound connection (malware-cnc.rules) * 1:20755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Krap variant outbound connection (malware-cnc.rules) * 1:20756 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules) * 1:20759 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gbot.oce variant outbound connection (malware-cnc.rules) * 1:20762 <-> DISABLED <-> MALWARE-CNC MacOS.Flashback.A variant outbound connection (malware-cnc.rules) * 1:20763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye-206 variant outbound connection (malware-cnc.rules) * 1:20837 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mecklow.C runtime traffic detected (malware-cnc.rules) * 1:20927 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye-207 variant outbound connection (malware-cnc.rules) * 1:21047 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Sykipot C&C (malware-cnc.rules) * 1:21175 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Win32 Amti (malware-cnc.rules) * 1:21188 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string API Guide test program (malware-cnc.rules) * 1:21206 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Aldi Bot (malware-cnc.rules) * 1:21208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RShot.brw variant outbound connection (malware-cnc.rules) * 1:21225 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Flag (malware-cnc.rules) * 1:21230 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Betad variant outbound connection (malware-cnc.rules) * 1:21239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:21240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater variant outbound connection (malware-cnc.rules) * 1:21241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater initial variant outbound connection (malware-cnc.rules) * 1:21242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater variant outbound connection (malware-cnc.rules) * 1:21257 <-> DISABLED <-> MALWARE-CNC URI - known scanner tool muieblackcat (malware-cnc.rules) * 1:21269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cycbot variant outbound connection (malware-cnc.rules) * 1:21278 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Google Bot (malware-cnc.rules) * 1:21306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye variant outbound connectivity check (malware-cnc.rules) * 1:21311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules) * 1:21313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules) * 1:21318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV TDSS/PurpleHaze variant outbound connection - base64 encoded (malware-cnc.rules) * 1:21327 <-> DISABLED <-> MALWARE-CNC User-Agent ASafaWeb Scan (malware-cnc.rules) * 1:21380 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - QvodDown (malware-cnc.rules) * 1:21418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FareIt variant outbound connection (malware-cnc.rules) * 1:21426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:21427 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules) * 1:21428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Generic-24 variant outbound connection (malware-cnc.rules) * 1:21430 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BeeOne runtime traffic detected (malware-cnc.rules) * 1:21434 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mentor variant outbound connection (malware-cnc.rules) * 1:21435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mentor inbound connection - post infection (malware-cnc.rules) * 1:21436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Startpage variant outbound connection (malware-cnc.rules) * 1:21440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Murofet variant outbound connection (malware-cnc.rules) * 1:21441 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules) * 1:21455 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string psi (malware-cnc.rules) * 1:21469 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 1234567890 (malware-cnc.rules) * 1:21475 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string core-project (malware-cnc.rules) * 1:21476 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent YZF (malware-cnc.rules) * 1:21525 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:21526 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent TCYWinHTTPDownload (malware-cnc.rules) * 1:21538 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound payload request (malware-cnc.rules) * 1:21547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:21548 <-> DISABLED <-> MALWARE-CNC Cutwail landing page connection (malware-cnc.rules) * 1:21551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kahn variant outbound connection (malware-cnc.rules) * 1:21552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kahn variant outbound connection (malware-cnc.rules) * 1:21562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bredolab variant outbound connection (malware-cnc.rules) * 1:21563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules) * 1:21564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules) * 1:21565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules) * 1:21591 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent Gamevance tl_v (malware-cnc.rules) * 1:21593 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules) * 1:21622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Georbot variant outbound connection (malware-cnc.rules) * 1:21631 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinowal javascript delivery method (malware-cnc.rules) * 1:21632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules) * 1:21636 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent gbot (malware-cnc.rules) * 1:21638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aluereon TDSS infection variant outbound connection (malware-cnc.rules) * 1:21639 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent mus - TDSS related (malware-cnc.rules) * 1:21755 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules) * 1:21756 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules) * 1:21757 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules) * 1:21758 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules) * 1:21760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:21761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:21852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orsam variant outbound connection (malware-cnc.rules) * 1:21877 <-> DISABLED <-> MALWARE-CNC Apple OSX.Sabpub variant outbound connection (malware-cnc.rules) * 1:21910 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware user-agent (malware-cnc.rules) * 1:21911 <-> DISABLED <-> MALWARE-CNC Aldi variant outbound connection C&C checkin (malware-cnc.rules) * 1:21912 <-> DISABLED <-> MALWARE-CNC Aldi bot variant outbound connection user-agent (malware-cnc.rules) * 1:21925 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent BOT/0.1 (malware-cnc.rules) * 1:21945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (malware-cnc.rules) * 1:21946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (malware-cnc.rules) * 1:21965 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VB WININET (malware-cnc.rules) * 1:21983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BamCompiled variant outbound connection (malware-cnc.rules) * 1:21984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BamCompiled variant inbound updates (malware-cnc.rules) * 1:22033 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware variant outbound connection (malware-cnc.rules) * 1:22034 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware variant outbound connection (malware-cnc.rules) * 1:22047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jokbot variant outbound connection (malware-cnc.rules) * 1:22048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus P2P outbound connection (malware-cnc.rules) * 1:22054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prorat variant outbound connection (malware-cnc.rules) * 1:22058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules) * 1:22059 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:22060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fepgul variant outbound connection (malware-cnc.rules) * 1:22099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Piroxcc variant outbound connection (malware-cnc.rules) * 1:22100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Midhos variant outbound connection (malware-cnc.rules) * 1:22103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coswid.klk variant outbound connection (malware-cnc.rules) * 1:22937 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxyier variant outbound connection (malware-cnc.rules) * 1:22939 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent RAbcLib (malware-cnc.rules) * 1:23019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Flame malware (malware-cnc.rules) * 1:23057 <-> DISABLED <-> MALWARE-CNC Flame malware connection - /view.php (malware-cnc.rules) * 1:23103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik variant outbound connection (malware-cnc.rules) * 1:23104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:23109 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lolbot variant outbound connection (malware-cnc.rules) * 1:23242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.boxg connect to cnc server (malware-cnc.rules) * 1:23244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules) * 1:23245 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:23254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf.CL variant outbound connection (malware-cnc.rules) * 1:23261 <-> DISABLED <-> MALWARE-CNC known command and control traffic - Pushbot (malware-cnc.rules) * 1:23262 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:23307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper connect to server (malware-cnc.rules) * 1:23332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dishigy variant outbound connection (malware-cnc.rules) * 1:23334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader initial C&C checkin (malware-cnc.rules) * 1:23335 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:23342 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:23382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyEye variant outbound connection (malware-cnc.rules) * 1:23391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hioles.C variant outbound connection (malware-cnc.rules) * 1:23394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbvoleur.a variant outbound connection (malware-cnc.rules) * 1:23467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mazben file download (malware-cnc.rules) * 1:23473 <-> DISABLED <-> MALWARE-CNC URI request for runforestrun - JS.Runfore (malware-cnc.rules) * 1:23492 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules) * 1:23493 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules) * 1:23600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue outbound connection (malware-cnc.rules) * 1:23615 <-> DISABLED <-> MALWARE-CNC ACAD.Medre.A variant outbound connection (malware-cnc.rules) * 1:23627 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - PoisonIvy RAT (malware-cnc.rules) * 1:23628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pincav variant outbound connection (malware-cnc.rules) * 1:23633 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kegotip variant report to cnc-server (malware-cnc.rules) * 1:23635 <-> DISABLED <-> MALWARE-CNC Gozi trojan checkin (malware-cnc.rules) * 1:23778 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik variant outbound connection (malware-cnc.rules) * 1:23824 <-> DISABLED <-> MALWARE-CNC Gauss malware check-in (malware-cnc.rules) * 1:23893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DistTrack command and control traffic (malware-cnc.rules) * 1:23903 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - you (malware-cnc.rules) * 1:23938 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ibabyfa.dldr variant outbound connection (malware-cnc.rules) * 1:23942 <-> DISABLED <-> MALWARE-CNC Win.Trojan.C0D0SO0 variant outbound traffic (malware-cnc.rules) * 1:23945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor variant outbound connection (malware-cnc.rules) * 1:23946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor file download (malware-cnc.rules) * 1:23968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crisis variant outbound connection (malware-cnc.rules) * 1:23972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:23978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hostposer variant outbound connection (malware-cnc.rules) * 1:23987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik.Kazy variant outbound connection (malware-cnc.rules) * 1:24062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hufysk variant outbound connection (malware-cnc.rules) * 1:24111 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Post (malware-cnc.rules) * 1:24169 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:24185 <-> DISABLED <-> MALWARE-CNC Win.Work.Rokiwobi inbound command from C&C (malware-cnc.rules) * 1:24211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xamtrav update protocol connection (malware-cnc.rules) * 1:24214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seveto variant outbound connection (malware-cnc.rules) * 1:24215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:24216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Biloky variant outbound connection (malware-cnc.rules) * 1:24217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules) * 1:24224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules) * 1:24235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wuwo initial infection variant outbound connection (malware-cnc.rules) * 1:24236 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wuwo post infection variant outbound connection (malware-cnc.rules) * 1:24361 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi.Prinimalka variant outbound connection (malware-cnc.rules) * 1:24375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules) * 1:24381 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules) * 1:24382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules) * 1:24439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Encriyoko variant outbound connection (malware-cnc.rules) * 1:24440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chiviper variant outbound connection (malware-cnc.rules) * 1:24441 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Testing (malware-cnc.rules) * 1:24442 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alerter COM (malware-cnc.rules) * 1:24482 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chif variant outbound connection (malware-cnc.rules) * 1:24491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo redirection landing page pre-infection (malware-cnc.rules) * 1:24492 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24493 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24495 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24504 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules) * 1:24514 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lucuis variant outbound connection (malware-cnc.rules) * 1:24523 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MautoitRAT variant outbound connection (malware-cnc.rules) * 1:24531 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scondatie.A variant outbound connection (malware-cnc.rules) * 1:24532 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scondatie.A inbound connection (malware-cnc.rules) * 1:24533 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:24534 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules) * 1:24563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Veli variant outbound connection (malware-cnc.rules) * 1:24566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules) * 1:24568 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Mozilla/00 (malware-cnc.rules) * 1:24575 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Opera/9.61 (malware-cnc.rules) * 1:24630 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Klovbot variant outbound connection (malware-cnc.rules) * 1:24631 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Lizard/1.0 (malware-cnc.rules) * 1:24632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VaccinePC variant outbound connection (malware-cnc.rules) * 1:24633 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - test_hInternet (malware-cnc.rules) * 1:24634 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - vaccinepc (malware-cnc.rules) * 1:24858 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quarian variant outbound connection - proxy connection (malware-cnc.rules) * 1:24873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gnutler variant outbound connection (malware-cnc.rules) * 1:24885 <-> DISABLED <-> MALWARE-CNC Potential Banking Trojan Config File Download (malware-cnc.rules) * 1:24886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant outbound connection (malware-cnc.rules) * 1:25007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wealwedst variant outbound connection (malware-cnc.rules) * 1:25009 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules) * 1:25010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules) * 1:25011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules) * 1:25016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules) * 1:25021 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Azbreg variant outbound connection (malware-cnc.rules) * 1:25022 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato variant outbound connection (malware-cnc.rules) * 1:25023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:25024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:25025 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Recslurp variant outbound connection (malware-cnc.rules) * 1:25026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Juasek variant outbound connection (malware-cnc.rules) * 1:25027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Opachki variant connect to cnc-server (malware-cnc.rules) * 1:25028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peed variant outbound connection (malware-cnc.rules) * 1:25029 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nevsyn variant outbound connection (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:55891 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Kovter-9771867-0 download attempt (malware-other.rules) * 1:55863 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ursnif-9769699-0 download attempt (malware-other.rules) * 1:55871 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9770089-0 download attempt (malware-other.rules) * 1:55879 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9770611-0 download attempt (malware-other.rules) * 1:55908 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9773294-0 download attempt (malware-other.rules) * 1:55913 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9773470-0 download attempt (malware-other.rules) * 1:55873 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9770097-0 download attempt (malware-other.rules) * 1:55870 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9769987-0 download attempt (malware-other.rules) * 1:55874 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9770097-0 download attempt (malware-other.rules) * 1:55919 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 1:55893 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9771891-0 download attempt (malware-other.rules) * 1:55904 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Sdyn-9772921-0 download attempt (malware-other.rules) * 1:55923 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender privilege escalation attempt (os-windows.rules) * 1:55886 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9771263-0 download attempt (malware-other.rules) * 1:55881 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9770992-0 download attempt (malware-other.rules) * 1:55884 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Cutwail-9771166-0 download attempt (malware-other.rules) * 1:55898 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakesysdef-9772554-0 download attempt (malware-other.rules) * 1:55921 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 1:55915 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Neobar-9773833-0 download attempt (malware-other.rules) * 1:55872 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9770089-0 download attempt (malware-other.rules) * 1:55928 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant script download attempt (malware-cnc.rules) * 1:55892 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Kovter-9771867-0 download attempt (malware-other.rules) * 1:55864 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ursnif-9769699-0 download attempt (malware-other.rules) * 1:55875 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bdld-9770176-0 download attempt (malware-other.rules) * 1:55883 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Cutwail-9771166-0 download attempt (malware-other.rules) * 1:55905 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9773106-0 download attempt (malware-other.rules) * 1:55900 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9772677-0 download attempt (malware-other.rules) * 1:55897 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakesysdef-9772554-0 download attempt (malware-other.rules) * 1:55888 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9771413-0 download attempt (malware-other.rules) * 1:55889 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Browsefox-9771664-0 download attempt (malware-other.rules) * 1:55896 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9772275-0 download attempt (malware-other.rules) * 1:55878 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Drolnux-9770173-0 download attempt (malware-other.rules) * 1:55909 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773289-0 download attempt (malware-other.rules) * 1:55912 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773282-0 download attempt (malware-other.rules) * 1:55920 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 1:55926 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant outbound connection (malware-cnc.rules) * 1:55899 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9772677-0 download attempt (malware-other.rules) * 1:55876 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bdld-9770176-0 download attempt (malware-other.rules) * 1:55868 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agzz8qk-9769774-0 download attempt (malware-other.rules) * 1:55918 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 1:55916 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Neobar-9773833-0 download attempt (malware-other.rules) * 1:55910 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773289-0 download attempt (malware-other.rules) * 1:55906 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9773106-0 download attempt (malware-other.rules) * 1:55903 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Sdyn-9772921-0 download attempt (malware-other.rules) * 1:55895 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9772275-0 download attempt (malware-other.rules) * 1:55911 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773282-0 download attempt (malware-other.rules) * 1:55907 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9773294-0 download attempt (malware-other.rules) * 1:55869 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9769987-0 download attempt (malware-other.rules) * 1:55890 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Browsefox-9771664-0 download attempt (malware-other.rules) * 1:55902 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9772681-0 download attempt (malware-other.rules) * 1:55885 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9771263-0 download attempt (malware-other.rules) * 1:55922 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender privilege escalation attempt (os-windows.rules) * 1:55877 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Drolnux-9770173-0 download attempt (malware-other.rules) * 1:55894 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9771891-0 download attempt (malware-other.rules) * 1:55914 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9773470-0 download attempt (malware-other.rules) * 1:55867 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agzz8qk-9769774-0 download attempt (malware-other.rules) * 1:55882 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9770992-0 download attempt (malware-other.rules) * 1:55927 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant script download attempt (malware-cnc.rules) * 1:55865 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Bulz-9769773-0 download attempt (malware-other.rules) * 1:55880 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9770611-0 download attempt (malware-other.rules) * 1:55887 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9771413-0 download attempt (malware-other.rules) * 1:55901 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9772681-0 download attempt (malware-other.rules) * 1:55866 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Bulz-9769773-0 download attempt (malware-other.rules) * 3:55917 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1159 attack attempt (server-webapp.rules) * 3:55925 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55924 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules)
* 1:10068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm command and control propagation detected (malware-cnc.rules) * 1:10069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:25050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:10070 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:25054 <-> DISABLED <-> MALWARE-CNC ZeroAccess Clickserver callback (malware-cnc.rules) * 1:10066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:6274 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Stubby (malware-cnc.rules) * 1:25072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dulom variant outbound connection (malware-cnc.rules) * 1:10072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:25075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules) * 1:6281 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - istsvc (malware-cnc.rules) * 1:25076 <-> DISABLED <-> MALWARE-CNC Win.Worm.Joanap variant variant outbound connection (malware-cnc.rules) * 1:25073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lowzone variant outbound connection (malware-cnc.rules) * 1:6341 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spedia (malware-cnc.rules) * 1:25093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hacktool variant outbound connection (malware-cnc.rules) * 1:6354 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ProxyDown (malware-cnc.rules) * 1:10074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:6357 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Need2Find (malware-cnc.rules) * 1:6362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MGS-Internal-Web-Manager (malware-cnc.rules) * 1:6363 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAcc (malware-cnc.rules) * 1:6364 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - iMeshBar (malware-cnc.rules) * 1:6366 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - eAnthMngr (malware-cnc.rules) * 1:6394 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - CodeguruBrowser (malware-cnc.rules) * 1:6491 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - snprtzdialno (malware-cnc.rules) * 1:7116 <-> DISABLED <-> MALWARE-CNC y3k 1.2 variant outbound connection icq notification (malware-cnc.rules) * 1:7135 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - IEP (malware-cnc.rules) * 1:7145 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - adfsgecoiwnf (malware-cnc.rules) * 1:7187 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules) * 1:25544 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ctwopop (malware-cnc.rules) * 1:5882 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - alert notification (malware-other.rules) * 1:25070 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules) * 1:5900 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Async HTTP Agent (malware-cnc.rules) * 1:25545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Printlove variant outbound connection (malware-cnc.rules) * 1:5901 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - AdTools (malware-cnc.rules) * 1:5907 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - check update (malware-other.rules) * 1:5908 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - redirect affiliate site request 1 (malware-other.rules) * 1:5909 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - redirect affiliate site request 2 (malware-other.rules) * 1:5913 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - My Agent (malware-cnc.rules) * 1:5954 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Browser Pal (malware-cnc.rules) * 1:5955 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Popup Stopper (malware-cnc.rules) * 1:5970 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Feat2 Updater (malware-cnc.rules) * 1:5978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TM_SEARCH3 (malware-cnc.rules) * 1:5986 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TeomaBar (malware-cnc.rules) * 1:6197 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - smrtshpr-cs (malware-cnc.rules) * 1:6186 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpywareStrike (malware-cnc.rules) * 1:6198 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SQTR_VERIFY (malware-cnc.rules) * 1:6270 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyBrowser (malware-cnc.rules) * 1:25074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:10075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:25546 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy.Agent variant outbound connection (malware-cnc.rules) * 1:55281 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zegost-9753424-0 download attempt (malware-other.rules) * 1:55862 <-> ENABLED <-> SERVER-WEBAPP Microsoft SharePoint EntityInstanceIdEncoder remote code execution attempt (server-webapp.rules) * 1:5760 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - OSSProxy (malware-cnc.rules) * 1:5770 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Casino (malware-cnc.rules) * 1:25077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Halnine variant outbound connection (malware-cnc.rules) * 1:5774 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - FSW (malware-cnc.rules) * 1:5800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWay (malware-cnc.rules) * 1:5805 <-> DISABLED <-> MALWARE-OTHER Trackware myway speedbar runtime detection - switch engines (malware-other.rules) * 1:5808 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules) * 1:5824 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Strip-Player (malware-cnc.rules) * 1:5838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EI (malware-cnc.rules) * 1:5857 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWebSearchSearchAssistance (malware-cnc.rules) * 1:5880 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - smtp delivery (malware-other.rules) * 1:5881 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - ftp delivery (malware-other.rules) * 1:7195 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - shprrprt-cs- (malware-cnc.rules) * 1:7511 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ed2k edonkey2000 runtime detection (malware-cnc.rules) * 1:7537 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Arrow Search (malware-cnc.rules) * 1:7540 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - http protocol (malware-cnc.rules) * 1:7572 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - DigExt (malware-cnc.rules) * 1:7582 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pcast Live (malware-cnc.rules) * 1:7587 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - URLBlaze (malware-cnc.rules) * 1:7832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Navhelper (malware-cnc.rules) * 1:8355 <-> ENABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection (malware-other.rules) * 1:8356 <-> DISABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection - send log out through email (malware-other.rules) * 1:8357 <-> DISABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection - send alert out through email (malware-other.rules) * 1:9329 <-> DISABLED <-> MALWARE-CNC yarner.b smtp propagation detection (malware-cnc.rules) * 1:9418 <-> DISABLED <-> MALWARE-CNC bagle.a http notification detection (malware-cnc.rules) * 1:9419 <-> DISABLED <-> MALWARE-OTHER sasser attempt (malware-other.rules) * 1:9420 <-> DISABLED <-> MALWARE-OTHER korgo attempt (malware-other.rules) * 1:25071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Macnsed variant outbound connection (malware-cnc.rules) * 1:25098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Daws variant outbound connection (malware-cnc.rules) * 1:25100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Njrat variant outbound connection (malware-cnc.rules) * 1:25099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Daws variant outbound connection (malware-cnc.rules) * 1:25108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy.Agent variant outbound connection (malware-cnc.rules) * 1:25107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25109 <-> DISABLED <-> MALWARE-CNC Autoit.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess URI and Referer (malware-cnc.rules) * 1:25119 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - NewBrandTest (malware-cnc.rules) * 1:25230 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkkomet variant outbound connection (malware-cnc.rules) * 1:25229 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkkomet variant inbound connection (malware-cnc.rules) * 1:25237 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Firelog variant outbound connection (malware-cnc.rules) * 1:25231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Menti variant inbound connection (malware-cnc.rules) * 1:25239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules) * 1:25241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetTrash variant outbound connection (malware-cnc.rules) * 1:25243 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - 04/XP (malware-cnc.rules) * 1:25242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duapz variant outbound connection (malware-cnc.rules) * 1:25245 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - me0hoi (malware-cnc.rules) * 1:25244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Basutra variant outbound connection (malware-cnc.rules) * 1:25257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Skintrim variant outbound connection (malware-cnc.rules) * 1:25256 <-> DISABLED <-> MALWARE-CNC Win.Worm.Gamarue variant outbound connection (malware-cnc.rules) * 1:25259 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BancosBanload variant outbound connection (malware-cnc.rules) * 1:25258 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast variant outbound connection (malware-cnc.rules) * 1:25269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules) * 1:25268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules) * 1:25371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ruskill variant outbound connection (malware-cnc.rules) * 1:25271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules) * 1:25394 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/nt/th (malware-cnc.rules) * 1:25372 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - wh (malware-cnc.rules) * 1:25396 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/dllhost/ac (malware-cnc.rules) * 1:25395 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/nt/sk (malware-cnc.rules) * 1:25398 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/ms/flush (malware-cnc.rules) * 1:25397 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/ms/check (malware-cnc.rules) * 1:25400 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/win/cab (malware-cnc.rules) * 1:25399 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/win/wcx (malware-cnc.rules) * 1:25465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:25448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Jinch variant outbound connection (malware-cnc.rules) * 1:25471 <-> DISABLED <-> MALWARE-CNC Pushdo Spiral Traffic (malware-cnc.rules) * 1:25470 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LoDo variant outbound connection (malware-cnc.rules) * 1:25477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25476 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules) * 1:25504 <-> DISABLED <-> MALWARE-CNC Necurs Rootkit op.cgi (malware-cnc.rules) * 1:25503 <-> DISABLED <-> MALWARE-CNC Necurs Rootkit sba.cgi (malware-cnc.rules) * 1:25529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25511 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:25531 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25530 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25533 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - al (malware-cnc.rules) * 1:25532 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.VB variant outbound connection (malware-cnc.rules) * 1:25541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sigly variant outbound connection (malware-cnc.rules) * 1:10114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm command and control propagation detected (malware-cnc.rules) * 1:10179 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - BysooTB (malware-cnc.rules) * 1:10403 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duntek Checkin GET Request (malware-cnc.rules) * 1:11308 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpyDawn (malware-cnc.rules) * 1:11313 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spy-Locked (malware-cnc.rules) * 1:15165 <-> DISABLED <-> MALWARE-CNC Pushdo client communication (malware-cnc.rules) * 1:15481 <-> DISABLED <-> MALWARE-CNC Zeus/Zbot malware config file download request (malware-cnc.rules) * 1:15553 <-> DISABLED <-> MALWARE-CNC Sality virus HTTP GET request (malware-cnc.rules) * 1:15563 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.server connection (malware-cnc.rules) * 1:15564 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.file download (malware-cnc.rules) * 1:15565 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.file download (malware-cnc.rules) * 1:15730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules) * 1:15938 <-> DISABLED <-> MALWARE-CNC SubSeven client connection to server (malware-cnc.rules) * 1:16144 <-> DISABLED <-> MALWARE-CNC Bredolab bot variant outbound connection (malware-cnc.rules) * 1:16268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.tdss.1.gen install-time detection - yournewsblog.net (malware-cnc.rules) * 1:16269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.tdss.1.gen install-time detection - findzproportal1.com (malware-cnc.rules) * 1:16289 <-> DISABLED <-> MALWARE-CNC Clob bot traffic (malware-cnc.rules) * 1:16362 <-> DISABLED <-> MALWARE-CNC SpyForms malware call home (malware-cnc.rules) * 1:16368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hydraq variant outbound connection (malware-cnc.rules) * 1:16391 <-> DISABLED <-> MALWARE-CNC Gozi Win.Trojan.connection to C&C (malware-cnc.rules) * 1:16459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.command and control communication (malware-cnc.rules) * 1:16484 <-> DISABLED <-> MALWARE-CNC Koobface variant outbound connection (malware-cnc.rules) * 1:16485 <-> DISABLED <-> MALWARE-CNC Koobface request for captcha (malware-cnc.rules) * 1:16489 <-> DISABLED <-> MALWARE-CNC Bobax botnet variant outbound connection (malware-cnc.rules) * 1:16493 <-> DISABLED <-> MALWARE-CNC TT-bot botnet variant outbound connection (malware-cnc.rules) * 1:16496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.hacktool variant outbound connection (malware-cnc.rules) * 1:16497 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Tear Application (malware-cnc.rules) * 1:16526 <-> DISABLED <-> MALWARE-CNC VanBot IRC communication (malware-cnc.rules) * 1:16527 <-> DISABLED <-> MALWARE-CNC Zbot malware config file download request (malware-cnc.rules) * 1:16528 <-> DISABLED <-> MALWARE-CNC Zbot malware config file download request (malware-cnc.rules) * 1:16551 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - malware (malware-cnc.rules) * 1:16669 <-> DISABLED <-> MALWARE-CNC Spyeye bot variant outbound connection (malware-cnc.rules) * 1:16670 <-> DISABLED <-> MALWARE-CNC Koobface worm executable download (malware-cnc.rules) * 1:16695 <-> DISABLED <-> MALWARE-CNC Rogue AV download/update (malware-cnc.rules) * 1:16809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FraudPack variant outbound connection (malware-cnc.rules) * 1:16810 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16811 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16812 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16816 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16817 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (malware-cnc.rules) * 1:16822 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FlyStudio known command and control channel traffic (malware-cnc.rules) * 1:16824 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16826 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16827 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16828 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16832 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16833 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16924 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /inst.php?fff= (malware-cnc.rules) * 1:17234 <-> DISABLED <-> MALWARE-CNC VBMania mass mailing worm activity (malware-cnc.rules) * 1:17235 <-> DISABLED <-> MALWARE-CNC VBMania mass mailing worm download (malware-cnc.rules) * 1:17815 <-> DISABLED <-> MALWARE-CNC Thinkpoint fake antivirus - user display (malware-cnc.rules) * 1:17816 <-> DISABLED <-> MALWARE-CNC Thinkpoint fake antivirus - credit card submission (malware-cnc.rules) * 1:18247 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ErrCode - W32/Fujacks.htm (malware-cnc.rules) * 1:18353 <-> DISABLED <-> MALWARE-CNC User-Agent request for known PUA user agent - SelectRebates (malware-cnc.rules) * 1:18388 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RookIE/1.0 (malware-cnc.rules) * 1:18458 <-> DISABLED <-> MALWARE-CNC Night Dragon initial beacon (malware-cnc.rules) * 1:18459 <-> DISABLED <-> MALWARE-CNC Night Dragon keepalive message (malware-cnc.rules) * 1:18715 <-> DISABLED <-> MALWARE-CNC Ozdok botnet communication with C&C server (malware-cnc.rules) * 1:18934 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (Coreflood -- malware-cnc.rules) * 1:18939 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:19016 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19017 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19018 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19019 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jzzer.A variant outbound connection (malware-cnc.rules) * 1:19047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - RCleanT (malware-cnc.rules) * 1:19052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Httpbot.qdc variant outbound connection (malware-cnc.rules) * 1:19053 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Nusump.A variant outbound connection (malware-cnc.rules) * 1:19055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gosik.A registration (malware-cnc.rules) * 1:19056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (malware-cnc.rules) * 1:19057 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (malware-cnc.rules) * 1:19058 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Faketube update request (malware-cnc.rules) * 1:19164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyEye variant outbound connection (malware-cnc.rules) * 1:19165 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Microsoft Internet Explorer (malware-cnc.rules) * 1:19175 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent wget 3.0 (malware-cnc.rules) * 1:19328 <-> DISABLED <-> MALWARE-CNC PointGuide variant outbound connection (malware-cnc.rules) * 1:19339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper Win.Trojan.Agent.alda variant outbound connection (malware-cnc.rules) * 1:19347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poison.banr variant outbound connection (malware-cnc.rules) * 1:19348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.FraudLoad.emq variant outbound connection (malware-cnc.rules) * 1:19351 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Clicker Win.Trojan.Hatigh.C variant outbound connection (malware-cnc.rules) * 1:19353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.bkhu variant outbound connection (malware-cnc.rules) * 1:19357 <-> DISABLED <-> MALWARE-CNC Win.Worm.Sohanad.ila variant outbound connection (malware-cnc.rules) * 1:19358 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XYTvn.A variant outbound connection (malware-cnc.rules) * 1:19429 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy Win.Trojan.Dosenjo.C variant outbound connection (malware-cnc.rules) * 1:19435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmus.203 variant outbound connection (malware-cnc.rules) * 1:19480 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string STORMDDOS - Backdoor.Win32.Inject.ctt (malware-cnc.rules) * 1:19482 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ErrorFix (malware-cnc.rules) * 1:19490 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koceg.B variant outbound connection (malware-cnc.rules) * 1:19493 <-> DISABLED <-> MALWARE-CNC URI request for known malicious uri config.ini on 3322.org domain (malware-cnc.rules) * 1:19579 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Potao.A variant outbound connection (malware-cnc.rules) * 1:19589 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string MacProtector (malware-cnc.rules) * 1:19590 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Savnut.B variant outbound connection (malware-cnc.rules) * 1:19622 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - pte.aspx?ver= (malware-cnc.rules) * 1:19623 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - vic.aspx?ver= (malware-cnc.rules) * 1:19625 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - .sys.php?getexe= (malware-cnc.rules) * 1:19626 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /setup_b.asp?prj= (malware-cnc.rules) * 1:19627 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /r_autoidcnt.asp?mer_seq= (malware-cnc.rules) * 1:19628 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /1cup/script.php (malware-cnc.rules) * 1:19631 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - AnSSip= (malware-cnc.rules) * 1:19632 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/adduser.php?uid= (malware-cnc.rules) * 1:19633 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/tasks.php?uid= (malware-cnc.rules) * 1:19635 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /app/?prj= (malware-cnc.rules) * 1:19636 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /blog/images/3521.jpg?v (malware-cnc.rules) * 1:19637 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /install.asp?mac= (malware-cnc.rules) * 1:19638 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /kx4.txt (malware-cnc.rules) * 1:19657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant traffic (malware-cnc.rules) * 1:19658 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MCnovogic.A variant outbound connection (malware-cnc.rules) * 1:19702 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zboter.E variant outbound connection (malware-cnc.rules) * 1:19703 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dusta.br outbound connnection (malware-cnc.rules) * 1:19704 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (malware-cnc.rules) * 1:19705 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (malware-cnc.rules) * 1:19706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cer variant outbound connection (malware-cnc.rules) * 1:19711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules) * 1:19712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:19722 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poshtroper variant outbound connection (malware-cnc.rules) * 1:19723 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pherbot variant outbound connection (malware-cnc.rules) * 1:19730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KukuBot variant outbound connection (malware-cnc.rules) * 1:19731 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkwebot variant outbound connection (malware-cnc.rules) * 1:19732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Idicaf variant outbound connection (malware-cnc.rules) * 1:19756 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Opera/8.89 - P2P-Worm.Win32.Palevo.ddm (malware-cnc.rules) * 1:19761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftpharvxqq variant outbound connection (malware-cnc.rules) * 1:19765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:19767 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msposer.A variant outbound connection (malware-cnc.rules) * 1:19769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos outbound indicator (malware-cnc.rules) * 1:19770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (malware-cnc.rules) * 1:19771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (malware-cnc.rules) * 1:19778 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /games/java_trust.php?f= (malware-cnc.rules) * 1:19801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules) * 1:19864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nvbpass variant outbound connection (malware-cnc.rules) * 1:19882 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /160.rar - Win32/Morto.A (malware-cnc.rules) * 1:19912 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DelfInject.gen!X variant outbound connection (malware-cnc.rules) * 1:19913 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - optima/index.php (malware-cnc.rules) * 1:19964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:19995 <-> DISABLED <-> MALWARE-CNC Waledac variant outbound connection (malware-cnc.rules) * 1:20009 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string Baby Remote - Win32/Babmote.A (malware-cnc.rules) * 1:20011 <-> DISABLED <-> MALWARE-CNC Briewots.A runtime traffic detected (malware-cnc.rules) * 1:20012 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string feranet/0.4 - Win32/Ferabsa.A (malware-cnc.rules) * 1:20080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi.A variant outbound connection (malware-cnc.rules) * 1:20081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Yakes.cbi variant outbound connection (malware-cnc.rules) * 1:20099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xtrat.A variant outbound connection (malware-cnc.rules) * 1:20104 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - InfoBot (malware-cnc.rules) * 1:20105 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - IPHONE (malware-cnc.rules) * 1:20106 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - darkness (malware-cnc.rules) * 1:20201 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - meterpreter (malware-cnc.rules) * 1:20202 <-> DISABLED <-> MALWARE-CNC Apple OSX.Revir-1 variant outbound connection (malware-cnc.rules) * 1:20213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:20221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules) * 1:20228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant outbound connection (malware-cnc.rules) * 1:20229 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jinchodz variant outbound connection (malware-cnc.rules) * 1:20230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 0pera 10 (malware-cnc.rules) * 1:20231 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozilla//4.0 (malware-cnc.rules) * 1:20232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cycbot variant outbound connection (malware-cnc.rules) * 1:20280 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:20281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:20293 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MBVDFRESCT (malware-cnc.rules) * 1:20527 <-> DISABLED <-> MALWARE-CNC Sirefef initial C&C connection variant outbound connection (malware-cnc.rules) * 1:20754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut-3 variant outbound connection (malware-cnc.rules) * 1:20755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Krap variant outbound connection (malware-cnc.rules) * 1:20756 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules) * 1:20759 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gbot.oce variant outbound connection (malware-cnc.rules) * 1:20762 <-> DISABLED <-> MALWARE-CNC MacOS.Flashback.A variant outbound connection (malware-cnc.rules) * 1:20763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye-206 variant outbound connection (malware-cnc.rules) * 1:20837 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mecklow.C runtime traffic detected (malware-cnc.rules) * 1:20927 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye-207 variant outbound connection (malware-cnc.rules) * 1:21047 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Sykipot C&C (malware-cnc.rules) * 1:21175 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Win32 Amti (malware-cnc.rules) * 1:21188 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string API Guide test program (malware-cnc.rules) * 1:21206 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Aldi Bot (malware-cnc.rules) * 1:21208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RShot.brw variant outbound connection (malware-cnc.rules) * 1:21225 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Flag (malware-cnc.rules) * 1:21230 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Betad variant outbound connection (malware-cnc.rules) * 1:21239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:21240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater variant outbound connection (malware-cnc.rules) * 1:21241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater initial variant outbound connection (malware-cnc.rules) * 1:21242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater variant outbound connection (malware-cnc.rules) * 1:21257 <-> DISABLED <-> MALWARE-CNC URI - known scanner tool muieblackcat (malware-cnc.rules) * 1:21269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cycbot variant outbound connection (malware-cnc.rules) * 1:21278 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Google Bot (malware-cnc.rules) * 1:21306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye variant outbound connectivity check (malware-cnc.rules) * 1:21311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules) * 1:21313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules) * 1:21318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV TDSS/PurpleHaze variant outbound connection - base64 encoded (malware-cnc.rules) * 1:21327 <-> DISABLED <-> MALWARE-CNC User-Agent ASafaWeb Scan (malware-cnc.rules) * 1:21380 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - QvodDown (malware-cnc.rules) * 1:21418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FareIt variant outbound connection (malware-cnc.rules) * 1:21426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:21427 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules) * 1:21428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Generic-24 variant outbound connection (malware-cnc.rules) * 1:21430 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BeeOne runtime traffic detected (malware-cnc.rules) * 1:21434 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mentor variant outbound connection (malware-cnc.rules) * 1:21435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mentor inbound connection - post infection (malware-cnc.rules) * 1:21436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Startpage variant outbound connection (malware-cnc.rules) * 1:21440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Murofet variant outbound connection (malware-cnc.rules) * 1:21441 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules) * 1:21455 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string psi (malware-cnc.rules) * 1:21469 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 1234567890 (malware-cnc.rules) * 1:21475 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string core-project (malware-cnc.rules) * 1:21476 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent YZF (malware-cnc.rules) * 1:21525 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:21526 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent TCYWinHTTPDownload (malware-cnc.rules) * 1:21538 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound payload request (malware-cnc.rules) * 1:21547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:21548 <-> DISABLED <-> MALWARE-CNC Cutwail landing page connection (malware-cnc.rules) * 1:21551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kahn variant outbound connection (malware-cnc.rules) * 1:21552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kahn variant outbound connection (malware-cnc.rules) * 1:21562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bredolab variant outbound connection (malware-cnc.rules) * 1:21563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules) * 1:21564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules) * 1:21565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules) * 1:21591 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent Gamevance tl_v (malware-cnc.rules) * 1:21593 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules) * 1:21622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Georbot variant outbound connection (malware-cnc.rules) * 1:21631 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinowal javascript delivery method (malware-cnc.rules) * 1:21632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules) * 1:21636 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent gbot (malware-cnc.rules) * 1:21638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aluereon TDSS infection variant outbound connection (malware-cnc.rules) * 1:21639 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent mus - TDSS related (malware-cnc.rules) * 1:21755 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules) * 1:21756 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules) * 1:21757 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules) * 1:21758 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules) * 1:21760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:21761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:21852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orsam variant outbound connection (malware-cnc.rules) * 1:21877 <-> DISABLED <-> MALWARE-CNC Apple OSX.Sabpub variant outbound connection (malware-cnc.rules) * 1:21910 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware user-agent (malware-cnc.rules) * 1:21911 <-> DISABLED <-> MALWARE-CNC Aldi variant outbound connection C&C checkin (malware-cnc.rules) * 1:21912 <-> DISABLED <-> MALWARE-CNC Aldi bot variant outbound connection user-agent (malware-cnc.rules) * 1:21925 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent BOT/0.1 (malware-cnc.rules) * 1:21945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (malware-cnc.rules) * 1:21946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (malware-cnc.rules) * 1:21965 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VB WININET (malware-cnc.rules) * 1:21983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BamCompiled variant outbound connection (malware-cnc.rules) * 1:21984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BamCompiled variant inbound updates (malware-cnc.rules) * 1:22033 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware variant outbound connection (malware-cnc.rules) * 1:22034 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware variant outbound connection (malware-cnc.rules) * 1:22047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jokbot variant outbound connection (malware-cnc.rules) * 1:22048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus P2P outbound connection (malware-cnc.rules) * 1:22054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prorat variant outbound connection (malware-cnc.rules) * 1:22058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules) * 1:22059 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:22060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fepgul variant outbound connection (malware-cnc.rules) * 1:22099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Piroxcc variant outbound connection (malware-cnc.rules) * 1:22100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Midhos variant outbound connection (malware-cnc.rules) * 1:22103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coswid.klk variant outbound connection (malware-cnc.rules) * 1:22937 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxyier variant outbound connection (malware-cnc.rules) * 1:22939 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent RAbcLib (malware-cnc.rules) * 1:23019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Flame malware (malware-cnc.rules) * 1:23057 <-> DISABLED <-> MALWARE-CNC Flame malware connection - /view.php (malware-cnc.rules) * 1:23103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik variant outbound connection (malware-cnc.rules) * 1:23104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:23109 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lolbot variant outbound connection (malware-cnc.rules) * 1:23242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.boxg connect to cnc server (malware-cnc.rules) * 1:23244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules) * 1:23245 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:23254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf.CL variant outbound connection (malware-cnc.rules) * 1:23261 <-> DISABLED <-> MALWARE-CNC known command and control traffic - Pushbot (malware-cnc.rules) * 1:23262 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:23307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper connect to server (malware-cnc.rules) * 1:23332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dishigy variant outbound connection (malware-cnc.rules) * 1:23334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader initial C&C checkin (malware-cnc.rules) * 1:23335 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:23342 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:23382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyEye variant outbound connection (malware-cnc.rules) * 1:23391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hioles.C variant outbound connection (malware-cnc.rules) * 1:23394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbvoleur.a variant outbound connection (malware-cnc.rules) * 1:23467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mazben file download (malware-cnc.rules) * 1:23473 <-> DISABLED <-> MALWARE-CNC URI request for runforestrun - JS.Runfore (malware-cnc.rules) * 1:23492 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules) * 1:23493 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules) * 1:23600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue outbound connection (malware-cnc.rules) * 1:23615 <-> DISABLED <-> MALWARE-CNC ACAD.Medre.A variant outbound connection (malware-cnc.rules) * 1:23627 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - PoisonIvy RAT (malware-cnc.rules) * 1:23628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pincav variant outbound connection (malware-cnc.rules) * 1:23633 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kegotip variant report to cnc-server (malware-cnc.rules) * 1:23635 <-> DISABLED <-> MALWARE-CNC Gozi trojan checkin (malware-cnc.rules) * 1:23778 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik variant outbound connection (malware-cnc.rules) * 1:23824 <-> DISABLED <-> MALWARE-CNC Gauss malware check-in (malware-cnc.rules) * 1:23893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DistTrack command and control traffic (malware-cnc.rules) * 1:23903 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - you (malware-cnc.rules) * 1:23938 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ibabyfa.dldr variant outbound connection (malware-cnc.rules) * 1:23942 <-> DISABLED <-> MALWARE-CNC Win.Trojan.C0D0SO0 variant outbound traffic (malware-cnc.rules) * 1:23945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor variant outbound connection (malware-cnc.rules) * 1:23946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor file download (malware-cnc.rules) * 1:23968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crisis variant outbound connection (malware-cnc.rules) * 1:23972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:23978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hostposer variant outbound connection (malware-cnc.rules) * 1:23987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik.Kazy variant outbound connection (malware-cnc.rules) * 1:24062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hufysk variant outbound connection (malware-cnc.rules) * 1:24111 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Post (malware-cnc.rules) * 1:24169 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:24185 <-> DISABLED <-> MALWARE-CNC Win.Work.Rokiwobi inbound command from C&C (malware-cnc.rules) * 1:24211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xamtrav update protocol connection (malware-cnc.rules) * 1:24214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seveto variant outbound connection (malware-cnc.rules) * 1:24215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:24216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Biloky variant outbound connection (malware-cnc.rules) * 1:24217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules) * 1:24224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules) * 1:24235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wuwo initial infection variant outbound connection (malware-cnc.rules) * 1:24236 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wuwo post infection variant outbound connection (malware-cnc.rules) * 1:24361 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi.Prinimalka variant outbound connection (malware-cnc.rules) * 1:24375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules) * 1:24381 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules) * 1:24382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules) * 1:24439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Encriyoko variant outbound connection (malware-cnc.rules) * 1:24440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chiviper variant outbound connection (malware-cnc.rules) * 1:24441 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Testing (malware-cnc.rules) * 1:24442 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alerter COM (malware-cnc.rules) * 1:24482 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chif variant outbound connection (malware-cnc.rules) * 1:24491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo redirection landing page pre-infection (malware-cnc.rules) * 1:24492 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24493 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24495 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24504 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules) * 1:24514 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lucuis variant outbound connection (malware-cnc.rules) * 1:24523 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MautoitRAT variant outbound connection (malware-cnc.rules) * 1:24531 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scondatie.A variant outbound connection (malware-cnc.rules) * 1:24532 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scondatie.A inbound connection (malware-cnc.rules) * 1:24533 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:24534 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules) * 1:24563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Veli variant outbound connection (malware-cnc.rules) * 1:24566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules) * 1:24568 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Mozilla/00 (malware-cnc.rules) * 1:24575 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Opera/9.61 (malware-cnc.rules) * 1:24630 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Klovbot variant outbound connection (malware-cnc.rules) * 1:24631 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Lizard/1.0 (malware-cnc.rules) * 1:24632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VaccinePC variant outbound connection (malware-cnc.rules) * 1:24633 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - test_hInternet (malware-cnc.rules) * 1:24634 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - vaccinepc (malware-cnc.rules) * 1:24858 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quarian variant outbound connection - proxy connection (malware-cnc.rules) * 1:24873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gnutler variant outbound connection (malware-cnc.rules) * 1:24885 <-> DISABLED <-> MALWARE-CNC Potential Banking Trojan Config File Download (malware-cnc.rules) * 1:24886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant outbound connection (malware-cnc.rules) * 1:25007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wealwedst variant outbound connection (malware-cnc.rules) * 1:25009 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules) * 1:25010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules) * 1:25011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules) * 1:25016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules) * 1:25021 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Azbreg variant outbound connection (malware-cnc.rules) * 1:25022 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato variant outbound connection (malware-cnc.rules) * 1:25023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:25024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:25025 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Recslurp variant outbound connection (malware-cnc.rules) * 1:25026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Juasek variant outbound connection (malware-cnc.rules) * 1:25027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Opachki variant connect to cnc-server (malware-cnc.rules) * 1:25028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peed variant outbound connection (malware-cnc.rules) * 1:25029 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nevsyn variant outbound connection (malware-cnc.rules) * 1:25049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik.Kolilks variant outbound connection (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:55908 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9773294-0 download attempt (malware-other.rules) * 1:55871 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9770089-0 download attempt (malware-other.rules) * 1:55913 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9773470-0 download attempt (malware-other.rules) * 1:55912 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773282-0 download attempt (malware-other.rules) * 1:55863 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ursnif-9769699-0 download attempt (malware-other.rules) * 1:55876 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bdld-9770176-0 download attempt (malware-other.rules) * 1:55909 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773289-0 download attempt (malware-other.rules) * 1:55896 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9772275-0 download attempt (malware-other.rules) * 1:55888 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9771413-0 download attempt (malware-other.rules) * 1:55894 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9771891-0 download attempt (malware-other.rules) * 1:55883 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Cutwail-9771166-0 download attempt (malware-other.rules) * 1:55875 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bdld-9770176-0 download attempt (malware-other.rules) * 1:55882 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9770992-0 download attempt (malware-other.rules) * 1:55887 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9771413-0 download attempt (malware-other.rules) * 1:55880 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9770611-0 download attempt (malware-other.rules) * 1:55927 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant script download attempt (malware-cnc.rules) * 1:55866 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Bulz-9769773-0 download attempt (malware-other.rules) * 1:55898 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakesysdef-9772554-0 download attempt (malware-other.rules) * 1:55893 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9771891-0 download attempt (malware-other.rules) * 1:55923 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender privilege escalation attempt (os-windows.rules) * 1:55874 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9770097-0 download attempt (malware-other.rules) * 1:55919 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 1:55870 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9769987-0 download attempt (malware-other.rules) * 1:55899 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9772677-0 download attempt (malware-other.rules) * 1:55878 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Drolnux-9770173-0 download attempt (malware-other.rules) * 1:55890 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Browsefox-9771664-0 download attempt (malware-other.rules) * 1:55889 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Browsefox-9771664-0 download attempt (malware-other.rules) * 1:55907 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9773294-0 download attempt (malware-other.rules) * 1:55867 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agzz8qk-9769774-0 download attempt (malware-other.rules) * 1:55914 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9773470-0 download attempt (malware-other.rules) * 1:55877 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Drolnux-9770173-0 download attempt (malware-other.rules) * 1:55885 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9771263-0 download attempt (malware-other.rules) * 1:55915 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Neobar-9773833-0 download attempt (malware-other.rules) * 1:55928 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant script download attempt (malware-cnc.rules) * 1:55884 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Cutwail-9771166-0 download attempt (malware-other.rules) * 1:55881 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9770992-0 download attempt (malware-other.rules) * 1:55895 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9772275-0 download attempt (malware-other.rules) * 1:55903 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Sdyn-9772921-0 download attempt (malware-other.rules) * 1:55911 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773282-0 download attempt (malware-other.rules) * 1:55916 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Neobar-9773833-0 download attempt (malware-other.rules) * 1:55918 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 1:55906 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9773106-0 download attempt (malware-other.rules) * 1:55892 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Kovter-9771867-0 download attempt (malware-other.rules) * 1:55891 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Kovter-9771867-0 download attempt (malware-other.rules) * 1:55879 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9770611-0 download attempt (malware-other.rules) * 1:55873 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9770097-0 download attempt (malware-other.rules) * 1:55897 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakesysdef-9772554-0 download attempt (malware-other.rules) * 1:55905 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9773106-0 download attempt (malware-other.rules) * 1:55900 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9772677-0 download attempt (malware-other.rules) * 1:55865 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Bulz-9769773-0 download attempt (malware-other.rules) * 1:55901 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9772681-0 download attempt (malware-other.rules) * 1:55904 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Sdyn-9772921-0 download attempt (malware-other.rules) * 1:55886 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9771263-0 download attempt (malware-other.rules) * 1:55926 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant outbound connection (malware-cnc.rules) * 1:55920 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 1:55902 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9772681-0 download attempt (malware-other.rules) * 1:55922 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender privilege escalation attempt (os-windows.rules) * 1:55868 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agzz8qk-9769774-0 download attempt (malware-other.rules) * 1:55872 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9770089-0 download attempt (malware-other.rules) * 1:55869 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9769987-0 download attempt (malware-other.rules) * 1:55910 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773289-0 download attempt (malware-other.rules) * 1:55864 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ursnif-9769699-0 download attempt (malware-other.rules) * 1:55921 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 3:55917 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1159 attack attempt (server-webapp.rules) * 3:55924 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55925 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules)
* 1:5908 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - redirect affiliate site request 1 (malware-other.rules) * 1:8355 <-> ENABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection (malware-other.rules) * 1:9420 <-> DISABLED <-> MALWARE-OTHER korgo attempt (malware-other.rules) * 1:22058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules) * 1:6186 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpywareStrike (malware-cnc.rules) * 1:5986 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TeomaBar (malware-cnc.rules) * 1:6364 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - iMeshBar (malware-cnc.rules) * 1:7116 <-> DISABLED <-> MALWARE-CNC y3k 1.2 variant outbound connection icq notification (malware-cnc.rules) * 1:5770 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Casino (malware-cnc.rules) * 1:6357 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Need2Find (malware-cnc.rules) * 1:25076 <-> DISABLED <-> MALWARE-CNC Win.Worm.Joanap variant variant outbound connection (malware-cnc.rules) * 1:55281 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zegost-9753424-0 download attempt (malware-other.rules) * 1:7195 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - shprrprt-cs- (malware-cnc.rules) * 1:25098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Daws variant outbound connection (malware-cnc.rules) * 1:7537 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Arrow Search (malware-cnc.rules) * 1:5913 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - My Agent (malware-cnc.rules) * 1:5970 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Feat2 Updater (malware-cnc.rules) * 1:6362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MGS-Internal-Web-Manager (malware-cnc.rules) * 1:10113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm command and control propagation detected (malware-cnc.rules) * 1:25071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Macnsed variant outbound connection (malware-cnc.rules) * 1:10066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:25072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dulom variant outbound connection (malware-cnc.rules) * 1:5954 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Browser Pal (malware-cnc.rules) * 1:7135 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - IEP (malware-cnc.rules) * 1:6366 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - eAnthMngr (malware-cnc.rules) * 1:7187 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules) * 1:7511 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ed2k edonkey2000 runtime detection (malware-cnc.rules) * 1:6274 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Stubby (malware-cnc.rules) * 1:25093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hacktool variant outbound connection (malware-cnc.rules) * 1:5907 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - check update (malware-other.rules) * 1:6363 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAcc (malware-cnc.rules) * 1:5901 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - AdTools (malware-cnc.rules) * 1:10072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:7145 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - adfsgecoiwnf (malware-cnc.rules) * 1:6341 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spedia (malware-cnc.rules) * 1:6281 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - istsvc (malware-cnc.rules) * 1:6491 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - snprtzdialno (malware-cnc.rules) * 1:9419 <-> DISABLED <-> MALWARE-OTHER sasser attempt (malware-other.rules) * 1:5909 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - redirect affiliate site request 2 (malware-other.rules) * 1:9329 <-> DISABLED <-> MALWARE-CNC yarner.b smtp propagation detection (malware-cnc.rules) * 1:9418 <-> DISABLED <-> MALWARE-CNC bagle.a http notification detection (malware-cnc.rules) * 1:10074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:25050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:10071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10070 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm command and control propagation detected (malware-cnc.rules) * 1:25073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lowzone variant outbound connection (malware-cnc.rules) * 1:25074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:25099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Daws variant outbound connection (malware-cnc.rules) * 1:25100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Njrat variant outbound connection (malware-cnc.rules) * 1:25108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy.Agent variant outbound connection (malware-cnc.rules) * 1:25109 <-> DISABLED <-> MALWARE-CNC Autoit.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25119 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - NewBrandTest (malware-cnc.rules) * 1:25229 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkkomet variant inbound connection (malware-cnc.rules) * 1:25231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25230 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkkomet variant outbound connection (malware-cnc.rules) * 1:25239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules) * 1:25240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Menti variant inbound connection (malware-cnc.rules) * 1:25243 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - 04/XP (malware-cnc.rules) * 1:25241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetTrash variant outbound connection (malware-cnc.rules) * 1:25244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25256 <-> DISABLED <-> MALWARE-CNC Win.Worm.Gamarue variant outbound connection (malware-cnc.rules) * 1:25245 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - me0hoi (malware-cnc.rules) * 1:25257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Skintrim variant outbound connection (malware-cnc.rules) * 1:25268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules) * 1:25258 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast variant outbound connection (malware-cnc.rules) * 1:25269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules) * 1:25372 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - wh (malware-cnc.rules) * 1:25271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules) * 1:25394 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/nt/th (malware-cnc.rules) * 1:25397 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/ms/check (malware-cnc.rules) * 1:25395 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/nt/sk (malware-cnc.rules) * 1:25398 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/ms/flush (malware-cnc.rules) * 1:25448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Jinch variant outbound connection (malware-cnc.rules) * 1:25399 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/win/wcx (malware-cnc.rules) * 1:25465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:25476 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules) * 1:25470 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LoDo variant outbound connection (malware-cnc.rules) * 1:25477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25511 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:25503 <-> DISABLED <-> MALWARE-CNC Necurs Rootkit sba.cgi (malware-cnc.rules) * 1:25529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25532 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25530 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25533 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - al (malware-cnc.rules) * 1:25544 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ctwopop (malware-cnc.rules) * 1:25541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sigly variant outbound connection (malware-cnc.rules) * 1:16811 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16812 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16816 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16817 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (malware-cnc.rules) * 1:16822 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FlyStudio known command and control channel traffic (malware-cnc.rules) * 1:16824 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16826 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16827 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16828 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16832 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16833 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16924 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /inst.php?fff= (malware-cnc.rules) * 1:17234 <-> DISABLED <-> MALWARE-CNC VBMania mass mailing worm activity (malware-cnc.rules) * 1:17235 <-> DISABLED <-> MALWARE-CNC VBMania mass mailing worm download (malware-cnc.rules) * 1:17815 <-> DISABLED <-> MALWARE-CNC Thinkpoint fake antivirus - user display (malware-cnc.rules) * 1:17816 <-> DISABLED <-> MALWARE-CNC Thinkpoint fake antivirus - credit card submission (malware-cnc.rules) * 1:18247 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ErrCode - W32/Fujacks.htm (malware-cnc.rules) * 1:18353 <-> DISABLED <-> MALWARE-CNC User-Agent request for known PUA user agent - SelectRebates (malware-cnc.rules) * 1:18388 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RookIE/1.0 (malware-cnc.rules) * 1:18458 <-> DISABLED <-> MALWARE-CNC Night Dragon initial beacon (malware-cnc.rules) * 1:18459 <-> DISABLED <-> MALWARE-CNC Night Dragon keepalive message (malware-cnc.rules) * 1:18715 <-> DISABLED <-> MALWARE-CNC Ozdok botnet communication with C&C server (malware-cnc.rules) * 1:18934 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (Coreflood -- malware-cnc.rules) * 1:18939 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:19016 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19017 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19018 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19019 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jzzer.A variant outbound connection (malware-cnc.rules) * 1:19047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - RCleanT (malware-cnc.rules) * 1:19052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Httpbot.qdc variant outbound connection (malware-cnc.rules) * 1:19053 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Nusump.A variant outbound connection (malware-cnc.rules) * 1:19055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gosik.A registration (malware-cnc.rules) * 1:19056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (malware-cnc.rules) * 1:19057 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (malware-cnc.rules) * 1:19058 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Faketube update request (malware-cnc.rules) * 1:19164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyEye variant outbound connection (malware-cnc.rules) * 1:19165 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Microsoft Internet Explorer (malware-cnc.rules) * 1:19175 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent wget 3.0 (malware-cnc.rules) * 1:19328 <-> DISABLED <-> MALWARE-CNC PointGuide variant outbound connection (malware-cnc.rules) * 1:19339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper Win.Trojan.Agent.alda variant outbound connection (malware-cnc.rules) * 1:19347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poison.banr variant outbound connection (malware-cnc.rules) * 1:19348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.FraudLoad.emq variant outbound connection (malware-cnc.rules) * 1:19351 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Clicker Win.Trojan.Hatigh.C variant outbound connection (malware-cnc.rules) * 1:19353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.bkhu variant outbound connection (malware-cnc.rules) * 1:19357 <-> DISABLED <-> MALWARE-CNC Win.Worm.Sohanad.ila variant outbound connection (malware-cnc.rules) * 1:19358 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XYTvn.A variant outbound connection (malware-cnc.rules) * 1:19429 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy Win.Trojan.Dosenjo.C variant outbound connection (malware-cnc.rules) * 1:19435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmus.203 variant outbound connection (malware-cnc.rules) * 1:19480 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string STORMDDOS - Backdoor.Win32.Inject.ctt (malware-cnc.rules) * 1:19482 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ErrorFix (malware-cnc.rules) * 1:19490 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koceg.B variant outbound connection (malware-cnc.rules) * 1:19493 <-> DISABLED <-> MALWARE-CNC URI request for known malicious uri config.ini on 3322.org domain (malware-cnc.rules) * 1:19579 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Potao.A variant outbound connection (malware-cnc.rules) * 1:19589 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string MacProtector (malware-cnc.rules) * 1:19590 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Savnut.B variant outbound connection (malware-cnc.rules) * 1:19622 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - pte.aspx?ver= (malware-cnc.rules) * 1:19623 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - vic.aspx?ver= (malware-cnc.rules) * 1:19625 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - .sys.php?getexe= (malware-cnc.rules) * 1:19626 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /setup_b.asp?prj= (malware-cnc.rules) * 1:19627 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /r_autoidcnt.asp?mer_seq= (malware-cnc.rules) * 1:19628 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /1cup/script.php (malware-cnc.rules) * 1:19631 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - AnSSip= (malware-cnc.rules) * 1:19632 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/adduser.php?uid= (malware-cnc.rules) * 1:19633 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/tasks.php?uid= (malware-cnc.rules) * 1:19635 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /app/?prj= (malware-cnc.rules) * 1:19636 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /blog/images/3521.jpg?v (malware-cnc.rules) * 1:19637 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /install.asp?mac= (malware-cnc.rules) * 1:19638 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /kx4.txt (malware-cnc.rules) * 1:19657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant traffic (malware-cnc.rules) * 1:19658 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MCnovogic.A variant outbound connection (malware-cnc.rules) * 1:19702 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zboter.E variant outbound connection (malware-cnc.rules) * 1:19703 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dusta.br outbound connnection (malware-cnc.rules) * 1:19704 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (malware-cnc.rules) * 1:19705 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (malware-cnc.rules) * 1:19706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cer variant outbound connection (malware-cnc.rules) * 1:5800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWay (malware-cnc.rules) * 1:5808 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules) * 1:7572 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - DigExt (malware-cnc.rules) * 1:25077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Halnine variant outbound connection (malware-cnc.rules) * 1:8357 <-> DISABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection - send alert out through email (malware-other.rules) * 1:5805 <-> DISABLED <-> MALWARE-OTHER Trackware myway speedbar runtime detection - switch engines (malware-other.rules) * 1:25049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik.Kolilks variant outbound connection (malware-cnc.rules) * 1:10077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:25546 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy.Agent variant outbound connection (malware-cnc.rules) * 1:8356 <-> DISABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection - send log out through email (malware-other.rules) * 1:5774 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - FSW (malware-cnc.rules) * 1:5880 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - smtp delivery (malware-other.rules) * 1:5857 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWebSearchSearchAssistance (malware-cnc.rules) * 1:7540 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - http protocol (malware-cnc.rules) * 1:7582 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pcast Live (malware-cnc.rules) * 1:7587 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - URLBlaze (malware-cnc.rules) * 1:5882 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - alert notification (malware-other.rules) * 1:5881 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - ftp delivery (malware-other.rules) * 1:5824 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Strip-Player (malware-cnc.rules) * 1:5900 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Async HTTP Agent (malware-cnc.rules) * 1:7832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Navhelper (malware-cnc.rules) * 1:5838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EI (malware-cnc.rules) * 1:5978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TM_SEARCH3 (malware-cnc.rules) * 1:6394 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - CodeguruBrowser (malware-cnc.rules) * 1:55862 <-> ENABLED <-> SERVER-WEBAPP Microsoft SharePoint EntityInstanceIdEncoder remote code execution attempt (server-webapp.rules) * 1:25545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Printlove variant outbound connection (malware-cnc.rules) * 1:5955 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Popup Stopper (malware-cnc.rules) * 1:6354 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ProxyDown (malware-cnc.rules) * 1:5760 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - OSSProxy (malware-cnc.rules) * 1:6270 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyBrowser (malware-cnc.rules) * 1:6197 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - smrtshpr-cs (malware-cnc.rules) * 1:6198 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SQTR_VERIFY (malware-cnc.rules) * 1:25075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules) * 1:19712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:19722 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poshtroper variant outbound connection (malware-cnc.rules) * 1:19723 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pherbot variant outbound connection (malware-cnc.rules) * 1:19730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KukuBot variant outbound connection (malware-cnc.rules) * 1:19731 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkwebot variant outbound connection (malware-cnc.rules) * 1:19732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Idicaf variant outbound connection (malware-cnc.rules) * 1:19756 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Opera/8.89 - P2P-Worm.Win32.Palevo.ddm (malware-cnc.rules) * 1:19761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftpharvxqq variant outbound connection (malware-cnc.rules) * 1:19765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:19767 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msposer.A variant outbound connection (malware-cnc.rules) * 1:19769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos outbound indicator (malware-cnc.rules) * 1:19770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (malware-cnc.rules) * 1:19771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (malware-cnc.rules) * 1:19778 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /games/java_trust.php?f= (malware-cnc.rules) * 1:19801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules) * 1:19864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nvbpass variant outbound connection (malware-cnc.rules) * 1:19882 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /160.rar - Win32/Morto.A (malware-cnc.rules) * 1:19912 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DelfInject.gen!X variant outbound connection (malware-cnc.rules) * 1:19913 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - optima/index.php (malware-cnc.rules) * 1:19964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:19995 <-> DISABLED <-> MALWARE-CNC Waledac variant outbound connection (malware-cnc.rules) * 1:20009 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string Baby Remote - Win32/Babmote.A (malware-cnc.rules) * 1:20011 <-> DISABLED <-> MALWARE-CNC Briewots.A runtime traffic detected (malware-cnc.rules) * 1:20012 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string feranet/0.4 - Win32/Ferabsa.A (malware-cnc.rules) * 1:20080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi.A variant outbound connection (malware-cnc.rules) * 1:20081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Yakes.cbi variant outbound connection (malware-cnc.rules) * 1:20099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xtrat.A variant outbound connection (malware-cnc.rules) * 1:20104 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - InfoBot (malware-cnc.rules) * 1:20105 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - IPHONE (malware-cnc.rules) * 1:20106 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - darkness (malware-cnc.rules) * 1:20201 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - meterpreter (malware-cnc.rules) * 1:20202 <-> DISABLED <-> MALWARE-CNC Apple OSX.Revir-1 variant outbound connection (malware-cnc.rules) * 1:20213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:20221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules) * 1:20228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant outbound connection (malware-cnc.rules) * 1:20229 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jinchodz variant outbound connection (malware-cnc.rules) * 1:20230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 0pera 10 (malware-cnc.rules) * 1:20231 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozilla//4.0 (malware-cnc.rules) * 1:20232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cycbot variant outbound connection (malware-cnc.rules) * 1:20280 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:20281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:20293 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MBVDFRESCT (malware-cnc.rules) * 1:20527 <-> DISABLED <-> MALWARE-CNC Sirefef initial C&C connection variant outbound connection (malware-cnc.rules) * 1:20754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut-3 variant outbound connection (malware-cnc.rules) * 1:20755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Krap variant outbound connection (malware-cnc.rules) * 1:20756 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules) * 1:20759 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gbot.oce variant outbound connection (malware-cnc.rules) * 1:20762 <-> DISABLED <-> MALWARE-CNC MacOS.Flashback.A variant outbound connection (malware-cnc.rules) * 1:20763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye-206 variant outbound connection (malware-cnc.rules) * 1:20837 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mecklow.C runtime traffic detected (malware-cnc.rules) * 1:20927 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye-207 variant outbound connection (malware-cnc.rules) * 1:21047 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Sykipot C&C (malware-cnc.rules) * 1:21175 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Win32 Amti (malware-cnc.rules) * 1:21188 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string API Guide test program (malware-cnc.rules) * 1:21206 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Aldi Bot (malware-cnc.rules) * 1:21208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RShot.brw variant outbound connection (malware-cnc.rules) * 1:21225 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Flag (malware-cnc.rules) * 1:21230 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Betad variant outbound connection (malware-cnc.rules) * 1:21239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:21240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater variant outbound connection (malware-cnc.rules) * 1:21241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater initial variant outbound connection (malware-cnc.rules) * 1:21242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater variant outbound connection (malware-cnc.rules) * 1:21257 <-> DISABLED <-> MALWARE-CNC URI - known scanner tool muieblackcat (malware-cnc.rules) * 1:21269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cycbot variant outbound connection (malware-cnc.rules) * 1:21278 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Google Bot (malware-cnc.rules) * 1:21306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye variant outbound connectivity check (malware-cnc.rules) * 1:21311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules) * 1:21313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules) * 1:21318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV TDSS/PurpleHaze variant outbound connection - base64 encoded (malware-cnc.rules) * 1:21327 <-> DISABLED <-> MALWARE-CNC User-Agent ASafaWeb Scan (malware-cnc.rules) * 1:21380 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - QvodDown (malware-cnc.rules) * 1:21418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FareIt variant outbound connection (malware-cnc.rules) * 1:21426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:21427 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules) * 1:21428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Generic-24 variant outbound connection (malware-cnc.rules) * 1:21430 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BeeOne runtime traffic detected (malware-cnc.rules) * 1:21434 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mentor variant outbound connection (malware-cnc.rules) * 1:21435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mentor inbound connection - post infection (malware-cnc.rules) * 1:21436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Startpage variant outbound connection (malware-cnc.rules) * 1:21440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Murofet variant outbound connection (malware-cnc.rules) * 1:21441 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules) * 1:21455 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string psi (malware-cnc.rules) * 1:21469 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 1234567890 (malware-cnc.rules) * 1:21475 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string core-project (malware-cnc.rules) * 1:21476 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent YZF (malware-cnc.rules) * 1:21525 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:21526 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent TCYWinHTTPDownload (malware-cnc.rules) * 1:21538 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound payload request (malware-cnc.rules) * 1:21547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:21548 <-> DISABLED <-> MALWARE-CNC Cutwail landing page connection (malware-cnc.rules) * 1:21551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kahn variant outbound connection (malware-cnc.rules) * 1:21552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kahn variant outbound connection (malware-cnc.rules) * 1:21562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bredolab variant outbound connection (malware-cnc.rules) * 1:21563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules) * 1:21564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules) * 1:21565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules) * 1:21591 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent Gamevance tl_v (malware-cnc.rules) * 1:21593 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules) * 1:21622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Georbot variant outbound connection (malware-cnc.rules) * 1:21631 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinowal javascript delivery method (malware-cnc.rules) * 1:21632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules) * 1:21636 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent gbot (malware-cnc.rules) * 1:21638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aluereon TDSS infection variant outbound connection (malware-cnc.rules) * 1:21639 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent mus - TDSS related (malware-cnc.rules) * 1:21755 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules) * 1:21756 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules) * 1:21757 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules) * 1:21758 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules) * 1:21760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:21761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:21852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orsam variant outbound connection (malware-cnc.rules) * 1:21877 <-> DISABLED <-> MALWARE-CNC Apple OSX.Sabpub variant outbound connection (malware-cnc.rules) * 1:21910 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware user-agent (malware-cnc.rules) * 1:21911 <-> DISABLED <-> MALWARE-CNC Aldi variant outbound connection C&C checkin (malware-cnc.rules) * 1:21912 <-> DISABLED <-> MALWARE-CNC Aldi bot variant outbound connection user-agent (malware-cnc.rules) * 1:21925 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent BOT/0.1 (malware-cnc.rules) * 1:21945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (malware-cnc.rules) * 1:21946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (malware-cnc.rules) * 1:21965 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VB WININET (malware-cnc.rules) * 1:21983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BamCompiled variant outbound connection (malware-cnc.rules) * 1:21984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BamCompiled variant inbound updates (malware-cnc.rules) * 1:22033 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware variant outbound connection (malware-cnc.rules) * 1:22034 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware variant outbound connection (malware-cnc.rules) * 1:22047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jokbot variant outbound connection (malware-cnc.rules) * 1:22048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus P2P outbound connection (malware-cnc.rules) * 1:22054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prorat variant outbound connection (malware-cnc.rules) * 1:22059 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:25070 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules) * 1:22060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fepgul variant outbound connection (malware-cnc.rules) * 1:22099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Piroxcc variant outbound connection (malware-cnc.rules) * 1:22100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Midhos variant outbound connection (malware-cnc.rules) * 1:22103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coswid.klk variant outbound connection (malware-cnc.rules) * 1:22937 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxyier variant outbound connection (malware-cnc.rules) * 1:22939 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent RAbcLib (malware-cnc.rules) * 1:23019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Flame malware (malware-cnc.rules) * 1:23057 <-> DISABLED <-> MALWARE-CNC Flame malware connection - /view.php (malware-cnc.rules) * 1:23103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik variant outbound connection (malware-cnc.rules) * 1:23104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:23109 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lolbot variant outbound connection (malware-cnc.rules) * 1:23242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.boxg connect to cnc server (malware-cnc.rules) * 1:23244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules) * 1:23245 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:23254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf.CL variant outbound connection (malware-cnc.rules) * 1:23261 <-> DISABLED <-> MALWARE-CNC known command and control traffic - Pushbot (malware-cnc.rules) * 1:23262 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:23307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper connect to server (malware-cnc.rules) * 1:23332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dishigy variant outbound connection (malware-cnc.rules) * 1:23334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader initial C&C checkin (malware-cnc.rules) * 1:23335 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:23342 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:23382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyEye variant outbound connection (malware-cnc.rules) * 1:23391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hioles.C variant outbound connection (malware-cnc.rules) * 1:23394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbvoleur.a variant outbound connection (malware-cnc.rules) * 1:23467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mazben file download (malware-cnc.rules) * 1:23473 <-> DISABLED <-> MALWARE-CNC URI request for runforestrun - JS.Runfore (malware-cnc.rules) * 1:23492 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules) * 1:23493 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules) * 1:23600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue outbound connection (malware-cnc.rules) * 1:23615 <-> DISABLED <-> MALWARE-CNC ACAD.Medre.A variant outbound connection (malware-cnc.rules) * 1:23627 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - PoisonIvy RAT (malware-cnc.rules) * 1:23633 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kegotip variant report to cnc-server (malware-cnc.rules) * 1:23635 <-> DISABLED <-> MALWARE-CNC Gozi trojan checkin (malware-cnc.rules) * 1:23778 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik variant outbound connection (malware-cnc.rules) * 1:23824 <-> DISABLED <-> MALWARE-CNC Gauss malware check-in (malware-cnc.rules) * 1:23893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DistTrack command and control traffic (malware-cnc.rules) * 1:23903 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - you (malware-cnc.rules) * 1:23938 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ibabyfa.dldr variant outbound connection (malware-cnc.rules) * 1:23942 <-> DISABLED <-> MALWARE-CNC Win.Trojan.C0D0SO0 variant outbound traffic (malware-cnc.rules) * 1:23945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor variant outbound connection (malware-cnc.rules) * 1:23946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor file download (malware-cnc.rules) * 1:23968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crisis variant outbound connection (malware-cnc.rules) * 1:23972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:23978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hostposer variant outbound connection (malware-cnc.rules) * 1:23987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik.Kazy variant outbound connection (malware-cnc.rules) * 1:24062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hufysk variant outbound connection (malware-cnc.rules) * 1:23628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pincav variant outbound connection (malware-cnc.rules) * 1:24111 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Post (malware-cnc.rules) * 1:24169 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:24185 <-> DISABLED <-> MALWARE-CNC Win.Work.Rokiwobi inbound command from C&C (malware-cnc.rules) * 1:24211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xamtrav update protocol connection (malware-cnc.rules) * 1:24214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seveto variant outbound connection (malware-cnc.rules) * 1:24215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:24216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Biloky variant outbound connection (malware-cnc.rules) * 1:24217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules) * 1:24224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules) * 1:24235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wuwo initial infection variant outbound connection (malware-cnc.rules) * 1:24236 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wuwo post infection variant outbound connection (malware-cnc.rules) * 1:24361 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi.Prinimalka variant outbound connection (malware-cnc.rules) * 1:24375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules) * 1:24381 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules) * 1:24382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules) * 1:24439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Encriyoko variant outbound connection (malware-cnc.rules) * 1:24440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chiviper variant outbound connection (malware-cnc.rules) * 1:24441 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Testing (malware-cnc.rules) * 1:24442 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alerter COM (malware-cnc.rules) * 1:24482 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chif variant outbound connection (malware-cnc.rules) * 1:24491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo redirection landing page pre-infection (malware-cnc.rules) * 1:24492 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24493 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24495 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24504 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules) * 1:24523 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MautoitRAT variant outbound connection (malware-cnc.rules) * 1:24514 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lucuis variant outbound connection (malware-cnc.rules) * 1:19711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules) * 1:24531 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scondatie.A variant outbound connection (malware-cnc.rules) * 1:24532 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scondatie.A inbound connection (malware-cnc.rules) * 1:24533 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:24534 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules) * 1:24563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Veli variant outbound connection (malware-cnc.rules) * 1:24566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules) * 1:24568 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Mozilla/00 (malware-cnc.rules) * 1:24575 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Opera/9.61 (malware-cnc.rules) * 1:24630 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Klovbot variant outbound connection (malware-cnc.rules) * 1:24631 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Lizard/1.0 (malware-cnc.rules) * 1:24632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VaccinePC variant outbound connection (malware-cnc.rules) * 1:24633 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - test_hInternet (malware-cnc.rules) * 1:24634 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - vaccinepc (malware-cnc.rules) * 1:24858 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quarian variant outbound connection - proxy connection (malware-cnc.rules) * 1:24873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gnutler variant outbound connection (malware-cnc.rules) * 1:24885 <-> DISABLED <-> MALWARE-CNC Potential Banking Trojan Config File Download (malware-cnc.rules) * 1:24886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant outbound connection (malware-cnc.rules) * 1:25007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wealwedst variant outbound connection (malware-cnc.rules) * 1:25009 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules) * 1:25010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules) * 1:25011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules) * 1:25016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules) * 1:25021 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Azbreg variant outbound connection (malware-cnc.rules) * 1:25022 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato variant outbound connection (malware-cnc.rules) * 1:25023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:25024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:25025 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Recslurp variant outbound connection (malware-cnc.rules) * 1:25026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Juasek variant outbound connection (malware-cnc.rules) * 1:25027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Opachki variant connect to cnc-server (malware-cnc.rules) * 1:25028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peed variant outbound connection (malware-cnc.rules) * 1:25029 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nevsyn variant outbound connection (malware-cnc.rules) * 1:16459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.command and control communication (malware-cnc.rules) * 1:16484 <-> DISABLED <-> MALWARE-CNC Koobface variant outbound connection (malware-cnc.rules) * 1:16485 <-> DISABLED <-> MALWARE-CNC Koobface request for captcha (malware-cnc.rules) * 1:16489 <-> DISABLED <-> MALWARE-CNC Bobax botnet variant outbound connection (malware-cnc.rules) * 1:16493 <-> DISABLED <-> MALWARE-CNC TT-bot botnet variant outbound connection (malware-cnc.rules) * 1:16496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.hacktool variant outbound connection (malware-cnc.rules) * 1:16497 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Tear Application (malware-cnc.rules) * 1:16526 <-> DISABLED <-> MALWARE-CNC VanBot IRC communication (malware-cnc.rules) * 1:16527 <-> DISABLED <-> MALWARE-CNC Zbot malware config file download request (malware-cnc.rules) * 1:16528 <-> DISABLED <-> MALWARE-CNC Zbot malware config file download request (malware-cnc.rules) * 1:16551 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - malware (malware-cnc.rules) * 1:16669 <-> DISABLED <-> MALWARE-CNC Spyeye bot variant outbound connection (malware-cnc.rules) * 1:16670 <-> DISABLED <-> MALWARE-CNC Koobface worm executable download (malware-cnc.rules) * 1:16695 <-> DISABLED <-> MALWARE-CNC Rogue AV download/update (malware-cnc.rules) * 1:16809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FraudPack variant outbound connection (malware-cnc.rules) * 1:25054 <-> DISABLED <-> MALWARE-CNC ZeroAccess Clickserver callback (malware-cnc.rules) * 1:10179 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - BysooTB (malware-cnc.rules) * 1:11308 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpyDawn (malware-cnc.rules) * 1:11313 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spy-Locked (malware-cnc.rules) * 1:15165 <-> DISABLED <-> MALWARE-CNC Pushdo client communication (malware-cnc.rules) * 1:10403 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duntek Checkin GET Request (malware-cnc.rules) * 1:15553 <-> DISABLED <-> MALWARE-CNC Sality virus HTTP GET request (malware-cnc.rules) * 1:15563 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.server connection (malware-cnc.rules) * 1:15564 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.file download (malware-cnc.rules) * 1:15481 <-> DISABLED <-> MALWARE-CNC Zeus/Zbot malware config file download request (malware-cnc.rules) * 1:15730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules) * 1:15938 <-> DISABLED <-> MALWARE-CNC SubSeven client connection to server (malware-cnc.rules) * 1:16144 <-> DISABLED <-> MALWARE-CNC Bredolab bot variant outbound connection (malware-cnc.rules) * 1:15565 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.file download (malware-cnc.rules) * 1:16269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.tdss.1.gen install-time detection - findzproportal1.com (malware-cnc.rules) * 1:16289 <-> DISABLED <-> MALWARE-CNC Clob bot traffic (malware-cnc.rules) * 1:16362 <-> DISABLED <-> MALWARE-CNC SpyForms malware call home (malware-cnc.rules) * 1:16268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.tdss.1.gen install-time detection - yournewsblog.net (malware-cnc.rules) * 1:16391 <-> DISABLED <-> MALWARE-CNC Gozi Win.Trojan.connection to C&C (malware-cnc.rules) * 1:16368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hydraq variant outbound connection (malware-cnc.rules) * 1:16810 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:25107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess URI and Referer (malware-cnc.rules) * 1:25237 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Firelog variant outbound connection (malware-cnc.rules) * 1:25242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duapz variant outbound connection (malware-cnc.rules) * 1:25249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Basutra variant outbound connection (malware-cnc.rules) * 1:25259 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BancosBanload variant outbound connection (malware-cnc.rules) * 1:25371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ruskill variant outbound connection (malware-cnc.rules) * 1:25396 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/dllhost/ac (malware-cnc.rules) * 1:25400 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/win/cab (malware-cnc.rules) * 1:25471 <-> DISABLED <-> MALWARE-CNC Pushdo Spiral Traffic (malware-cnc.rules) * 1:25504 <-> DISABLED <-> MALWARE-CNC Necurs Rootkit op.cgi (malware-cnc.rules) * 1:25531 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.VB variant outbound connection (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:55891 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Kovter-9771867-0 download attempt (malware-other.rules) * 1:55901 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9772681-0 download attempt (malware-other.rules) * 1:55898 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakesysdef-9772554-0 download attempt (malware-other.rules) * 1:55882 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9770992-0 download attempt (malware-other.rules) * 1:55910 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773289-0 download attempt (malware-other.rules) * 1:55887 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9771413-0 download attempt (malware-other.rules) * 1:55865 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Bulz-9769773-0 download attempt (malware-other.rules) * 1:55886 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9771263-0 download attempt (malware-other.rules) * 1:55874 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9770097-0 download attempt (malware-other.rules) * 1:55927 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant script download attempt (malware-cnc.rules) * 1:55863 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ursnif-9769699-0 download attempt (malware-other.rules) * 1:55879 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9770611-0 download attempt (malware-other.rules) * 1:55913 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9773470-0 download attempt (malware-other.rules) * 1:55871 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9770089-0 download attempt (malware-other.rules) * 1:55875 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bdld-9770176-0 download attempt (malware-other.rules) * 1:55900 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9772677-0 download attempt (malware-other.rules) * 1:55908 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9773294-0 download attempt (malware-other.rules) * 1:55905 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9773106-0 download attempt (malware-other.rules) * 1:55894 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9771891-0 download attempt (malware-other.rules) * 1:55897 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakesysdef-9772554-0 download attempt (malware-other.rules) * 1:55909 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773289-0 download attempt (malware-other.rules) * 1:55896 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9772275-0 download attempt (malware-other.rules) * 1:55881 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9770992-0 download attempt (malware-other.rules) * 1:55884 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Cutwail-9771166-0 download attempt (malware-other.rules) * 1:55915 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Neobar-9773833-0 download attempt (malware-other.rules) * 1:55928 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant script download attempt (malware-cnc.rules) * 1:55872 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9770089-0 download attempt (malware-other.rules) * 1:55870 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9769987-0 download attempt (malware-other.rules) * 1:55918 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 1:55911 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773282-0 download attempt (malware-other.rules) * 1:55869 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9769987-0 download attempt (malware-other.rules) * 1:55895 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9772275-0 download attempt (malware-other.rules) * 1:55878 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Drolnux-9770173-0 download attempt (malware-other.rules) * 1:55893 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9771891-0 download attempt (malware-other.rules) * 1:55899 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9772677-0 download attempt (malware-other.rules) * 1:55876 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bdld-9770176-0 download attempt (malware-other.rules) * 1:55868 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agzz8qk-9769774-0 download attempt (malware-other.rules) * 1:55885 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9771263-0 download attempt (malware-other.rules) * 1:55922 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender privilege escalation attempt (os-windows.rules) * 1:55877 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Drolnux-9770173-0 download attempt (malware-other.rules) * 1:55867 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agzz8qk-9769774-0 download attempt (malware-other.rules) * 1:55914 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9773470-0 download attempt (malware-other.rules) * 1:55919 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 1:55873 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9770097-0 download attempt (malware-other.rules) * 1:55883 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Cutwail-9771166-0 download attempt (malware-other.rules) * 1:55888 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9771413-0 download attempt (malware-other.rules) * 1:55889 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Browsefox-9771664-0 download attempt (malware-other.rules) * 1:55892 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Kovter-9771867-0 download attempt (malware-other.rules) * 1:55864 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ursnif-9769699-0 download attempt (malware-other.rules) * 1:55921 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 1:55916 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Neobar-9773833-0 download attempt (malware-other.rules) * 1:55906 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9773106-0 download attempt (malware-other.rules) * 1:55903 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Sdyn-9772921-0 download attempt (malware-other.rules) * 1:55902 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9772681-0 download attempt (malware-other.rules) * 1:55907 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9773294-0 download attempt (malware-other.rules) * 1:55912 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773282-0 download attempt (malware-other.rules) * 1:55920 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 1:55890 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Browsefox-9771664-0 download attempt (malware-other.rules) * 1:55926 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant outbound connection (malware-cnc.rules) * 1:55866 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Bulz-9769773-0 download attempt (malware-other.rules) * 1:55880 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9770611-0 download attempt (malware-other.rules) * 1:55923 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender privilege escalation attempt (os-windows.rules) * 1:55904 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Sdyn-9772921-0 download attempt (malware-other.rules) * 3:55924 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55917 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1159 attack attempt (server-webapp.rules) * 3:55925 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules)
* 1:16823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FlyStudio known command and control channel traffic (malware-cnc.rules) * 1:9420 <-> DISABLED <-> MALWARE-OTHER korgo attempt (malware-other.rules) * 1:25050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:10070 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:25546 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy.Agent variant outbound connection (malware-cnc.rules) * 1:25054 <-> DISABLED <-> MALWARE-CNC ZeroAccess Clickserver callback (malware-cnc.rules) * 1:10068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:17816 <-> DISABLED <-> MALWARE-CNC Thinkpoint fake antivirus - credit card submission (malware-cnc.rules) * 1:25029 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:18458 <-> DISABLED <-> MALWARE-CNC Night Dragon initial beacon (malware-cnc.rules) * 1:18934 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (Coreflood -- malware-cnc.rules) * 1:25021 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Azbreg variant outbound connection (malware-cnc.rules) * 1:19018 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:8355 <-> ENABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection (malware-other.rules) * 1:25077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Halnine variant outbound connection (malware-cnc.rules) * 1:19019 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:25027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Opachki variant connect to cnc-server (malware-cnc.rules) * 1:25025 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Recslurp variant outbound connection (malware-cnc.rules) * 1:25030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nevsyn variant outbound connection (malware-cnc.rules) * 1:18388 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RookIE/1.0 (malware-cnc.rules) * 1:18715 <-> DISABLED <-> MALWARE-CNC Ozdok botnet communication with C&C server (malware-cnc.rules) * 1:25016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules) * 1:25011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules) * 1:7572 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - DigExt (malware-cnc.rules) * 1:25024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:18939 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:5805 <-> DISABLED <-> MALWARE-OTHER Trackware myway speedbar runtime detection - switch engines (malware-other.rules) * 1:5808 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules) * 1:25073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lowzone variant outbound connection (malware-cnc.rules) * 1:8357 <-> DISABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection - send alert out through email (malware-other.rules) * 1:5800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWay (malware-cnc.rules) * 1:25022 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato variant outbound connection (malware-cnc.rules) * 1:19016 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:16810 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:19017 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:18353 <-> DISABLED <-> MALWARE-CNC User-Agent request for known PUA user agent - SelectRebates (malware-cnc.rules) * 1:25023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:25028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peed variant outbound connection (malware-cnc.rules) * 1:8356 <-> DISABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection - send log out through email (malware-other.rules) * 1:5901 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - AdTools (malware-cnc.rules) * 1:6363 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAcc (malware-cnc.rules) * 1:5907 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - check update (malware-other.rules) * 1:6274 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Stubby (malware-cnc.rules) * 1:25074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:5978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TM_SEARCH3 (malware-cnc.rules) * 1:25099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Daws variant outbound connection (malware-cnc.rules) * 1:21436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Startpage variant outbound connection (malware-cnc.rules) * 1:25100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Njrat variant outbound connection (malware-cnc.rules) * 1:25107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:5913 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - My Agent (malware-cnc.rules) * 1:7537 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Arrow Search (malware-cnc.rules) * 1:5970 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Feat2 Updater (malware-cnc.rules) * 1:25108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy.Agent variant outbound connection (malware-cnc.rules) * 1:25109 <-> DISABLED <-> MALWARE-CNC Autoit.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules) * 1:25119 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - NewBrandTest (malware-cnc.rules) * 1:7195 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - shprrprt-cs- (malware-cnc.rules) * 1:16817 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:25093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hacktool variant outbound connection (malware-cnc.rules) * 1:25224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess URI and Referer (malware-cnc.rules) * 1:25229 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkkomet variant inbound connection (malware-cnc.rules) * 1:25076 <-> DISABLED <-> MALWARE-CNC Win.Worm.Joanap variant variant outbound connection (malware-cnc.rules) * 1:25230 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkkomet variant outbound connection (malware-cnc.rules) * 1:25231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25237 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Firelog variant outbound connection (malware-cnc.rules) * 1:25239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules) * 1:25240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Menti variant inbound connection (malware-cnc.rules) * 1:25241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetTrash variant outbound connection (malware-cnc.rules) * 1:25242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duapz variant outbound connection (malware-cnc.rules) * 1:25243 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - 04/XP (malware-cnc.rules) * 1:7187 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules) * 1:7511 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ed2k edonkey2000 runtime detection (malware-cnc.rules) * 1:25244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Macnsed variant outbound connection (malware-cnc.rules) * 1:25245 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - me0hoi (malware-cnc.rules) * 1:10066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:6366 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - eAnthMngr (malware-cnc.rules) * 1:7135 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - IEP (malware-cnc.rules) * 1:5954 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Browser Pal (malware-cnc.rules) * 1:25249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Basutra variant outbound connection (malware-cnc.rules) * 1:10113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm command and control propagation detected (malware-cnc.rules) * 1:25256 <-> DISABLED <-> MALWARE-CNC Win.Worm.Gamarue variant outbound connection (malware-cnc.rules) * 1:25257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Skintrim variant outbound connection (malware-cnc.rules) * 1:25258 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast variant outbound connection (malware-cnc.rules) * 1:6362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MGS-Internal-Web-Manager (malware-cnc.rules) * 1:25259 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BancosBanload variant outbound connection (malware-cnc.rules) * 1:25268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules) * 1:25269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules) * 1:7116 <-> DISABLED <-> MALWARE-CNC y3k 1.2 variant outbound connection icq notification (malware-cnc.rules) * 1:5986 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TeomaBar (malware-cnc.rules) * 1:25271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules) * 1:6364 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - iMeshBar (malware-cnc.rules) * 1:25098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Daws variant outbound connection (malware-cnc.rules) * 1:6186 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpywareStrike (malware-cnc.rules) * 1:25371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ruskill variant outbound connection (malware-cnc.rules) * 1:25372 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - wh (malware-cnc.rules) * 1:25545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Printlove variant outbound connection (malware-cnc.rules) * 1:6198 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SQTR_VERIFY (malware-cnc.rules) * 1:25394 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/nt/th (malware-cnc.rules) * 1:25395 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/nt/sk (malware-cnc.rules) * 1:16820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (malware-cnc.rules) * 1:25396 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/dllhost/ac (malware-cnc.rules) * 1:25397 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/ms/check (malware-cnc.rules) * 1:25398 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/ms/flush (malware-cnc.rules) * 1:25399 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/win/wcx (malware-cnc.rules) * 1:25400 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/win/cab (malware-cnc.rules) * 1:25448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Jinch variant outbound connection (malware-cnc.rules) * 1:6357 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Need2Find (malware-cnc.rules) * 1:5770 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Casino (malware-cnc.rules) * 1:25465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:25470 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LoDo variant outbound connection (malware-cnc.rules) * 1:25471 <-> DISABLED <-> MALWARE-CNC Pushdo Spiral Traffic (malware-cnc.rules) * 1:5900 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Async HTTP Agent (malware-cnc.rules) * 1:5838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EI (malware-cnc.rules) * 1:5824 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Strip-Player (malware-cnc.rules) * 1:7832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Navhelper (malware-cnc.rules) * 1:5881 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - ftp delivery (malware-other.rules) * 1:5882 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - alert notification (malware-other.rules) * 1:7587 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - URLBlaze (malware-cnc.rules) * 1:7540 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - http protocol (malware-cnc.rules) * 1:7582 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pcast Live (malware-cnc.rules) * 1:16822 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:5774 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - FSW (malware-cnc.rules) * 1:5857 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWebSearchSearchAssistance (malware-cnc.rules) * 1:5880 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - smtp delivery (malware-other.rules) * 1:25476 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules) * 1:25477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:55281 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zegost-9753424-0 download attempt (malware-other.rules) * 1:25503 <-> DISABLED <-> MALWARE-CNC Necurs Rootkit sba.cgi (malware-cnc.rules) * 1:25504 <-> DISABLED <-> MALWARE-CNC Necurs Rootkit op.cgi (malware-cnc.rules) * 1:6270 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyBrowser (malware-cnc.rules) * 1:6197 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - smrtshpr-cs (malware-cnc.rules) * 1:25511 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:5955 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Popup Stopper (malware-cnc.rules) * 1:5908 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - redirect affiliate site request 1 (malware-other.rules) * 1:6354 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ProxyDown (malware-cnc.rules) * 1:5760 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - OSSProxy (malware-cnc.rules) * 1:55862 <-> ENABLED <-> SERVER-WEBAPP Microsoft SharePoint EntityInstanceIdEncoder remote code execution attempt (server-webapp.rules) * 1:6394 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - CodeguruBrowser (malware-cnc.rules) * 1:25529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:24531 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scondatie.A variant outbound connection (malware-cnc.rules) * 1:24532 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scondatie.A inbound connection (malware-cnc.rules) * 1:24563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Veli variant outbound connection (malware-cnc.rules) * 1:24534 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules) * 1:24533 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:24566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules) * 1:24630 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Klovbot variant outbound connection (malware-cnc.rules) * 1:24575 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Opera/9.61 (malware-cnc.rules) * 1:24568 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Mozilla/00 (malware-cnc.rules) * 1:24631 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Lizard/1.0 (malware-cnc.rules) * 1:25072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dulom variant outbound connection (malware-cnc.rules) * 1:25544 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ctwopop (malware-cnc.rules) * 1:24886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant outbound connection (malware-cnc.rules) * 1:6281 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - istsvc (malware-cnc.rules) * 1:16816 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:25530 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:6341 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spedia (malware-cnc.rules) * 1:7145 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - adfsgecoiwnf (malware-cnc.rules) * 1:25531 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25532 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25533 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - al (malware-cnc.rules) * 1:25541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sigly variant outbound connection (malware-cnc.rules) * 1:6491 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - snprtzdialno (malware-cnc.rules) * 1:25543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.VB variant outbound connection (malware-cnc.rules) * 1:5909 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - redirect affiliate site request 2 (malware-other.rules) * 1:9329 <-> DISABLED <-> MALWARE-CNC yarner.b smtp propagation detection (malware-cnc.rules) * 1:9418 <-> DISABLED <-> MALWARE-CNC bagle.a http notification detection (malware-cnc.rules) * 1:17815 <-> DISABLED <-> MALWARE-CNC Thinkpoint fake antivirus - user display (malware-cnc.rules) * 1:9419 <-> DISABLED <-> MALWARE-OTHER sasser attempt (malware-other.rules) * 1:25070 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules) * 1:24634 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - vaccinepc (malware-cnc.rules) * 1:24633 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - test_hInternet (malware-cnc.rules) * 1:24632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VaccinePC variant outbound connection (malware-cnc.rules) * 1:24858 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quarian variant outbound connection - proxy connection (malware-cnc.rules) * 1:16811 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16924 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /inst.php?fff= (malware-cnc.rules) * 1:17235 <-> DISABLED <-> MALWARE-CNC VBMania mass mailing worm download (malware-cnc.rules) * 1:16833 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16826 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16832 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16812 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:18247 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ErrCode - W32/Fujacks.htm (malware-cnc.rules) * 1:16827 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:18459 <-> DISABLED <-> MALWARE-CNC Night Dragon keepalive message (malware-cnc.rules) * 1:17234 <-> DISABLED <-> MALWARE-CNC VBMania mass mailing worm activity (malware-cnc.rules) * 1:16824 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16828 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:25026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Juasek variant outbound connection (malware-cnc.rules) * 1:24523 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MautoitRAT variant outbound connection (malware-cnc.rules) * 1:24873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gnutler variant outbound connection (malware-cnc.rules) * 1:24885 <-> DISABLED <-> MALWARE-CNC Potential Banking Trojan Config File Download (malware-cnc.rules) * 1:25009 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules) * 1:10072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:11308 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpyDawn (malware-cnc.rules) * 1:10179 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - BysooTB (malware-cnc.rules) * 1:11313 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spy-Locked (malware-cnc.rules) * 1:15553 <-> DISABLED <-> MALWARE-CNC Sality virus HTTP GET request (malware-cnc.rules) * 1:10403 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duntek Checkin GET Request (malware-cnc.rules) * 1:15564 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.file download (malware-cnc.rules) * 1:15563 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.server connection (malware-cnc.rules) * 1:15165 <-> DISABLED <-> MALWARE-CNC Pushdo client communication (malware-cnc.rules) * 1:15730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules) * 1:15481 <-> DISABLED <-> MALWARE-CNC Zeus/Zbot malware config file download request (malware-cnc.rules) * 1:16269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.tdss.1.gen install-time detection - findzproportal1.com (malware-cnc.rules) * 1:15938 <-> DISABLED <-> MALWARE-CNC SubSeven client connection to server (malware-cnc.rules) * 1:15565 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.file download (malware-cnc.rules) * 1:16144 <-> DISABLED <-> MALWARE-CNC Bredolab bot variant outbound connection (malware-cnc.rules) * 1:16289 <-> DISABLED <-> MALWARE-CNC Clob bot traffic (malware-cnc.rules) * 1:16391 <-> DISABLED <-> MALWARE-CNC Gozi Win.Trojan.connection to C&C (malware-cnc.rules) * 1:16268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.tdss.1.gen install-time detection - yournewsblog.net (malware-cnc.rules) * 1:16362 <-> DISABLED <-> MALWARE-CNC SpyForms malware call home (malware-cnc.rules) * 1:16368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hydraq variant outbound connection (malware-cnc.rules) * 1:25007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wealwedst variant outbound connection (malware-cnc.rules) * 1:24382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules) * 1:24440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chiviper variant outbound connection (malware-cnc.rules) * 1:24441 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Testing (malware-cnc.rules) * 1:24442 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alerter COM (malware-cnc.rules) * 1:24439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Encriyoko variant outbound connection (malware-cnc.rules) * 1:24491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo redirection landing page pre-infection (malware-cnc.rules) * 1:24492 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24493 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24482 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chif variant outbound connection (malware-cnc.rules) * 1:24495 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24514 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lucuis variant outbound connection (malware-cnc.rules) * 1:24504 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules) * 1:25010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules) * 1:16459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.command and control communication (malware-cnc.rules) * 1:16484 <-> DISABLED <-> MALWARE-CNC Koobface variant outbound connection (malware-cnc.rules) * 1:16485 <-> DISABLED <-> MALWARE-CNC Koobface request for captcha (malware-cnc.rules) * 1:16493 <-> DISABLED <-> MALWARE-CNC TT-bot botnet variant outbound connection (malware-cnc.rules) * 1:16496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.hacktool variant outbound connection (malware-cnc.rules) * 1:16497 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Tear Application (malware-cnc.rules) * 1:16489 <-> DISABLED <-> MALWARE-CNC Bobax botnet variant outbound connection (malware-cnc.rules) * 1:16527 <-> DISABLED <-> MALWARE-CNC Zbot malware config file download request (malware-cnc.rules) * 1:16528 <-> DISABLED <-> MALWARE-CNC Zbot malware config file download request (malware-cnc.rules) * 1:16551 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - malware (malware-cnc.rules) * 1:16526 <-> DISABLED <-> MALWARE-CNC VanBot IRC communication (malware-cnc.rules) * 1:16670 <-> DISABLED <-> MALWARE-CNC Koobface worm executable download (malware-cnc.rules) * 1:16695 <-> DISABLED <-> MALWARE-CNC Rogue AV download/update (malware-cnc.rules) * 1:16809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FraudPack variant outbound connection (malware-cnc.rules) * 1:16669 <-> DISABLED <-> MALWARE-CNC Spyeye bot variant outbound connection (malware-cnc.rules) * 1:23600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue outbound connection (malware-cnc.rules) * 1:19038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jzzer.A variant outbound connection (malware-cnc.rules) * 1:19047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - RCleanT (malware-cnc.rules) * 1:19053 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Nusump.A variant outbound connection (malware-cnc.rules) * 1:19055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gosik.A registration (malware-cnc.rules) * 1:19056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (malware-cnc.rules) * 1:19052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Httpbot.qdc variant outbound connection (malware-cnc.rules) * 1:19058 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Faketube update request (malware-cnc.rules) * 1:19164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyEye variant outbound connection (malware-cnc.rules) * 1:19165 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Microsoft Internet Explorer (malware-cnc.rules) * 1:19057 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (malware-cnc.rules) * 1:19328 <-> DISABLED <-> MALWARE-CNC PointGuide variant outbound connection (malware-cnc.rules) * 1:19339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper Win.Trojan.Agent.alda variant outbound connection (malware-cnc.rules) * 1:19347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poison.banr variant outbound connection (malware-cnc.rules) * 1:19175 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent wget 3.0 (malware-cnc.rules) * 1:19351 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Clicker Win.Trojan.Hatigh.C variant outbound connection (malware-cnc.rules) * 1:19353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.bkhu variant outbound connection (malware-cnc.rules) * 1:19357 <-> DISABLED <-> MALWARE-CNC Win.Worm.Sohanad.ila variant outbound connection (malware-cnc.rules) * 1:19348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.FraudLoad.emq variant outbound connection (malware-cnc.rules) * 1:19429 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy Win.Trojan.Dosenjo.C variant outbound connection (malware-cnc.rules) * 1:19435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmus.203 variant outbound connection (malware-cnc.rules) * 1:19480 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string STORMDDOS - Backdoor.Win32.Inject.ctt (malware-cnc.rules) * 1:19358 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XYTvn.A variant outbound connection (malware-cnc.rules) * 1:19490 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koceg.B variant outbound connection (malware-cnc.rules) * 1:19493 <-> DISABLED <-> MALWARE-CNC URI request for known malicious uri config.ini on 3322.org domain (malware-cnc.rules) * 1:19579 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Potao.A variant outbound connection (malware-cnc.rules) * 1:19482 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ErrorFix (malware-cnc.rules) * 1:19590 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Savnut.B variant outbound connection (malware-cnc.rules) * 1:19622 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - pte.aspx?ver= (malware-cnc.rules) * 1:19623 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - vic.aspx?ver= (malware-cnc.rules) * 1:19589 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string MacProtector (malware-cnc.rules) * 1:19626 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /setup_b.asp?prj= (malware-cnc.rules) * 1:19627 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /r_autoidcnt.asp?mer_seq= (malware-cnc.rules) * 1:19628 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /1cup/script.php (malware-cnc.rules) * 1:19625 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - .sys.php?getexe= (malware-cnc.rules) * 1:19632 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/adduser.php?uid= (malware-cnc.rules) * 1:19633 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/tasks.php?uid= (malware-cnc.rules) * 1:19635 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /app/?prj= (malware-cnc.rules) * 1:19631 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - AnSSip= (malware-cnc.rules) * 1:19637 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /install.asp?mac= (malware-cnc.rules) * 1:19638 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /kx4.txt (malware-cnc.rules) * 1:19657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant traffic (malware-cnc.rules) * 1:19636 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /blog/images/3521.jpg?v (malware-cnc.rules) * 1:19702 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zboter.E variant outbound connection (malware-cnc.rules) * 1:19703 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dusta.br outbound connnection (malware-cnc.rules) * 1:19704 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (malware-cnc.rules) * 1:19658 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MCnovogic.A variant outbound connection (malware-cnc.rules) * 1:19706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cer variant outbound connection (malware-cnc.rules) * 1:19711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules) * 1:19712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:19705 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (malware-cnc.rules) * 1:19723 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pherbot variant outbound connection (malware-cnc.rules) * 1:19730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KukuBot variant outbound connection (malware-cnc.rules) * 1:19731 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkwebot variant outbound connection (malware-cnc.rules) * 1:19722 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poshtroper variant outbound connection (malware-cnc.rules) * 1:19756 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Opera/8.89 - P2P-Worm.Win32.Palevo.ddm (malware-cnc.rules) * 1:19761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftpharvxqq variant outbound connection (malware-cnc.rules) * 1:19765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:19732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Idicaf variant outbound connection (malware-cnc.rules) * 1:19769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos outbound indicator (malware-cnc.rules) * 1:19770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (malware-cnc.rules) * 1:19771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (malware-cnc.rules) * 1:19767 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msposer.A variant outbound connection (malware-cnc.rules) * 1:19801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules) * 1:19864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nvbpass variant outbound connection (malware-cnc.rules) * 1:19882 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /160.rar - Win32/Morto.A (malware-cnc.rules) * 1:19778 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /games/java_trust.php?f= (malware-cnc.rules) * 1:19913 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - optima/index.php (malware-cnc.rules) * 1:19964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:19995 <-> DISABLED <-> MALWARE-CNC Waledac variant outbound connection (malware-cnc.rules) * 1:19912 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DelfInject.gen!X variant outbound connection (malware-cnc.rules) * 1:20011 <-> DISABLED <-> MALWARE-CNC Briewots.A runtime traffic detected (malware-cnc.rules) * 1:20012 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string feranet/0.4 - Win32/Ferabsa.A (malware-cnc.rules) * 1:20080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi.A variant outbound connection (malware-cnc.rules) * 1:20009 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string Baby Remote - Win32/Babmote.A (malware-cnc.rules) * 1:20099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xtrat.A variant outbound connection (malware-cnc.rules) * 1:20104 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - InfoBot (malware-cnc.rules) * 1:20105 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - IPHONE (malware-cnc.rules) * 1:20081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Yakes.cbi variant outbound connection (malware-cnc.rules) * 1:20201 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - meterpreter (malware-cnc.rules) * 1:20202 <-> DISABLED <-> MALWARE-CNC Apple OSX.Revir-1 variant outbound connection (malware-cnc.rules) * 1:20213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:20106 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - darkness (malware-cnc.rules) * 1:20228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant outbound connection (malware-cnc.rules) * 1:20229 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jinchodz variant outbound connection (malware-cnc.rules) * 1:20230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 0pera 10 (malware-cnc.rules) * 1:20221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules) * 1:20232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cycbot variant outbound connection (malware-cnc.rules) * 1:20280 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:20281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:20231 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozilla//4.0 (malware-cnc.rules) * 1:20527 <-> DISABLED <-> MALWARE-CNC Sirefef initial C&C connection variant outbound connection (malware-cnc.rules) * 1:20754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut-3 variant outbound connection (malware-cnc.rules) * 1:20755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Krap variant outbound connection (malware-cnc.rules) * 1:20293 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MBVDFRESCT (malware-cnc.rules) * 1:20759 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gbot.oce variant outbound connection (malware-cnc.rules) * 1:20762 <-> DISABLED <-> MALWARE-CNC MacOS.Flashback.A variant outbound connection (malware-cnc.rules) * 1:20763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye-206 variant outbound connection (malware-cnc.rules) * 1:20756 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules) * 1:20927 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye-207 variant outbound connection (malware-cnc.rules) * 1:21047 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Sykipot C&C (malware-cnc.rules) * 1:21175 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Win32 Amti (malware-cnc.rules) * 1:20837 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mecklow.C runtime traffic detected (malware-cnc.rules) * 1:21206 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Aldi Bot (malware-cnc.rules) * 1:21208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RShot.brw variant outbound connection (malware-cnc.rules) * 1:21225 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Flag (malware-cnc.rules) * 1:21188 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string API Guide test program (malware-cnc.rules) * 1:21239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:21240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater variant outbound connection (malware-cnc.rules) * 1:21241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater initial variant outbound connection (malware-cnc.rules) * 1:21230 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Betad variant outbound connection (malware-cnc.rules) * 1:21257 <-> DISABLED <-> MALWARE-CNC URI - known scanner tool muieblackcat (malware-cnc.rules) * 1:21269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cycbot variant outbound connection (malware-cnc.rules) * 1:21278 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Google Bot (malware-cnc.rules) * 1:21242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater variant outbound connection (malware-cnc.rules) * 1:21311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules) * 1:21313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules) * 1:21318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV TDSS/PurpleHaze variant outbound connection - base64 encoded (malware-cnc.rules) * 1:21306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye variant outbound connectivity check (malware-cnc.rules) * 1:21380 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - QvodDown (malware-cnc.rules) * 1:21418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FareIt variant outbound connection (malware-cnc.rules) * 1:21426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:21327 <-> DISABLED <-> MALWARE-CNC User-Agent ASafaWeb Scan (malware-cnc.rules) * 1:21428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Generic-24 variant outbound connection (malware-cnc.rules) * 1:21430 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BeeOne runtime traffic detected (malware-cnc.rules) * 1:21434 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mentor variant outbound connection (malware-cnc.rules) * 1:21427 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules) * 1:21435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mentor inbound connection - post infection (malware-cnc.rules) * 1:21440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Murofet variant outbound connection (malware-cnc.rules) * 1:21441 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules) * 1:21469 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 1234567890 (malware-cnc.rules) * 1:21475 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string core-project (malware-cnc.rules) * 1:21476 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent YZF (malware-cnc.rules) * 1:21455 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string psi (malware-cnc.rules) * 1:21526 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent TCYWinHTTPDownload (malware-cnc.rules) * 1:21538 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound payload request (malware-cnc.rules) * 1:21547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:21525 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:21551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kahn variant outbound connection (malware-cnc.rules) * 1:21552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kahn variant outbound connection (malware-cnc.rules) * 1:21562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bredolab variant outbound connection (malware-cnc.rules) * 1:21548 <-> DISABLED <-> MALWARE-CNC Cutwail landing page connection (malware-cnc.rules) * 1:21564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules) * 1:21565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules) * 1:21591 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent Gamevance tl_v (malware-cnc.rules) * 1:21563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules) * 1:21622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Georbot variant outbound connection (malware-cnc.rules) * 1:21631 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinowal javascript delivery method (malware-cnc.rules) * 1:21632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules) * 1:21593 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules) * 1:21638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aluereon TDSS infection variant outbound connection (malware-cnc.rules) * 1:21639 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent mus - TDSS related (malware-cnc.rules) * 1:21755 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules) * 1:21636 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent gbot (malware-cnc.rules) * 1:21757 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules) * 1:21758 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules) * 1:21760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:21756 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules) * 1:21852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orsam variant outbound connection (malware-cnc.rules) * 1:22058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules) * 1:21877 <-> DISABLED <-> MALWARE-CNC Apple OSX.Sabpub variant outbound connection (malware-cnc.rules) * 1:21761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:21911 <-> DISABLED <-> MALWARE-CNC Aldi variant outbound connection C&C checkin (malware-cnc.rules) * 1:21912 <-> DISABLED <-> MALWARE-CNC Aldi bot variant outbound connection user-agent (malware-cnc.rules) * 1:21925 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent BOT/0.1 (malware-cnc.rules) * 1:21910 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware user-agent (malware-cnc.rules) * 1:21946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (malware-cnc.rules) * 1:21965 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VB WININET (malware-cnc.rules) * 1:21983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BamCompiled variant outbound connection (malware-cnc.rules) * 1:21945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (malware-cnc.rules) * 1:22033 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware variant outbound connection (malware-cnc.rules) * 1:22034 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware variant outbound connection (malware-cnc.rules) * 1:22047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jokbot variant outbound connection (malware-cnc.rules) * 1:21984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BamCompiled variant inbound updates (malware-cnc.rules) * 1:22054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prorat variant outbound connection (malware-cnc.rules) * 1:22059 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:22060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fepgul variant outbound connection (malware-cnc.rules) * 1:22048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus P2P outbound connection (malware-cnc.rules) * 1:22100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Midhos variant outbound connection (malware-cnc.rules) * 1:22103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coswid.klk variant outbound connection (malware-cnc.rules) * 1:22937 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxyier variant outbound connection (malware-cnc.rules) * 1:22099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Piroxcc variant outbound connection (malware-cnc.rules) * 1:23019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Flame malware (malware-cnc.rules) * 1:23057 <-> DISABLED <-> MALWARE-CNC Flame malware connection - /view.php (malware-cnc.rules) * 1:23103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik variant outbound connection (malware-cnc.rules) * 1:22939 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent RAbcLib (malware-cnc.rules) * 1:23109 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lolbot variant outbound connection (malware-cnc.rules) * 1:23242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.boxg connect to cnc server (malware-cnc.rules) * 1:23244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules) * 1:23104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:23254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf.CL variant outbound connection (malware-cnc.rules) * 1:23261 <-> DISABLED <-> MALWARE-CNC known command and control traffic - Pushbot (malware-cnc.rules) * 1:23262 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:23245 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:23332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dishigy variant outbound connection (malware-cnc.rules) * 1:23334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader initial C&C checkin (malware-cnc.rules) * 1:23335 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:23307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper connect to server (malware-cnc.rules) * 1:23382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyEye variant outbound connection (malware-cnc.rules) * 1:23391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hioles.C variant outbound connection (malware-cnc.rules) * 1:23394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbvoleur.a variant outbound connection (malware-cnc.rules) * 1:23342 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:23473 <-> DISABLED <-> MALWARE-CNC URI request for runforestrun - JS.Runfore (malware-cnc.rules) * 1:23493 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules) * 1:23492 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules) * 1:23467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mazben file download (malware-cnc.rules) * 1:23627 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - PoisonIvy RAT (malware-cnc.rules) * 1:23628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pincav variant outbound connection (malware-cnc.rules) * 1:23633 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kegotip variant report to cnc-server (malware-cnc.rules) * 1:23615 <-> DISABLED <-> MALWARE-CNC ACAD.Medre.A variant outbound connection (malware-cnc.rules) * 1:23778 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik variant outbound connection (malware-cnc.rules) * 1:23824 <-> DISABLED <-> MALWARE-CNC Gauss malware check-in (malware-cnc.rules) * 1:23893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DistTrack command and control traffic (malware-cnc.rules) * 1:23635 <-> DISABLED <-> MALWARE-CNC Gozi trojan checkin (malware-cnc.rules) * 1:23938 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ibabyfa.dldr variant outbound connection (malware-cnc.rules) * 1:23942 <-> DISABLED <-> MALWARE-CNC Win.Trojan.C0D0SO0 variant outbound traffic (malware-cnc.rules) * 1:23945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor variant outbound connection (malware-cnc.rules) * 1:23903 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - you (malware-cnc.rules) * 1:23968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crisis variant outbound connection (malware-cnc.rules) * 1:23972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:23978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hostposer variant outbound connection (malware-cnc.rules) * 1:23946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor file download (malware-cnc.rules) * 1:24062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hufysk variant outbound connection (malware-cnc.rules) * 1:24111 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Post (malware-cnc.rules) * 1:24169 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:23987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik.Kazy variant outbound connection (malware-cnc.rules) * 1:24211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xamtrav update protocol connection (malware-cnc.rules) * 1:24214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seveto variant outbound connection (malware-cnc.rules) * 1:24215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:24185 <-> DISABLED <-> MALWARE-CNC Win.Work.Rokiwobi inbound command from C&C (malware-cnc.rules) * 1:24217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules) * 1:24224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules) * 1:24235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wuwo initial infection variant outbound connection (malware-cnc.rules) * 1:24216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Biloky variant outbound connection (malware-cnc.rules) * 1:24361 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi.Prinimalka variant outbound connection (malware-cnc.rules) * 1:24375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules) * 1:24381 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules) * 1:24236 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wuwo post infection variant outbound connection (malware-cnc.rules) * 1:25049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik.Kolilks variant outbound connection (malware-cnc.rules) * 1:10077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm command and control propagation detected (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:55898 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakesysdef-9772554-0 download attempt (malware-other.rules) * 1:55870 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9769987-0 download attempt (malware-other.rules) * 1:55889 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Browsefox-9771664-0 download attempt (malware-other.rules) * 1:55884 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Cutwail-9771166-0 download attempt (malware-other.rules) * 1:55910 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773289-0 download attempt (malware-other.rules) * 1:55864 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ursnif-9769699-0 download attempt (malware-other.rules) * 1:55921 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 1:55903 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Sdyn-9772921-0 download attempt (malware-other.rules) * 1:55892 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Kovter-9771867-0 download attempt (malware-other.rules) * 1:55895 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9772275-0 download attempt (malware-other.rules) * 1:55911 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773282-0 download attempt (malware-other.rules) * 1:55881 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9770992-0 download attempt (malware-other.rules) * 1:55918 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 1:55906 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9773106-0 download attempt (malware-other.rules) * 1:55879 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9770611-0 download attempt (malware-other.rules) * 1:55913 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9773470-0 download attempt (malware-other.rules) * 1:55912 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773282-0 download attempt (malware-other.rules) * 1:55875 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bdld-9770176-0 download attempt (malware-other.rules) * 1:55883 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Cutwail-9771166-0 download attempt (malware-other.rules) * 1:55907 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9773294-0 download attempt (malware-other.rules) * 1:55897 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakesysdef-9772554-0 download attempt (malware-other.rules) * 1:55888 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9771413-0 download attempt (malware-other.rules) * 1:55902 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9772681-0 download attempt (malware-other.rules) * 1:55893 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9771891-0 download attempt (malware-other.rules) * 1:55899 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9772677-0 download attempt (malware-other.rules) * 1:55922 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender privilege escalation attempt (os-windows.rules) * 1:55885 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9771263-0 download attempt (malware-other.rules) * 1:55876 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bdld-9770176-0 download attempt (malware-other.rules) * 1:55914 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9773470-0 download attempt (malware-other.rules) * 1:55909 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773289-0 download attempt (malware-other.rules) * 1:55877 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Drolnux-9770173-0 download attempt (malware-other.rules) * 1:55916 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Neobar-9773833-0 download attempt (malware-other.rules) * 1:55891 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Kovter-9771867-0 download attempt (malware-other.rules) * 1:55866 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Bulz-9769773-0 download attempt (malware-other.rules) * 1:55901 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9772681-0 download attempt (malware-other.rules) * 1:55887 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9771413-0 download attempt (malware-other.rules) * 1:55882 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9770992-0 download attempt (malware-other.rules) * 1:55880 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9770611-0 download attempt (malware-other.rules) * 1:55927 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant script download attempt (malware-cnc.rules) * 1:55865 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Bulz-9769773-0 download attempt (malware-other.rules) * 1:55904 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Sdyn-9772921-0 download attempt (malware-other.rules) * 1:55923 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender privilege escalation attempt (os-windows.rules) * 1:55869 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9769987-0 download attempt (malware-other.rules) * 1:55908 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9773294-0 download attempt (malware-other.rules) * 1:55873 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9770097-0 download attempt (malware-other.rules) * 1:55871 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9770089-0 download attempt (malware-other.rules) * 1:55894 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9771891-0 download attempt (malware-other.rules) * 1:55905 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9773106-0 download attempt (malware-other.rules) * 1:55896 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9772275-0 download attempt (malware-other.rules) * 1:55872 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9770089-0 download attempt (malware-other.rules) * 1:55928 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant script download attempt (malware-cnc.rules) * 1:55878 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Drolnux-9770173-0 download attempt (malware-other.rules) * 1:55900 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9772677-0 download attempt (malware-other.rules) * 1:55890 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Browsefox-9771664-0 download attempt (malware-other.rules) * 1:55920 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 1:55926 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant outbound connection (malware-cnc.rules) * 1:55868 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agzz8qk-9769774-0 download attempt (malware-other.rules) * 1:55867 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agzz8qk-9769774-0 download attempt (malware-other.rules) * 1:55919 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 1:55874 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9770097-0 download attempt (malware-other.rules) * 1:55886 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9771263-0 download attempt (malware-other.rules) * 1:55915 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Neobar-9773833-0 download attempt (malware-other.rules) * 1:55863 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ursnif-9769699-0 download attempt (malware-other.rules) * 3:55924 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55917 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1159 attack attempt (server-webapp.rules) * 3:55925 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules)
* 1:9420 <-> DISABLED <-> MALWARE-OTHER korgo attempt (malware-other.rules) * 1:25028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peed variant outbound connection (malware-cnc.rules) * 1:16812 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:5901 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - AdTools (malware-cnc.rules) * 1:10066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:5954 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Browser Pal (malware-cnc.rules) * 1:18934 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (Coreflood -- malware-cnc.rules) * 1:7187 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules) * 1:7511 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ed2k edonkey2000 runtime detection (malware-cnc.rules) * 1:25075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules) * 1:6354 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ProxyDown (malware-cnc.rules) * 1:9418 <-> DISABLED <-> MALWARE-CNC bagle.a http notification detection (malware-cnc.rules) * 1:9419 <-> DISABLED <-> MALWARE-OTHER sasser attempt (malware-other.rules) * 1:9329 <-> DISABLED <-> MALWARE-CNC yarner.b smtp propagation detection (malware-cnc.rules) * 1:25071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Macnsed variant outbound connection (malware-cnc.rules) * 1:6364 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - iMeshBar (malware-cnc.rules) * 1:7145 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - adfsgecoiwnf (malware-cnc.rules) * 1:6281 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - istsvc (malware-cnc.rules) * 1:6186 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpywareStrike (malware-cnc.rules) * 1:25098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Daws variant outbound connection (malware-cnc.rules) * 1:7116 <-> DISABLED <-> MALWARE-CNC y3k 1.2 variant outbound connection icq notification (malware-cnc.rules) * 1:5770 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Casino (malware-cnc.rules) * 1:55862 <-> ENABLED <-> SERVER-WEBAPP Microsoft SharePoint EntityInstanceIdEncoder remote code execution attempt (server-webapp.rules) * 1:6357 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Need2Find (malware-cnc.rules) * 1:6394 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - CodeguruBrowser (malware-cnc.rules) * 1:25545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Printlove variant outbound connection (malware-cnc.rules) * 1:5955 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Popup Stopper (malware-cnc.rules) * 1:5908 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - redirect affiliate site request 1 (malware-other.rules) * 1:5760 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - OSSProxy (malware-cnc.rules) * 1:6197 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - smrtshpr-cs (malware-cnc.rules) * 1:10072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:25076 <-> DISABLED <-> MALWARE-CNC Win.Worm.Joanap variant variant outbound connection (malware-cnc.rules) * 1:25030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nevsyn variant outbound connection (malware-cnc.rules) * 1:25072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dulom variant outbound connection (malware-cnc.rules) * 1:25029 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:7537 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Arrow Search (malware-cnc.rules) * 1:6491 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - snprtzdialno (malware-cnc.rules) * 1:5913 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - My Agent (malware-cnc.rules) * 1:5970 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Feat2 Updater (malware-cnc.rules) * 1:6362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MGS-Internal-Web-Manager (malware-cnc.rules) * 1:10113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm command and control propagation detected (malware-cnc.rules) * 1:16811 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:7587 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - URLBlaze (malware-cnc.rules) * 1:7832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Navhelper (malware-cnc.rules) * 1:5774 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - FSW (malware-cnc.rules) * 1:5824 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Strip-Player (malware-cnc.rules) * 1:5882 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - alert notification (malware-other.rules) * 1:8356 <-> DISABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection - send log out through email (malware-other.rules) * 1:7582 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pcast Live (malware-cnc.rules) * 1:5880 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - smtp delivery (malware-other.rules) * 1:25546 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy.Agent variant outbound connection (malware-cnc.rules) * 1:5900 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Async HTTP Agent (malware-cnc.rules) * 1:5838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EI (malware-cnc.rules) * 1:5857 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWebSearchSearchAssistance (malware-cnc.rules) * 1:7540 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - http protocol (malware-cnc.rules) * 1:25054 <-> DISABLED <-> MALWARE-CNC ZeroAccess Clickserver callback (malware-cnc.rules) * 1:5808 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules) * 1:16459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.command and control communication (malware-cnc.rules) * 1:7572 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - DigExt (malware-cnc.rules) * 1:16485 <-> DISABLED <-> MALWARE-CNC Koobface request for captcha (malware-cnc.rules) * 1:8357 <-> DISABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection - send alert out through email (malware-other.rules) * 1:16489 <-> DISABLED <-> MALWARE-CNC Bobax botnet variant outbound connection (malware-cnc.rules) * 1:5805 <-> DISABLED <-> MALWARE-OTHER Trackware myway speedbar runtime detection - switch engines (malware-other.rules) * 1:8355 <-> ENABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection (malware-other.rules) * 1:25077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Halnine variant outbound connection (malware-cnc.rules) * 1:10073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm command and control propagation detected (malware-cnc.rules) * 1:16484 <-> DISABLED <-> MALWARE-CNC Koobface variant outbound connection (malware-cnc.rules) * 1:25070 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules) * 1:10065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:5800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWay (malware-cnc.rules) * 1:5881 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - ftp delivery (malware-other.rules) * 1:25049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik.Kolilks variant outbound connection (malware-cnc.rules) * 1:10069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:25544 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ctwopop (malware-cnc.rules) * 1:25073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lowzone variant outbound connection (malware-cnc.rules) * 1:25100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Njrat variant outbound connection (malware-cnc.rules) * 1:25107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25119 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - NewBrandTest (malware-cnc.rules) * 1:25224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess URI and Referer (malware-cnc.rules) * 1:25231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25237 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Firelog variant outbound connection (malware-cnc.rules) * 1:25241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetTrash variant outbound connection (malware-cnc.rules) * 1:25242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duapz variant outbound connection (malware-cnc.rules) * 1:25245 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - me0hoi (malware-cnc.rules) * 1:25249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Basutra variant outbound connection (malware-cnc.rules) * 1:25258 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast variant outbound connection (malware-cnc.rules) * 1:25259 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BancosBanload variant outbound connection (malware-cnc.rules) * 1:25271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules) * 1:25371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ruskill variant outbound connection (malware-cnc.rules) * 1:25395 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/nt/sk (malware-cnc.rules) * 1:25396 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/dllhost/ac (malware-cnc.rules) * 1:25399 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/win/wcx (malware-cnc.rules) * 1:25400 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/win/cab (malware-cnc.rules) * 1:25470 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LoDo variant outbound connection (malware-cnc.rules) * 1:25471 <-> DISABLED <-> MALWARE-CNC Pushdo Spiral Traffic (malware-cnc.rules) * 1:25503 <-> DISABLED <-> MALWARE-CNC Necurs Rootkit sba.cgi (malware-cnc.rules) * 1:25504 <-> DISABLED <-> MALWARE-CNC Necurs Rootkit op.cgi (malware-cnc.rules) * 1:25530 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25531 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sigly variant outbound connection (malware-cnc.rules) * 1:25543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.VB variant outbound connection (malware-cnc.rules) * 1:16809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FraudPack variant outbound connection (malware-cnc.rules) * 1:11308 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpyDawn (malware-cnc.rules) * 1:11313 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spy-Locked (malware-cnc.rules) * 1:15553 <-> DISABLED <-> MALWARE-CNC Sality virus HTTP GET request (malware-cnc.rules) * 1:10403 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duntek Checkin GET Request (malware-cnc.rules) * 1:10179 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - BysooTB (malware-cnc.rules) * 1:15563 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.server connection (malware-cnc.rules) * 1:15730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules) * 1:15481 <-> DISABLED <-> MALWARE-CNC Zeus/Zbot malware config file download request (malware-cnc.rules) * 1:15165 <-> DISABLED <-> MALWARE-CNC Pushdo client communication (malware-cnc.rules) * 1:15938 <-> DISABLED <-> MALWARE-CNC SubSeven client connection to server (malware-cnc.rules) * 1:16269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.tdss.1.gen install-time detection - findzproportal1.com (malware-cnc.rules) * 1:15565 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.file download (malware-cnc.rules) * 1:15564 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.file download (malware-cnc.rules) * 1:16289 <-> DISABLED <-> MALWARE-CNC Clob bot traffic (malware-cnc.rules) * 1:16391 <-> DISABLED <-> MALWARE-CNC Gozi Win.Trojan.connection to C&C (malware-cnc.rules) * 1:16268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.tdss.1.gen install-time detection - yournewsblog.net (malware-cnc.rules) * 1:16144 <-> DISABLED <-> MALWARE-CNC Bredolab bot variant outbound connection (malware-cnc.rules) * 1:16368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hydraq variant outbound connection (malware-cnc.rules) * 1:16362 <-> DISABLED <-> MALWARE-CNC SpyForms malware call home (malware-cnc.rules) * 1:19801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules) * 1:19864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nvbpass variant outbound connection (malware-cnc.rules) * 1:19771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (malware-cnc.rules) * 1:19912 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DelfInject.gen!X variant outbound connection (malware-cnc.rules) * 1:19913 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - optima/index.php (malware-cnc.rules) * 1:19964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:19882 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /160.rar - Win32/Morto.A (malware-cnc.rules) * 1:20009 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string Baby Remote - Win32/Babmote.A (malware-cnc.rules) * 1:20011 <-> DISABLED <-> MALWARE-CNC Briewots.A runtime traffic detected (malware-cnc.rules) * 1:20012 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string feranet/0.4 - Win32/Ferabsa.A (malware-cnc.rules) * 1:19995 <-> DISABLED <-> MALWARE-CNC Waledac variant outbound connection (malware-cnc.rules) * 1:20081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Yakes.cbi variant outbound connection (malware-cnc.rules) * 1:20099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xtrat.A variant outbound connection (malware-cnc.rules) * 1:20104 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - InfoBot (malware-cnc.rules) * 1:20080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi.A variant outbound connection (malware-cnc.rules) * 1:20106 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - darkness (malware-cnc.rules) * 1:20201 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - meterpreter (malware-cnc.rules) * 1:20202 <-> DISABLED <-> MALWARE-CNC Apple OSX.Revir-1 variant outbound connection (malware-cnc.rules) * 1:20105 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - IPHONE (malware-cnc.rules) * 1:20221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules) * 1:20228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant outbound connection (malware-cnc.rules) * 1:20229 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jinchodz variant outbound connection (malware-cnc.rules) * 1:20213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:20231 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozilla//4.0 (malware-cnc.rules) * 1:20232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cycbot variant outbound connection (malware-cnc.rules) * 1:20280 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:20230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 0pera 10 (malware-cnc.rules) * 1:20293 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MBVDFRESCT (malware-cnc.rules) * 1:20527 <-> DISABLED <-> MALWARE-CNC Sirefef initial C&C connection variant outbound connection (malware-cnc.rules) * 1:20754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut-3 variant outbound connection (malware-cnc.rules) * 1:20281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:20756 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules) * 1:20759 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gbot.oce variant outbound connection (malware-cnc.rules) * 1:20762 <-> DISABLED <-> MALWARE-CNC MacOS.Flashback.A variant outbound connection (malware-cnc.rules) * 1:20755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Krap variant outbound connection (malware-cnc.rules) * 1:20837 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mecklow.C runtime traffic detected (malware-cnc.rules) * 1:21047 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Sykipot C&C (malware-cnc.rules) * 1:20927 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye-207 variant outbound connection (malware-cnc.rules) * 1:21188 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string API Guide test program (malware-cnc.rules) * 1:20763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye-206 variant outbound connection (malware-cnc.rules) * 1:21206 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Aldi Bot (malware-cnc.rules) * 1:21208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RShot.brw variant outbound connection (malware-cnc.rules) * 1:21175 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Win32 Amti (malware-cnc.rules) * 1:21230 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Betad variant outbound connection (malware-cnc.rules) * 1:21239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:21240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater variant outbound connection (malware-cnc.rules) * 1:21225 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Flag (malware-cnc.rules) * 1:21242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater variant outbound connection (malware-cnc.rules) * 1:21257 <-> DISABLED <-> MALWARE-CNC URI - known scanner tool muieblackcat (malware-cnc.rules) * 1:21269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cycbot variant outbound connection (malware-cnc.rules) * 1:21306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye variant outbound connectivity check (malware-cnc.rules) * 1:21241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater initial variant outbound connection (malware-cnc.rules) * 1:21311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules) * 1:21313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules) * 1:21327 <-> DISABLED <-> MALWARE-CNC User-Agent ASafaWeb Scan (malware-cnc.rules) * 1:21278 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Google Bot (malware-cnc.rules) * 1:21380 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - QvodDown (malware-cnc.rules) * 1:21418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FareIt variant outbound connection (malware-cnc.rules) * 1:21318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV TDSS/PurpleHaze variant outbound connection - base64 encoded (malware-cnc.rules) * 1:21427 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules) * 1:21428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Generic-24 variant outbound connection (malware-cnc.rules) * 1:21430 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BeeOne runtime traffic detected (malware-cnc.rules) * 1:21426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:21435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mentor inbound connection - post infection (malware-cnc.rules) * 1:21436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Startpage variant outbound connection (malware-cnc.rules) * 1:21440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Murofet variant outbound connection (malware-cnc.rules) * 1:21434 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mentor variant outbound connection (malware-cnc.rules) * 1:21455 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string psi (malware-cnc.rules) * 1:21441 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules) * 1:21469 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 1234567890 (malware-cnc.rules) * 1:21475 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string core-project (malware-cnc.rules) * 1:21525 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:21526 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent TCYWinHTTPDownload (malware-cnc.rules) * 1:21538 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound payload request (malware-cnc.rules) * 1:21476 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent YZF (malware-cnc.rules) * 1:21548 <-> DISABLED <-> MALWARE-CNC Cutwail landing page connection (malware-cnc.rules) * 1:21551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kahn variant outbound connection (malware-cnc.rules) * 1:21552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kahn variant outbound connection (malware-cnc.rules) * 1:21563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules) * 1:21565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules) * 1:21547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:21564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules) * 1:21562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bredolab variant outbound connection (malware-cnc.rules) * 1:21593 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules) * 1:21622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Georbot variant outbound connection (malware-cnc.rules) * 1:21631 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinowal javascript delivery method (malware-cnc.rules) * 1:21591 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent Gamevance tl_v (malware-cnc.rules) * 1:21636 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent gbot (malware-cnc.rules) * 1:21638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aluereon TDSS infection variant outbound connection (malware-cnc.rules) * 1:21639 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent mus - TDSS related (malware-cnc.rules) * 1:21632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules) * 1:21756 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules) * 1:21757 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules) * 1:21758 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules) * 1:21755 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules) * 1:21761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:19628 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /1cup/script.php (malware-cnc.rules) * 1:19175 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent wget 3.0 (malware-cnc.rules) * 1:19626 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /setup_b.asp?prj= (malware-cnc.rules) * 1:19635 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /app/?prj= (malware-cnc.rules) * 1:19633 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/tasks.php?uid= (malware-cnc.rules) * 1:19627 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /r_autoidcnt.asp?mer_seq= (malware-cnc.rules) * 1:19631 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - AnSSip= (malware-cnc.rules) * 1:19638 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /kx4.txt (malware-cnc.rules) * 1:21852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orsam variant outbound connection (malware-cnc.rules) * 1:19657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant traffic (malware-cnc.rules) * 1:21877 <-> DISABLED <-> MALWARE-CNC Apple OSX.Sabpub variant outbound connection (malware-cnc.rules) * 1:19632 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/adduser.php?uid= (malware-cnc.rules) * 1:19636 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /blog/images/3521.jpg?v (malware-cnc.rules) * 1:19703 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dusta.br outbound connnection (malware-cnc.rules) * 1:19704 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (malware-cnc.rules) * 1:19637 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /install.asp?mac= (malware-cnc.rules) * 1:19658 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MCnovogic.A variant outbound connection (malware-cnc.rules) * 1:19702 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zboter.E variant outbound connection (malware-cnc.rules) * 1:21760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:21911 <-> DISABLED <-> MALWARE-CNC Aldi variant outbound connection C&C checkin (malware-cnc.rules) * 1:16823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FlyStudio known command and control channel traffic (malware-cnc.rules) * 1:16833 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:17816 <-> DISABLED <-> MALWARE-CNC Thinkpoint fake antivirus - credit card submission (malware-cnc.rules) * 1:18247 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ErrCode - W32/Fujacks.htm (malware-cnc.rules) * 1:21912 <-> DISABLED <-> MALWARE-CNC Aldi bot variant outbound connection user-agent (malware-cnc.rules) * 1:21925 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent BOT/0.1 (malware-cnc.rules) * 1:16828 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16832 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:17815 <-> DISABLED <-> MALWARE-CNC Thinkpoint fake antivirus - user display (malware-cnc.rules) * 1:21910 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware user-agent (malware-cnc.rules) * 1:21946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (malware-cnc.rules) * 1:17234 <-> DISABLED <-> MALWARE-CNC VBMania mass mailing worm activity (malware-cnc.rules) * 1:16827 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16826 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16924 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /inst.php?fff= (malware-cnc.rules) * 1:16824 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16810 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:17235 <-> DISABLED <-> MALWARE-CNC VBMania mass mailing worm download (malware-cnc.rules) * 1:21965 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VB WININET (malware-cnc.rules) * 1:21983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BamCompiled variant outbound connection (malware-cnc.rules) * 1:19706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cer variant outbound connection (malware-cnc.rules) * 1:19711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules) * 1:19722 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poshtroper variant outbound connection (malware-cnc.rules) * 1:19730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KukuBot variant outbound connection (malware-cnc.rules) * 1:19723 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pherbot variant outbound connection (malware-cnc.rules) * 1:19732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Idicaf variant outbound connection (malware-cnc.rules) * 1:19712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:19761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftpharvxqq variant outbound connection (malware-cnc.rules) * 1:19767 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msposer.A variant outbound connection (malware-cnc.rules) * 1:19756 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Opera/8.89 - P2P-Worm.Win32.Palevo.ddm (malware-cnc.rules) * 1:19731 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkwebot variant outbound connection (malware-cnc.rules) * 1:19770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (malware-cnc.rules) * 1:21945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (malware-cnc.rules) * 1:22033 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware variant outbound connection (malware-cnc.rules) * 1:19769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos outbound indicator (malware-cnc.rules) * 1:19778 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /games/java_trust.php?f= (malware-cnc.rules) * 1:22034 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware variant outbound connection (malware-cnc.rules) * 1:22047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jokbot variant outbound connection (malware-cnc.rules) * 1:19765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:21984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BamCompiled variant inbound updates (malware-cnc.rules) * 1:22054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prorat variant outbound connection (malware-cnc.rules) * 1:22058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules) * 1:22048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus P2P outbound connection (malware-cnc.rules) * 1:22060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fepgul variant outbound connection (malware-cnc.rules) * 1:22099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Piroxcc variant outbound connection (malware-cnc.rules) * 1:22100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Midhos variant outbound connection (malware-cnc.rules) * 1:22059 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:22937 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxyier variant outbound connection (malware-cnc.rules) * 1:22939 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent RAbcLib (malware-cnc.rules) * 1:23019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Flame malware (malware-cnc.rules) * 1:22103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coswid.klk variant outbound connection (malware-cnc.rules) * 1:23103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik variant outbound connection (malware-cnc.rules) * 1:23104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:23109 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lolbot variant outbound connection (malware-cnc.rules) * 1:23057 <-> DISABLED <-> MALWARE-CNC Flame malware connection - /view.php (malware-cnc.rules) * 1:23244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules) * 1:23245 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:23254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf.CL variant outbound connection (malware-cnc.rules) * 1:23242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.boxg connect to cnc server (malware-cnc.rules) * 1:23262 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:23307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper connect to server (malware-cnc.rules) * 1:23332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dishigy variant outbound connection (malware-cnc.rules) * 1:23261 <-> DISABLED <-> MALWARE-CNC known command and control traffic - Pushbot (malware-cnc.rules) * 1:23335 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:23342 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:23382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyEye variant outbound connection (malware-cnc.rules) * 1:23334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader initial C&C checkin (malware-cnc.rules) * 1:23394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbvoleur.a variant outbound connection (malware-cnc.rules) * 1:23467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mazben file download (malware-cnc.rules) * 1:23473 <-> DISABLED <-> MALWARE-CNC URI request for runforestrun - JS.Runfore (malware-cnc.rules) * 1:23391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hioles.C variant outbound connection (malware-cnc.rules) * 1:23600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue outbound connection (malware-cnc.rules) * 1:23635 <-> DISABLED <-> MALWARE-CNC Gozi trojan checkin (malware-cnc.rules) * 1:23615 <-> DISABLED <-> MALWARE-CNC ACAD.Medre.A variant outbound connection (malware-cnc.rules) * 1:23492 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules) * 1:23633 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kegotip variant report to cnc-server (malware-cnc.rules) * 1:23903 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - you (malware-cnc.rules) * 1:23627 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - PoisonIvy RAT (malware-cnc.rules) * 1:23628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pincav variant outbound connection (malware-cnc.rules) * 1:23893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DistTrack command and control traffic (malware-cnc.rules) * 1:23946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor file download (malware-cnc.rules) * 1:23778 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik variant outbound connection (malware-cnc.rules) * 1:23824 <-> DISABLED <-> MALWARE-CNC Gauss malware check-in (malware-cnc.rules) * 1:23945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor variant outbound connection (malware-cnc.rules) * 1:23987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik.Kazy variant outbound connection (malware-cnc.rules) * 1:23938 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ibabyfa.dldr variant outbound connection (malware-cnc.rules) * 1:23942 <-> DISABLED <-> MALWARE-CNC Win.Trojan.C0D0SO0 variant outbound traffic (malware-cnc.rules) * 1:23972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:23978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hostposer variant outbound connection (malware-cnc.rules) * 1:23968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crisis variant outbound connection (malware-cnc.rules) * 1:23493 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules) * 1:24111 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Post (malware-cnc.rules) * 1:24169 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:24185 <-> DISABLED <-> MALWARE-CNC Win.Work.Rokiwobi inbound command from C&C (malware-cnc.rules) * 1:24062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hufysk variant outbound connection (malware-cnc.rules) * 1:24214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seveto variant outbound connection (malware-cnc.rules) * 1:24215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:24216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Biloky variant outbound connection (malware-cnc.rules) * 1:24211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xamtrav update protocol connection (malware-cnc.rules) * 1:24224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules) * 1:24235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wuwo initial infection variant outbound connection (malware-cnc.rules) * 1:24236 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wuwo post infection variant outbound connection (malware-cnc.rules) * 1:24217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules) * 1:24375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules) * 1:24381 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules) * 1:24382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules) * 1:24361 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi.Prinimalka variant outbound connection (malware-cnc.rules) * 1:24440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chiviper variant outbound connection (malware-cnc.rules) * 1:24441 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Testing (malware-cnc.rules) * 1:24442 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alerter COM (malware-cnc.rules) * 1:24439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Encriyoko variant outbound connection (malware-cnc.rules) * 1:24491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo redirection landing page pre-infection (malware-cnc.rules) * 1:24492 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24493 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24482 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chif variant outbound connection (malware-cnc.rules) * 1:24496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24495 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24504 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules) * 1:24514 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lucuis variant outbound connection (malware-cnc.rules) * 1:19705 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (malware-cnc.rules) * 1:24531 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scondatie.A variant outbound connection (malware-cnc.rules) * 1:24532 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scondatie.A inbound connection (malware-cnc.rules) * 1:24533 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:24523 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MautoitRAT variant outbound connection (malware-cnc.rules) * 1:24563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Veli variant outbound connection (malware-cnc.rules) * 1:24566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules) * 1:24568 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Mozilla/00 (malware-cnc.rules) * 1:24534 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules) * 1:24630 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Klovbot variant outbound connection (malware-cnc.rules) * 1:24631 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Lizard/1.0 (malware-cnc.rules) * 1:24632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VaccinePC variant outbound connection (malware-cnc.rules) * 1:24575 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Opera/9.61 (malware-cnc.rules) * 1:24634 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - vaccinepc (malware-cnc.rules) * 1:24858 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quarian variant outbound connection - proxy connection (malware-cnc.rules) * 1:24873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gnutler variant outbound connection (malware-cnc.rules) * 1:24633 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - test_hInternet (malware-cnc.rules) * 1:24886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant outbound connection (malware-cnc.rules) * 1:25007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wealwedst variant outbound connection (malware-cnc.rules) * 1:25009 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules) * 1:24885 <-> DISABLED <-> MALWARE-CNC Potential Banking Trojan Config File Download (malware-cnc.rules) * 1:25011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules) * 1:25016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules) * 1:25021 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Azbreg variant outbound connection (malware-cnc.rules) * 1:25010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules) * 1:25023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:25024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:25025 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Recslurp variant outbound connection (malware-cnc.rules) * 1:25022 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato variant outbound connection (malware-cnc.rules) * 1:25027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Opachki variant connect to cnc-server (malware-cnc.rules) * 1:19429 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy Win.Trojan.Dosenjo.C variant outbound connection (malware-cnc.rules) * 1:19353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.bkhu variant outbound connection (malware-cnc.rules) * 1:25026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Juasek variant outbound connection (malware-cnc.rules) * 1:19351 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Clicker Win.Trojan.Hatigh.C variant outbound connection (malware-cnc.rules) * 1:19490 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koceg.B variant outbound connection (malware-cnc.rules) * 1:19435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmus.203 variant outbound connection (malware-cnc.rules) * 1:19357 <-> DISABLED <-> MALWARE-CNC Win.Worm.Sohanad.ila variant outbound connection (malware-cnc.rules) * 1:19358 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XYTvn.A variant outbound connection (malware-cnc.rules) * 1:19590 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Savnut.B variant outbound connection (malware-cnc.rules) * 1:19493 <-> DISABLED <-> MALWARE-CNC URI request for known malicious uri config.ini on 3322.org domain (malware-cnc.rules) * 1:19480 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string STORMDDOS - Backdoor.Win32.Inject.ctt (malware-cnc.rules) * 1:19482 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ErrorFix (malware-cnc.rules) * 1:19623 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - vic.aspx?ver= (malware-cnc.rules) * 1:19622 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - pte.aspx?ver= (malware-cnc.rules) * 1:19579 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Potao.A variant outbound connection (malware-cnc.rules) * 1:19589 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string MacProtector (malware-cnc.rules) * 1:16496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.hacktool variant outbound connection (malware-cnc.rules) * 1:16527 <-> DISABLED <-> MALWARE-CNC Zbot malware config file download request (malware-cnc.rules) * 1:18388 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RookIE/1.0 (malware-cnc.rules) * 1:16493 <-> DISABLED <-> MALWARE-CNC TT-bot botnet variant outbound connection (malware-cnc.rules) * 1:16528 <-> DISABLED <-> MALWARE-CNC Zbot malware config file download request (malware-cnc.rules) * 1:16670 <-> DISABLED <-> MALWARE-CNC Koobface worm executable download (malware-cnc.rules) * 1:16526 <-> DISABLED <-> MALWARE-CNC VanBot IRC communication (malware-cnc.rules) * 1:16497 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Tear Application (malware-cnc.rules) * 1:16695 <-> DISABLED <-> MALWARE-CNC Rogue AV download/update (malware-cnc.rules) * 1:16820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (malware-cnc.rules) * 1:16669 <-> DISABLED <-> MALWARE-CNC Spyeye bot variant outbound connection (malware-cnc.rules) * 1:16551 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - malware (malware-cnc.rules) * 1:16822 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:18458 <-> DISABLED <-> MALWARE-CNC Night Dragon initial beacon (malware-cnc.rules) * 1:16817 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16816 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:19348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.FraudLoad.emq variant outbound connection (malware-cnc.rules) * 1:18715 <-> DISABLED <-> MALWARE-CNC Ozdok botnet communication with C&C server (malware-cnc.rules) * 1:18459 <-> DISABLED <-> MALWARE-CNC Night Dragon keepalive message (malware-cnc.rules) * 1:19625 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - .sys.php?getexe= (malware-cnc.rules) * 1:18353 <-> DISABLED <-> MALWARE-CNC User-Agent request for known PUA user agent - SelectRebates (malware-cnc.rules) * 1:25109 <-> DISABLED <-> MALWARE-CNC Autoit.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25230 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkkomet variant outbound connection (malware-cnc.rules) * 1:25240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Menti variant inbound connection (malware-cnc.rules) * 1:25257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Skintrim variant outbound connection (malware-cnc.rules) * 1:25269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules) * 1:25394 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/nt/th (malware-cnc.rules) * 1:25244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:25477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25398 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/ms/flush (malware-cnc.rules) * 1:25533 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - al (malware-cnc.rules) * 1:19016 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19019 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19017 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Httpbot.qdc variant outbound connection (malware-cnc.rules) * 1:19055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gosik.A registration (malware-cnc.rules) * 1:18939 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:19047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - RCleanT (malware-cnc.rules) * 1:19038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jzzer.A variant outbound connection (malware-cnc.rules) * 1:19058 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Faketube update request (malware-cnc.rules) * 1:19018 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19057 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (malware-cnc.rules) * 1:19164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyEye variant outbound connection (malware-cnc.rules) * 1:19328 <-> DISABLED <-> MALWARE-CNC PointGuide variant outbound connection (malware-cnc.rules) * 1:19053 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Nusump.A variant outbound connection (malware-cnc.rules) * 1:19165 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Microsoft Internet Explorer (malware-cnc.rules) * 1:19339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper Win.Trojan.Agent.alda variant outbound connection (malware-cnc.rules) * 1:19347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poison.banr variant outbound connection (malware-cnc.rules) * 1:19056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (malware-cnc.rules) * 1:10070 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:25050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:25074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:25099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Daws variant outbound connection (malware-cnc.rules) * 1:25108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy.Agent variant outbound connection (malware-cnc.rules) * 1:25229 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkkomet variant inbound connection (malware-cnc.rules) * 1:25239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules) * 1:25243 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - 04/XP (malware-cnc.rules) * 1:25256 <-> DISABLED <-> MALWARE-CNC Win.Worm.Gamarue variant outbound connection (malware-cnc.rules) * 1:25268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules) * 1:25372 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - wh (malware-cnc.rules) * 1:25397 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/ms/check (malware-cnc.rules) * 1:25448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Jinch variant outbound connection (malware-cnc.rules) * 1:25476 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules) * 1:25511 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:25532 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:6366 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - eAnthMngr (malware-cnc.rules) * 1:5907 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - check update (malware-other.rules) * 1:6363 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAcc (malware-cnc.rules) * 1:7135 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - IEP (malware-cnc.rules) * 1:6274 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Stubby (malware-cnc.rules) * 1:5909 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - redirect affiliate site request 2 (malware-other.rules) * 1:5978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TM_SEARCH3 (malware-cnc.rules) * 1:6341 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spedia (malware-cnc.rules) * 1:5986 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TeomaBar (malware-cnc.rules) * 1:25093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hacktool variant outbound connection (malware-cnc.rules) * 1:6270 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyBrowser (malware-cnc.rules) * 1:6198 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SQTR_VERIFY (malware-cnc.rules) * 1:55281 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zegost-9753424-0 download attempt (malware-other.rules) * 1:7195 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - shprrprt-cs- (malware-cnc.rules) * 1:10077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:55879 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9770611-0 download attempt (malware-other.rules) * 1:55926 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant outbound connection (malware-cnc.rules) * 1:55914 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9773470-0 download attempt (malware-other.rules) * 1:55928 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant script download attempt (malware-cnc.rules) * 1:55927 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant script download attempt (malware-cnc.rules) * 1:55894 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9771891-0 download attempt (malware-other.rules) * 1:55875 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bdld-9770176-0 download attempt (malware-other.rules) * 1:55909 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773289-0 download attempt (malware-other.rules) * 1:55891 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Kovter-9771867-0 download attempt (malware-other.rules) * 1:55907 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9773294-0 download attempt (malware-other.rules) * 1:55908 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9773294-0 download attempt (malware-other.rules) * 1:55902 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9772681-0 download attempt (malware-other.rules) * 1:55881 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9770992-0 download attempt (malware-other.rules) * 1:55912 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773282-0 download attempt (malware-other.rules) * 1:55883 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Cutwail-9771166-0 download attempt (malware-other.rules) * 1:55874 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9770097-0 download attempt (malware-other.rules) * 1:55880 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9770611-0 download attempt (malware-other.rules) * 1:55892 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Kovter-9771867-0 download attempt (malware-other.rules) * 1:55921 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 1:55898 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakesysdef-9772554-0 download attempt (malware-other.rules) * 1:55901 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9772681-0 download attempt (malware-other.rules) * 1:55872 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9770089-0 download attempt (malware-other.rules) * 1:55895 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9772275-0 download attempt (malware-other.rules) * 1:55890 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Browsefox-9771664-0 download attempt (malware-other.rules) * 1:55884 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Cutwail-9771166-0 download attempt (malware-other.rules) * 1:55863 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ursnif-9769699-0 download attempt (malware-other.rules) * 1:55916 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Neobar-9773833-0 download attempt (malware-other.rules) * 1:55905 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9773106-0 download attempt (malware-other.rules) * 1:55870 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9769987-0 download attempt (malware-other.rules) * 1:55871 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9770089-0 download attempt (malware-other.rules) * 1:55865 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Bulz-9769773-0 download attempt (malware-other.rules) * 1:55886 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9771263-0 download attempt (malware-other.rules) * 1:55920 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 1:55873 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9770097-0 download attempt (malware-other.rules) * 1:55918 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 1:55877 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Drolnux-9770173-0 download attempt (malware-other.rules) * 1:55904 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Sdyn-9772921-0 download attempt (malware-other.rules) * 1:55876 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bdld-9770176-0 download attempt (malware-other.rules) * 1:55906 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9773106-0 download attempt (malware-other.rules) * 1:55922 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender privilege escalation attempt (os-windows.rules) * 1:55903 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Sdyn-9772921-0 download attempt (malware-other.rules) * 1:55888 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9771413-0 download attempt (malware-other.rules) * 1:55919 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 1:55882 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9770992-0 download attempt (malware-other.rules) * 1:55923 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender privilege escalation attempt (os-windows.rules) * 1:55899 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9772677-0 download attempt (malware-other.rules) * 1:55913 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9773470-0 download attempt (malware-other.rules) * 1:55893 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9771891-0 download attempt (malware-other.rules) * 1:55878 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Drolnux-9770173-0 download attempt (malware-other.rules) * 1:55885 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9771263-0 download attempt (malware-other.rules) * 1:55887 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9771413-0 download attempt (malware-other.rules) * 1:55864 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ursnif-9769699-0 download attempt (malware-other.rules) * 1:55869 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9769987-0 download attempt (malware-other.rules) * 1:55915 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Neobar-9773833-0 download attempt (malware-other.rules) * 1:55910 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773289-0 download attempt (malware-other.rules) * 1:55889 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Browsefox-9771664-0 download attempt (malware-other.rules) * 1:55900 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9772677-0 download attempt (malware-other.rules) * 1:55896 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9772275-0 download attempt (malware-other.rules) * 1:55866 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Bulz-9769773-0 download attempt (malware-other.rules) * 1:55897 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakesysdef-9772554-0 download attempt (malware-other.rules) * 1:55867 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agzz8qk-9769774-0 download attempt (malware-other.rules) * 1:55868 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agzz8qk-9769774-0 download attempt (malware-other.rules) * 1:55911 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773282-0 download attempt (malware-other.rules) * 3:55924 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55917 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1159 attack attempt (server-webapp.rules) * 3:55925 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules)
* 1:5808 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules) * 1:8357 <-> DISABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection - send alert out through email (malware-other.rules) * 1:8355 <-> ENABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection (malware-other.rules) * 1:25077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Halnine variant outbound connection (malware-cnc.rules) * 1:7572 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - DigExt (malware-cnc.rules) * 1:9329 <-> DISABLED <-> MALWARE-CNC yarner.b smtp propagation detection (malware-cnc.rules) * 1:25070 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules) * 1:10069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:6354 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ProxyDown (malware-cnc.rules) * 1:9420 <-> DISABLED <-> MALWARE-OTHER korgo attempt (malware-other.rules) * 1:9419 <-> DISABLED <-> MALWARE-OTHER sasser attempt (malware-other.rules) * 1:10113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm command and control propagation detected (malware-cnc.rules) * 1:25546 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy.Agent variant outbound connection (malware-cnc.rules) * 1:10179 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - BysooTB (malware-cnc.rules) * 1:5857 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWebSearchSearchAssistance (malware-cnc.rules) * 1:10114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm command and control propagation detected (malware-cnc.rules) * 1:5900 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Async HTTP Agent (malware-cnc.rules) * 1:5824 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Strip-Player (malware-cnc.rules) * 1:7540 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - http protocol (malware-cnc.rules) * 1:8356 <-> DISABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection - send log out through email (malware-other.rules) * 1:5880 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - smtp delivery (malware-other.rules) * 1:5838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EI (malware-cnc.rules) * 1:7587 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - URLBlaze (malware-cnc.rules) * 1:7832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Navhelper (malware-cnc.rules) * 1:5882 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - alert notification (malware-other.rules) * 1:11313 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spy-Locked (malware-cnc.rules) * 1:5774 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - FSW (malware-cnc.rules) * 1:7582 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pcast Live (malware-cnc.rules) * 1:11308 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpyDawn (malware-cnc.rules) * 1:5909 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - redirect affiliate site request 2 (malware-other.rules) * 1:10068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:7145 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - adfsgecoiwnf (malware-cnc.rules) * 1:5907 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - check update (malware-other.rules) * 1:10403 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duntek Checkin GET Request (malware-cnc.rules) * 1:25073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lowzone variant outbound connection (malware-cnc.rules) * 1:25100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Njrat variant outbound connection (malware-cnc.rules) * 1:25119 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - NewBrandTest (malware-cnc.rules) * 1:25231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetTrash variant outbound connection (malware-cnc.rules) * 1:25245 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - me0hoi (malware-cnc.rules) * 1:25258 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast variant outbound connection (malware-cnc.rules) * 1:25271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules) * 1:25395 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/nt/sk (malware-cnc.rules) * 1:25399 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/win/wcx (malware-cnc.rules) * 1:25470 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LoDo variant outbound connection (malware-cnc.rules) * 1:25503 <-> DISABLED <-> MALWARE-CNC Necurs Rootkit sba.cgi (malware-cnc.rules) * 1:25530 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sigly variant outbound connection (malware-cnc.rules) * 1:10076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:9418 <-> DISABLED <-> MALWARE-CNC bagle.a http notification detection (malware-cnc.rules) * 1:5881 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - ftp delivery (malware-other.rules) * 1:5800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWay (malware-cnc.rules) * 1:6366 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - eAnthMngr (malware-cnc.rules) * 1:25071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Macnsed variant outbound connection (malware-cnc.rules) * 1:10071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:25504 <-> DISABLED <-> MALWARE-CNC Necurs Rootkit op.cgi (malware-cnc.rules) * 1:25543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.VB variant outbound connection (malware-cnc.rules) * 1:25531 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25544 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ctwopop (malware-cnc.rules) * 1:25511 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:25532 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:5901 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - AdTools (malware-cnc.rules) * 1:6363 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAcc (malware-cnc.rules) * 1:6274 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Stubby (malware-cnc.rules) * 1:25075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules) * 1:7135 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - IEP (malware-cnc.rules) * 1:7187 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules) * 1:7511 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ed2k edonkey2000 runtime detection (malware-cnc.rules) * 1:10066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:5954 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Browser Pal (malware-cnc.rules) * 1:5970 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Feat2 Updater (malware-cnc.rules) * 1:6362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MGS-Internal-Web-Manager (malware-cnc.rules) * 1:55281 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zegost-9753424-0 download attempt (malware-other.rules) * 1:7195 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - shprrprt-cs- (malware-cnc.rules) * 1:25076 <-> DISABLED <-> MALWARE-CNC Win.Worm.Joanap variant variant outbound connection (malware-cnc.rules) * 1:25049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik.Kolilks variant outbound connection (malware-cnc.rules) * 1:6357 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Need2Find (malware-cnc.rules) * 1:7116 <-> DISABLED <-> MALWARE-CNC y3k 1.2 variant outbound connection icq notification (malware-cnc.rules) * 1:6186 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpywareStrike (malware-cnc.rules) * 1:6364 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - iMeshBar (malware-cnc.rules) * 1:5986 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TeomaBar (malware-cnc.rules) * 1:25545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Printlove variant outbound connection (malware-cnc.rules) * 1:25098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Daws variant outbound connection (malware-cnc.rules) * 1:5908 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - redirect affiliate site request 1 (malware-other.rules) * 1:6270 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyBrowser (malware-cnc.rules) * 1:6198 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SQTR_VERIFY (malware-cnc.rules) * 1:5978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TM_SEARCH3 (malware-cnc.rules) * 1:5955 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Popup Stopper (malware-cnc.rules) * 1:25054 <-> DISABLED <-> MALWARE-CNC ZeroAccess Clickserver callback (malware-cnc.rules) * 1:16459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.command and control communication (malware-cnc.rules) * 1:16484 <-> DISABLED <-> MALWARE-CNC Koobface variant outbound connection (malware-cnc.rules) * 1:16485 <-> DISABLED <-> MALWARE-CNC Koobface request for captcha (malware-cnc.rules) * 1:16489 <-> DISABLED <-> MALWARE-CNC Bobax botnet variant outbound connection (malware-cnc.rules) * 1:16493 <-> DISABLED <-> MALWARE-CNC TT-bot botnet variant outbound connection (malware-cnc.rules) * 1:16496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.hacktool variant outbound connection (malware-cnc.rules) * 1:16497 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Tear Application (malware-cnc.rules) * 1:16526 <-> DISABLED <-> MALWARE-CNC VanBot IRC communication (malware-cnc.rules) * 1:16527 <-> DISABLED <-> MALWARE-CNC Zbot malware config file download request (malware-cnc.rules) * 1:16528 <-> DISABLED <-> MALWARE-CNC Zbot malware config file download request (malware-cnc.rules) * 1:16551 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - malware (malware-cnc.rules) * 1:16669 <-> DISABLED <-> MALWARE-CNC Spyeye bot variant outbound connection (malware-cnc.rules) * 1:16670 <-> DISABLED <-> MALWARE-CNC Koobface worm executable download (malware-cnc.rules) * 1:16695 <-> DISABLED <-> MALWARE-CNC Rogue AV download/update (malware-cnc.rules) * 1:16809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FraudPack variant outbound connection (malware-cnc.rules) * 1:16810 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16811 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16812 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16816 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16817 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (malware-cnc.rules) * 1:16822 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FlyStudio known command and control channel traffic (malware-cnc.rules) * 1:16824 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16826 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16827 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16828 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16832 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16833 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16924 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /inst.php?fff= (malware-cnc.rules) * 1:17234 <-> DISABLED <-> MALWARE-CNC VBMania mass mailing worm activity (malware-cnc.rules) * 1:17235 <-> DISABLED <-> MALWARE-CNC VBMania mass mailing worm download (malware-cnc.rules) * 1:17815 <-> DISABLED <-> MALWARE-CNC Thinkpoint fake antivirus - user display (malware-cnc.rules) * 1:17816 <-> DISABLED <-> MALWARE-CNC Thinkpoint fake antivirus - credit card submission (malware-cnc.rules) * 1:18247 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ErrCode - W32/Fujacks.htm (malware-cnc.rules) * 1:18353 <-> DISABLED <-> MALWARE-CNC User-Agent request for known PUA user agent - SelectRebates (malware-cnc.rules) * 1:18388 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RookIE/1.0 (malware-cnc.rules) * 1:18458 <-> DISABLED <-> MALWARE-CNC Night Dragon initial beacon (malware-cnc.rules) * 1:18459 <-> DISABLED <-> MALWARE-CNC Night Dragon keepalive message (malware-cnc.rules) * 1:18715 <-> DISABLED <-> MALWARE-CNC Ozdok botnet communication with C&C server (malware-cnc.rules) * 1:18934 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (Coreflood -- malware-cnc.rules) * 1:18939 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:19016 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19017 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19018 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19019 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jzzer.A variant outbound connection (malware-cnc.rules) * 1:19047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - RCleanT (malware-cnc.rules) * 1:19052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Httpbot.qdc variant outbound connection (malware-cnc.rules) * 1:19053 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Nusump.A variant outbound connection (malware-cnc.rules) * 1:19055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gosik.A registration (malware-cnc.rules) * 1:19056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (malware-cnc.rules) * 1:19057 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (malware-cnc.rules) * 1:19058 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Faketube update request (malware-cnc.rules) * 1:19164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyEye variant outbound connection (malware-cnc.rules) * 1:19165 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Microsoft Internet Explorer (malware-cnc.rules) * 1:19175 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent wget 3.0 (malware-cnc.rules) * 1:19328 <-> DISABLED <-> MALWARE-CNC PointGuide variant outbound connection (malware-cnc.rules) * 1:10077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:19339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper Win.Trojan.Agent.alda variant outbound connection (malware-cnc.rules) * 1:19347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poison.banr variant outbound connection (malware-cnc.rules) * 1:19348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.FraudLoad.emq variant outbound connection (malware-cnc.rules) * 1:19351 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Clicker Win.Trojan.Hatigh.C variant outbound connection (malware-cnc.rules) * 1:19353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.bkhu variant outbound connection (malware-cnc.rules) * 1:19357 <-> DISABLED <-> MALWARE-CNC Win.Worm.Sohanad.ila variant outbound connection (malware-cnc.rules) * 1:19358 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XYTvn.A variant outbound connection (malware-cnc.rules) * 1:19429 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy Win.Trojan.Dosenjo.C variant outbound connection (malware-cnc.rules) * 1:19435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmus.203 variant outbound connection (malware-cnc.rules) * 1:19480 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string STORMDDOS - Backdoor.Win32.Inject.ctt (malware-cnc.rules) * 1:19482 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ErrorFix (malware-cnc.rules) * 1:19490 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koceg.B variant outbound connection (malware-cnc.rules) * 1:19493 <-> DISABLED <-> MALWARE-CNC URI request for known malicious uri config.ini on 3322.org domain (malware-cnc.rules) * 1:19579 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Potao.A variant outbound connection (malware-cnc.rules) * 1:19589 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string MacProtector (malware-cnc.rules) * 1:19590 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Savnut.B variant outbound connection (malware-cnc.rules) * 1:19622 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - pte.aspx?ver= (malware-cnc.rules) * 1:19623 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - vic.aspx?ver= (malware-cnc.rules) * 1:19625 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - .sys.php?getexe= (malware-cnc.rules) * 1:19626 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /setup_b.asp?prj= (malware-cnc.rules) * 1:19627 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /r_autoidcnt.asp?mer_seq= (malware-cnc.rules) * 1:19628 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /1cup/script.php (malware-cnc.rules) * 1:19631 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - AnSSip= (malware-cnc.rules) * 1:25109 <-> DISABLED <-> MALWARE-CNC Autoit.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:19632 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/adduser.php?uid= (malware-cnc.rules) * 1:25230 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkkomet variant outbound connection (malware-cnc.rules) * 1:25257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Skintrim variant outbound connection (malware-cnc.rules) * 1:25072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dulom variant outbound connection (malware-cnc.rules) * 1:25240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Menti variant inbound connection (malware-cnc.rules) * 1:25269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules) * 1:25465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:25244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25394 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/nt/th (malware-cnc.rules) * 1:25477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:19633 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/tasks.php?uid= (malware-cnc.rules) * 1:19635 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /app/?prj= (malware-cnc.rules) * 1:25398 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/ms/flush (malware-cnc.rules) * 1:25529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25533 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - al (malware-cnc.rules) * 1:19636 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /blog/images/3521.jpg?v (malware-cnc.rules) * 1:19637 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /install.asp?mac= (malware-cnc.rules) * 1:19638 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /kx4.txt (malware-cnc.rules) * 1:19657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant traffic (malware-cnc.rules) * 1:19658 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MCnovogic.A variant outbound connection (malware-cnc.rules) * 1:19702 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zboter.E variant outbound connection (malware-cnc.rules) * 1:19703 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dusta.br outbound connnection (malware-cnc.rules) * 1:19704 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (malware-cnc.rules) * 1:19705 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (malware-cnc.rules) * 1:19706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cer variant outbound connection (malware-cnc.rules) * 1:19711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules) * 1:19712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:19722 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poshtroper variant outbound connection (malware-cnc.rules) * 1:19723 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pherbot variant outbound connection (malware-cnc.rules) * 1:19730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KukuBot variant outbound connection (malware-cnc.rules) * 1:19731 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkwebot variant outbound connection (malware-cnc.rules) * 1:19732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Idicaf variant outbound connection (malware-cnc.rules) * 1:19756 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Opera/8.89 - P2P-Worm.Win32.Palevo.ddm (malware-cnc.rules) * 1:19761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftpharvxqq variant outbound connection (malware-cnc.rules) * 1:19765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:19767 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msposer.A variant outbound connection (malware-cnc.rules) * 1:19769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos outbound indicator (malware-cnc.rules) * 1:19770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (malware-cnc.rules) * 1:19771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (malware-cnc.rules) * 1:19778 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /games/java_trust.php?f= (malware-cnc.rules) * 1:19801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules) * 1:19864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nvbpass variant outbound connection (malware-cnc.rules) * 1:19882 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /160.rar - Win32/Morto.A (malware-cnc.rules) * 1:19912 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DelfInject.gen!X variant outbound connection (malware-cnc.rules) * 1:19913 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - optima/index.php (malware-cnc.rules) * 1:19964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:19995 <-> DISABLED <-> MALWARE-CNC Waledac variant outbound connection (malware-cnc.rules) * 1:20009 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string Baby Remote - Win32/Babmote.A (malware-cnc.rules) * 1:20011 <-> DISABLED <-> MALWARE-CNC Briewots.A runtime traffic detected (malware-cnc.rules) * 1:20012 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string feranet/0.4 - Win32/Ferabsa.A (malware-cnc.rules) * 1:20080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi.A variant outbound connection (malware-cnc.rules) * 1:20081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Yakes.cbi variant outbound connection (malware-cnc.rules) * 1:20099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xtrat.A variant outbound connection (malware-cnc.rules) * 1:20104 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - InfoBot (malware-cnc.rules) * 1:20105 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - IPHONE (malware-cnc.rules) * 1:20106 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - darkness (malware-cnc.rules) * 1:20201 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - meterpreter (malware-cnc.rules) * 1:20202 <-> DISABLED <-> MALWARE-CNC Apple OSX.Revir-1 variant outbound connection (malware-cnc.rules) * 1:20213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:20221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules) * 1:20228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant outbound connection (malware-cnc.rules) * 1:20229 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jinchodz variant outbound connection (malware-cnc.rules) * 1:20230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 0pera 10 (malware-cnc.rules) * 1:20231 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozilla//4.0 (malware-cnc.rules) * 1:20232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cycbot variant outbound connection (malware-cnc.rules) * 1:20280 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:20281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:20293 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MBVDFRESCT (malware-cnc.rules) * 1:20527 <-> DISABLED <-> MALWARE-CNC Sirefef initial C&C connection variant outbound connection (malware-cnc.rules) * 1:20754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut-3 variant outbound connection (malware-cnc.rules) * 1:20755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Krap variant outbound connection (malware-cnc.rules) * 1:20756 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules) * 1:20759 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gbot.oce variant outbound connection (malware-cnc.rules) * 1:20762 <-> DISABLED <-> MALWARE-CNC MacOS.Flashback.A variant outbound connection (malware-cnc.rules) * 1:20763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye-206 variant outbound connection (malware-cnc.rules) * 1:20837 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mecklow.C runtime traffic detected (malware-cnc.rules) * 1:20927 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye-207 variant outbound connection (malware-cnc.rules) * 1:21047 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Sykipot C&C (malware-cnc.rules) * 1:21175 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Win32 Amti (malware-cnc.rules) * 1:21188 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string API Guide test program (malware-cnc.rules) * 1:21206 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Aldi Bot (malware-cnc.rules) * 1:21208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RShot.brw variant outbound connection (malware-cnc.rules) * 1:21225 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Flag (malware-cnc.rules) * 1:21230 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Betad variant outbound connection (malware-cnc.rules) * 1:21239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:21240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater variant outbound connection (malware-cnc.rules) * 1:21241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater initial variant outbound connection (malware-cnc.rules) * 1:21242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater variant outbound connection (malware-cnc.rules) * 1:21257 <-> DISABLED <-> MALWARE-CNC URI - known scanner tool muieblackcat (malware-cnc.rules) * 1:21269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cycbot variant outbound connection (malware-cnc.rules) * 1:21278 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Google Bot (malware-cnc.rules) * 1:21306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye variant outbound connectivity check (malware-cnc.rules) * 1:21311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules) * 1:21313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules) * 1:21318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV TDSS/PurpleHaze variant outbound connection - base64 encoded (malware-cnc.rules) * 1:21327 <-> DISABLED <-> MALWARE-CNC User-Agent ASafaWeb Scan (malware-cnc.rules) * 1:21380 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - QvodDown (malware-cnc.rules) * 1:21418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FareIt variant outbound connection (malware-cnc.rules) * 1:21426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:21427 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules) * 1:21428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Generic-24 variant outbound connection (malware-cnc.rules) * 1:21430 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BeeOne runtime traffic detected (malware-cnc.rules) * 1:21434 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mentor variant outbound connection (malware-cnc.rules) * 1:21435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mentor inbound connection - post infection (malware-cnc.rules) * 1:21436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Startpage variant outbound connection (malware-cnc.rules) * 1:21440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Murofet variant outbound connection (malware-cnc.rules) * 1:21441 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules) * 1:21455 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string psi (malware-cnc.rules) * 1:21469 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 1234567890 (malware-cnc.rules) * 1:21475 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string core-project (malware-cnc.rules) * 1:21476 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent YZF (malware-cnc.rules) * 1:21525 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:21526 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent TCYWinHTTPDownload (malware-cnc.rules) * 1:21538 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound payload request (malware-cnc.rules) * 1:21547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:21548 <-> DISABLED <-> MALWARE-CNC Cutwail landing page connection (malware-cnc.rules) * 1:21551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kahn variant outbound connection (malware-cnc.rules) * 1:21552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kahn variant outbound connection (malware-cnc.rules) * 1:21562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bredolab variant outbound connection (malware-cnc.rules) * 1:21563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules) * 1:21564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules) * 1:21565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules) * 1:21591 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent Gamevance tl_v (malware-cnc.rules) * 1:21593 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules) * 1:21622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Georbot variant outbound connection (malware-cnc.rules) * 1:21631 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinowal javascript delivery method (malware-cnc.rules) * 1:21632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules) * 1:21636 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent gbot (malware-cnc.rules) * 1:21638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aluereon TDSS infection variant outbound connection (malware-cnc.rules) * 1:21639 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent mus - TDSS related (malware-cnc.rules) * 1:21755 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules) * 1:21756 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules) * 1:21757 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules) * 1:21758 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules) * 1:21760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:21761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:21852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orsam variant outbound connection (malware-cnc.rules) * 1:21877 <-> DISABLED <-> MALWARE-CNC Apple OSX.Sabpub variant outbound connection (malware-cnc.rules) * 1:21910 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware user-agent (malware-cnc.rules) * 1:21911 <-> DISABLED <-> MALWARE-CNC Aldi variant outbound connection C&C checkin (malware-cnc.rules) * 1:21912 <-> DISABLED <-> MALWARE-CNC Aldi bot variant outbound connection user-agent (malware-cnc.rules) * 1:21925 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent BOT/0.1 (malware-cnc.rules) * 1:21945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (malware-cnc.rules) * 1:21946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (malware-cnc.rules) * 1:21965 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VB WININET (malware-cnc.rules) * 1:21983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BamCompiled variant outbound connection (malware-cnc.rules) * 1:21984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BamCompiled variant inbound updates (malware-cnc.rules) * 1:22033 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware variant outbound connection (malware-cnc.rules) * 1:22034 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware variant outbound connection (malware-cnc.rules) * 1:22047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jokbot variant outbound connection (malware-cnc.rules) * 1:22048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus P2P outbound connection (malware-cnc.rules) * 1:22054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prorat variant outbound connection (malware-cnc.rules) * 1:22058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules) * 1:22059 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:22060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fepgul variant outbound connection (malware-cnc.rules) * 1:22099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Piroxcc variant outbound connection (malware-cnc.rules) * 1:22100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Midhos variant outbound connection (malware-cnc.rules) * 1:22103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coswid.klk variant outbound connection (malware-cnc.rules) * 1:22937 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxyier variant outbound connection (malware-cnc.rules) * 1:22939 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent RAbcLib (malware-cnc.rules) * 1:23019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Flame malware (malware-cnc.rules) * 1:23057 <-> DISABLED <-> MALWARE-CNC Flame malware connection - /view.php (malware-cnc.rules) * 1:23103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik variant outbound connection (malware-cnc.rules) * 1:23104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:23109 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lolbot variant outbound connection (malware-cnc.rules) * 1:23242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.boxg connect to cnc server (malware-cnc.rules) * 1:23244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules) * 1:23245 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:23254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf.CL variant outbound connection (malware-cnc.rules) * 1:23261 <-> DISABLED <-> MALWARE-CNC known command and control traffic - Pushbot (malware-cnc.rules) * 1:23262 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:23307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper connect to server (malware-cnc.rules) * 1:23332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dishigy variant outbound connection (malware-cnc.rules) * 1:23334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader initial C&C checkin (malware-cnc.rules) * 1:23335 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:23342 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:23382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyEye variant outbound connection (malware-cnc.rules) * 1:23391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hioles.C variant outbound connection (malware-cnc.rules) * 1:23394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbvoleur.a variant outbound connection (malware-cnc.rules) * 1:23467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mazben file download (malware-cnc.rules) * 1:23473 <-> DISABLED <-> MALWARE-CNC URI request for runforestrun - JS.Runfore (malware-cnc.rules) * 1:23492 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules) * 1:23493 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules) * 1:23600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue outbound connection (malware-cnc.rules) * 1:23615 <-> DISABLED <-> MALWARE-CNC ACAD.Medre.A variant outbound connection (malware-cnc.rules) * 1:23627 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - PoisonIvy RAT (malware-cnc.rules) * 1:23628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pincav variant outbound connection (malware-cnc.rules) * 1:23633 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kegotip variant report to cnc-server (malware-cnc.rules) * 1:23635 <-> DISABLED <-> MALWARE-CNC Gozi trojan checkin (malware-cnc.rules) * 1:23778 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik variant outbound connection (malware-cnc.rules) * 1:23824 <-> DISABLED <-> MALWARE-CNC Gauss malware check-in (malware-cnc.rules) * 1:23893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DistTrack command and control traffic (malware-cnc.rules) * 1:23903 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - you (malware-cnc.rules) * 1:23938 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ibabyfa.dldr variant outbound connection (malware-cnc.rules) * 1:23942 <-> DISABLED <-> MALWARE-CNC Win.Trojan.C0D0SO0 variant outbound traffic (malware-cnc.rules) * 1:23945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor variant outbound connection (malware-cnc.rules) * 1:23946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor file download (malware-cnc.rules) * 1:23968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crisis variant outbound connection (malware-cnc.rules) * 1:23972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:23978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hostposer variant outbound connection (malware-cnc.rules) * 1:23987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik.Kazy variant outbound connection (malware-cnc.rules) * 1:24062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hufysk variant outbound connection (malware-cnc.rules) * 1:24111 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Post (malware-cnc.rules) * 1:10074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:25050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:10065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10070 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:24169 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:24185 <-> DISABLED <-> MALWARE-CNC Win.Work.Rokiwobi inbound command from C&C (malware-cnc.rules) * 1:24211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xamtrav update protocol connection (malware-cnc.rules) * 1:24214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seveto variant outbound connection (malware-cnc.rules) * 1:24215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:24216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Biloky variant outbound connection (malware-cnc.rules) * 1:24217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules) * 1:24224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules) * 1:24235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wuwo initial infection variant outbound connection (malware-cnc.rules) * 1:24236 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wuwo post infection variant outbound connection (malware-cnc.rules) * 1:24361 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi.Prinimalka variant outbound connection (malware-cnc.rules) * 1:24375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules) * 1:24381 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules) * 1:24382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules) * 1:24439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Encriyoko variant outbound connection (malware-cnc.rules) * 1:24440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chiviper variant outbound connection (malware-cnc.rules) * 1:24441 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Testing (malware-cnc.rules) * 1:24442 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alerter COM (malware-cnc.rules) * 1:24482 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chif variant outbound connection (malware-cnc.rules) * 1:24491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo redirection landing page pre-infection (malware-cnc.rules) * 1:24492 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24493 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24495 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24504 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules) * 1:24514 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lucuis variant outbound connection (malware-cnc.rules) * 1:24523 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MautoitRAT variant outbound connection (malware-cnc.rules) * 1:24531 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scondatie.A variant outbound connection (malware-cnc.rules) * 1:25107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25237 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Firelog variant outbound connection (malware-cnc.rules) * 1:25242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duapz variant outbound connection (malware-cnc.rules) * 1:25249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Basutra variant outbound connection (malware-cnc.rules) * 1:25224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess URI and Referer (malware-cnc.rules) * 1:25371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ruskill variant outbound connection (malware-cnc.rules) * 1:25396 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/dllhost/ac (malware-cnc.rules) * 1:25400 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/win/cab (malware-cnc.rules) * 1:25259 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BancosBanload variant outbound connection (malware-cnc.rules) * 1:25471 <-> DISABLED <-> MALWARE-CNC Pushdo Spiral Traffic (malware-cnc.rules) * 1:15553 <-> DISABLED <-> MALWARE-CNC Sality virus HTTP GET request (malware-cnc.rules) * 1:15165 <-> DISABLED <-> MALWARE-CNC Pushdo client communication (malware-cnc.rules) * 1:15481 <-> DISABLED <-> MALWARE-CNC Zeus/Zbot malware config file download request (malware-cnc.rules) * 1:15730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules) * 1:15563 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.server connection (malware-cnc.rules) * 1:15564 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.file download (malware-cnc.rules) * 1:15565 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.file download (malware-cnc.rules) * 1:16269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.tdss.1.gen install-time detection - findzproportal1.com (malware-cnc.rules) * 1:15938 <-> DISABLED <-> MALWARE-CNC SubSeven client connection to server (malware-cnc.rules) * 1:16144 <-> DISABLED <-> MALWARE-CNC Bredolab bot variant outbound connection (malware-cnc.rules) * 1:16268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.tdss.1.gen install-time detection - yournewsblog.net (malware-cnc.rules) * 1:16391 <-> DISABLED <-> MALWARE-CNC Gozi Win.Trojan.connection to C&C (malware-cnc.rules) * 1:16289 <-> DISABLED <-> MALWARE-CNC Clob bot traffic (malware-cnc.rules) * 1:16362 <-> DISABLED <-> MALWARE-CNC SpyForms malware call home (malware-cnc.rules) * 1:16368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hydraq variant outbound connection (malware-cnc.rules) * 1:6281 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - istsvc (malware-cnc.rules) * 1:24532 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scondatie.A inbound connection (malware-cnc.rules) * 1:24533 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:6491 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - snprtzdialno (malware-cnc.rules) * 1:7537 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Arrow Search (malware-cnc.rules) * 1:10072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:25093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hacktool variant outbound connection (malware-cnc.rules) * 1:5770 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Casino (malware-cnc.rules) * 1:55862 <-> ENABLED <-> SERVER-WEBAPP Microsoft SharePoint EntityInstanceIdEncoder remote code execution attempt (server-webapp.rules) * 1:5913 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - My Agent (malware-cnc.rules) * 1:5760 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - OSSProxy (malware-cnc.rules) * 1:6197 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - smrtshpr-cs (malware-cnc.rules) * 1:6394 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - CodeguruBrowser (malware-cnc.rules) * 1:24534 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules) * 1:24563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Veli variant outbound connection (malware-cnc.rules) * 1:24566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules) * 1:24568 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Mozilla/00 (malware-cnc.rules) * 1:24575 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Opera/9.61 (malware-cnc.rules) * 1:24630 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Klovbot variant outbound connection (malware-cnc.rules) * 1:24631 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Lizard/1.0 (malware-cnc.rules) * 1:24632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VaccinePC variant outbound connection (malware-cnc.rules) * 1:24633 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - test_hInternet (malware-cnc.rules) * 1:24634 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - vaccinepc (malware-cnc.rules) * 1:24858 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quarian variant outbound connection - proxy connection (malware-cnc.rules) * 1:24873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gnutler variant outbound connection (malware-cnc.rules) * 1:24885 <-> DISABLED <-> MALWARE-CNC Potential Banking Trojan Config File Download (malware-cnc.rules) * 1:24886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant outbound connection (malware-cnc.rules) * 1:25007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wealwedst variant outbound connection (malware-cnc.rules) * 1:25009 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules) * 1:25010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules) * 1:25011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules) * 1:5805 <-> DISABLED <-> MALWARE-OTHER Trackware myway speedbar runtime detection - switch engines (malware-other.rules) * 1:25016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules) * 1:25021 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Azbreg variant outbound connection (malware-cnc.rules) * 1:25022 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato variant outbound connection (malware-cnc.rules) * 1:25023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:25024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:25025 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Recslurp variant outbound connection (malware-cnc.rules) * 1:25026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Juasek variant outbound connection (malware-cnc.rules) * 1:25027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Opachki variant connect to cnc-server (malware-cnc.rules) * 1:25028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peed variant outbound connection (malware-cnc.rules) * 1:25029 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nevsyn variant outbound connection (malware-cnc.rules) * 1:6341 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spedia (malware-cnc.rules) * 1:25074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:25099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Daws variant outbound connection (malware-cnc.rules) * 1:25108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy.Agent variant outbound connection (malware-cnc.rules) * 1:25229 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkkomet variant inbound connection (malware-cnc.rules) * 1:25239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules) * 1:25243 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - 04/XP (malware-cnc.rules) * 1:25256 <-> DISABLED <-> MALWARE-CNC Win.Worm.Gamarue variant outbound connection (malware-cnc.rules) * 1:25268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules) * 1:25372 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - wh (malware-cnc.rules) * 1:25397 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/ms/check (malware-cnc.rules) * 1:25448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Jinch variant outbound connection (malware-cnc.rules) * 1:25476 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:55908 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9773294-0 download attempt (snort3-malware-other.rules) * 1:55927 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant script download attempt (snort3-malware-cnc.rules) * 1:55903 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Sdyn-9772921-0 download attempt (snort3-malware-other.rules) * 1:55869 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9769987-0 download attempt (snort3-malware-other.rules) * 1:55923 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender privilege escalation attempt (snort3-os-windows.rules) * 1:55889 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Browsefox-9771664-0 download attempt (snort3-malware-other.rules) * 1:55896 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9772275-0 download attempt (snort3-malware-other.rules) * 1:55887 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9771413-0 download attempt (snort3-malware-other.rules) * 1:55863 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ursnif-9769699-0 download attempt (snort3-malware-other.rules) * 1:55918 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (snort3-server-webapp.rules) * 1:55926 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant outbound connection (snort3-malware-cnc.rules) * 1:55919 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (snort3-server-webapp.rules) * 1:55867 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agzz8qk-9769774-0 download attempt (snort3-malware-other.rules) * 1:55907 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9773294-0 download attempt (snort3-malware-other.rules) * 1:55870 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9769987-0 download attempt (snort3-malware-other.rules) * 1:55904 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Sdyn-9772921-0 download attempt (snort3-malware-other.rules) * 1:55913 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9773470-0 download attempt (snort3-malware-other.rules) * 1:55891 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Kovter-9771867-0 download attempt (snort3-malware-other.rules) * 1:55880 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9770611-0 download attempt (snort3-malware-other.rules) * 1:55902 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9772681-0 download attempt (snort3-malware-other.rules) * 1:55914 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9773470-0 download attempt (snort3-malware-other.rules) * 1:55910 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773289-0 download attempt (snort3-malware-other.rules) * 1:55892 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Kovter-9771867-0 download attempt (snort3-malware-other.rules) * 1:55866 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Bulz-9769773-0 download attempt (snort3-malware-other.rules) * 1:55928 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant script download attempt (snort3-malware-cnc.rules) * 1:55876 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bdld-9770176-0 download attempt (snort3-malware-other.rules) * 1:55883 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Cutwail-9771166-0 download attempt (snort3-malware-other.rules) * 1:55888 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9771413-0 download attempt (snort3-malware-other.rules) * 1:55872 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9770089-0 download attempt (snort3-malware-other.rules) * 1:55909 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773289-0 download attempt (snort3-malware-other.rules) * 1:55879 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9770611-0 download attempt (snort3-malware-other.rules) * 1:55901 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9772681-0 download attempt (snort3-malware-other.rules) * 1:55922 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender privilege escalation attempt (snort3-os-windows.rules) * 1:55912 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773282-0 download attempt (snort3-malware-other.rules) * 1:55881 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9770992-0 download attempt (snort3-malware-other.rules) * 1:55884 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Cutwail-9771166-0 download attempt (snort3-malware-other.rules) * 1:55898 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakesysdef-9772554-0 download attempt (snort3-malware-other.rules) * 1:55894 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9771891-0 download attempt (snort3-malware-other.rules) * 1:55906 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9773106-0 download attempt (snort3-malware-other.rules) * 1:55865 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Bulz-9769773-0 download attempt (snort3-malware-other.rules) * 1:55916 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Neobar-9773833-0 download attempt (snort3-malware-other.rules) * 1:55873 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9770097-0 download attempt (snort3-malware-other.rules) * 1:55877 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Drolnux-9770173-0 download attempt (snort3-malware-other.rules) * 1:55900 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9772677-0 download attempt (snort3-malware-other.rules) * 1:55878 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Drolnux-9770173-0 download attempt (snort3-malware-other.rules) * 1:55899 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9772677-0 download attempt (snort3-malware-other.rules) * 1:55882 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9770992-0 download attempt (snort3-malware-other.rules) * 1:55911 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773282-0 download attempt (snort3-malware-other.rules) * 1:55864 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ursnif-9769699-0 download attempt (snort3-malware-other.rules) * 1:55874 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9770097-0 download attempt (snort3-malware-other.rules) * 1:55895 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9772275-0 download attempt (snort3-malware-other.rules) * 1:55920 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (snort3-server-webapp.rules) * 1:55871 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9770089-0 download attempt (snort3-malware-other.rules) * 1:55905 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9773106-0 download attempt (snort3-malware-other.rules) * 1:55875 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bdld-9770176-0 download attempt (snort3-malware-other.rules) * 1:55885 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9771263-0 download attempt (snort3-malware-other.rules) * 1:55921 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (snort3-server-webapp.rules) * 1:55868 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agzz8qk-9769774-0 download attempt (snort3-malware-other.rules) * 1:55886 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9771263-0 download attempt (snort3-malware-other.rules) * 1:55890 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Browsefox-9771664-0 download attempt (snort3-malware-other.rules) * 1:55893 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9771891-0 download attempt (snort3-malware-other.rules) * 1:55897 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakesysdef-9772554-0 download attempt (snort3-malware-other.rules) * 1:55915 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Neobar-9773833-0 download attempt (snort3-malware-other.rules)
* 1:16489 <-> DISABLED <-> MALWARE-CNC Bobax botnet variant outbound connection (snort3-malware-cnc.rules) * 1:5805 <-> DISABLED <-> MALWARE-OTHER Trackware myway speedbar runtime detection - switch engines (snort3-malware-other.rules) * 1:16493 <-> DISABLED <-> MALWARE-CNC TT-bot botnet variant outbound connection (snort3-malware-cnc.rules) * 1:16485 <-> DISABLED <-> MALWARE-CNC Koobface request for captcha (snort3-malware-cnc.rules) * 1:16527 <-> DISABLED <-> MALWARE-CNC Zbot malware config file download request (snort3-malware-cnc.rules) * 1:16528 <-> DISABLED <-> MALWARE-CNC Zbot malware config file download request (snort3-malware-cnc.rules) * 1:16497 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Tear Application (snort3-malware-cnc.rules) * 1:16670 <-> DISABLED <-> MALWARE-CNC Koobface worm executable download (snort3-malware-cnc.rules) * 1:16695 <-> DISABLED <-> MALWARE-CNC Rogue AV download/update (snort3-malware-cnc.rules) * 1:16484 <-> DISABLED <-> MALWARE-CNC Koobface variant outbound connection (snort3-malware-cnc.rules) * 1:16669 <-> DISABLED <-> MALWARE-CNC Spyeye bot variant outbound connection (snort3-malware-cnc.rules) * 1:16496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.hacktool variant outbound connection (snort3-malware-cnc.rules) * 1:5900 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Async HTTP Agent (snort3-malware-cnc.rules) * 1:16551 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - malware (snort3-malware-cnc.rules) * 1:16809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FraudPack variant outbound connection (snort3-malware-cnc.rules) * 1:16828 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (snort3-malware-cnc.rules) * 1:16832 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (snort3-malware-cnc.rules) * 1:16811 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (snort3-malware-cnc.rules) * 1:17816 <-> DISABLED <-> MALWARE-CNC Thinkpoint fake antivirus - credit card submission (snort3-malware-cnc.rules) * 1:18247 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ErrCode - W32/Fujacks.htm (snort3-malware-cnc.rules) * 1:17815 <-> DISABLED <-> MALWARE-CNC Thinkpoint fake antivirus - user display (snort3-malware-cnc.rules) * 1:18458 <-> DISABLED <-> MALWARE-CNC Night Dragon initial beacon (snort3-malware-cnc.rules) * 1:5857 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWebSearchSearchAssistance (snort3-malware-cnc.rules) * 1:18459 <-> DISABLED <-> MALWARE-CNC Night Dragon keepalive message (snort3-malware-cnc.rules) * 1:18388 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RookIE/1.0 (snort3-malware-cnc.rules) * 1:8356 <-> DISABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection - send log out through email (snort3-malware-other.rules) * 1:18939 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (snort3-malware-cnc.rules) * 1:19016 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (snort3-malware-cnc.rules) * 1:17235 <-> DISABLED <-> MALWARE-CNC VBMania mass mailing worm download (snort3-malware-cnc.rules) * 1:18934 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (Coreflood -- snort3-malware-cnc.rules) * 1:19019 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (snort3-malware-cnc.rules) * 1:19038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jzzer.A variant outbound connection (snort3-malware-cnc.rules) * 1:18353 <-> DISABLED <-> MALWARE-CNC User-Agent request for known PUA user agent - SelectRebates (snort3-malware-cnc.rules) * 1:19018 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (snort3-malware-cnc.rules) * 1:19053 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Nusump.A variant outbound connection (snort3-malware-cnc.rules) * 1:19055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gosik.A registration (snort3-malware-cnc.rules) * 1:18715 <-> DISABLED <-> MALWARE-CNC Ozdok botnet communication with C&C server (snort3-malware-cnc.rules) * 1:19052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Httpbot.qdc variant outbound connection (snort3-malware-cnc.rules) * 1:19058 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Faketube update request (snort3-malware-cnc.rules) * 1:19164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyEye variant outbound connection (snort3-malware-cnc.rules) * 1:19017 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (snort3-malware-cnc.rules) * 1:19057 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (snort3-malware-cnc.rules) * 1:19328 <-> DISABLED <-> MALWARE-CNC PointGuide variant outbound connection (snort3-malware-cnc.rules) * 1:5880 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - smtp delivery (snort3-malware-other.rules) * 1:7572 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - DigExt (snort3-malware-cnc.rules) * 1:19339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper Win.Trojan.Agent.alda variant outbound connection (snort3-malware-cnc.rules) * 1:19047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - RCleanT (snort3-malware-cnc.rules) * 1:19175 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent wget 3.0 (snort3-malware-cnc.rules) * 1:19351 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Clicker Win.Trojan.Hatigh.C variant outbound connection (snort3-malware-cnc.rules) * 1:19353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.bkhu variant outbound connection (snort3-malware-cnc.rules) * 1:7582 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pcast Live (snort3-malware-cnc.rules) * 1:19056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (snort3-malware-cnc.rules) * 1:19348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.FraudLoad.emq variant outbound connection (snort3-malware-cnc.rules) * 1:19429 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy Win.Trojan.Dosenjo.C variant outbound connection (snort3-malware-cnc.rules) * 1:19435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmus.203 variant outbound connection (snort3-malware-cnc.rules) * 1:19165 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Microsoft Internet Explorer (snort3-malware-cnc.rules) * 1:19358 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XYTvn.A variant outbound connection (snort3-malware-cnc.rules) * 1:19490 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koceg.B variant outbound connection (snort3-malware-cnc.rules) * 1:19493 <-> DISABLED <-> MALWARE-CNC URI request for known malicious uri config.ini on 3322.org domain (snort3-malware-cnc.rules) * 1:19347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poison.banr variant outbound connection (snort3-malware-cnc.rules) * 1:19482 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ErrorFix (snort3-malware-cnc.rules) * 1:19590 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Savnut.B variant outbound connection (snort3-malware-cnc.rules) * 1:19622 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - pte.aspx?ver= (snort3-malware-cnc.rules) * 1:19357 <-> DISABLED <-> MALWARE-CNC Win.Worm.Sohanad.ila variant outbound connection (snort3-malware-cnc.rules) * 1:19589 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string MacProtector (snort3-malware-cnc.rules) * 1:19626 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /setup_b.asp?prj= (snort3-malware-cnc.rules) * 1:19627 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /r_autoidcnt.asp?mer_seq= (snort3-malware-cnc.rules) * 1:19480 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string STORMDDOS - Backdoor.Win32.Inject.ctt (snort3-malware-cnc.rules) * 1:19625 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - .sys.php?getexe= (snort3-malware-cnc.rules) * 1:19632 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/adduser.php?uid= (snort3-malware-cnc.rules) * 1:19633 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/tasks.php?uid= (snort3-malware-cnc.rules) * 1:19579 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Potao.A variant outbound connection (snort3-malware-cnc.rules) * 1:7832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Navhelper (snort3-malware-cnc.rules) * 1:19631 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - AnSSip= (snort3-malware-cnc.rules) * 1:19637 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /install.asp?mac= (snort3-malware-cnc.rules) * 1:19638 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /kx4.txt (snort3-malware-cnc.rules) * 1:19623 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - vic.aspx?ver= (snort3-malware-cnc.rules) * 1:19636 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /blog/images/3521.jpg?v (snort3-malware-cnc.rules) * 1:19702 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zboter.E variant outbound connection (snort3-malware-cnc.rules) * 1:5882 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - alert notification (snort3-malware-other.rules) * 1:19703 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dusta.br outbound connnection (snort3-malware-cnc.rules) * 1:19628 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /1cup/script.php (snort3-malware-cnc.rules) * 1:5808 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (snort3-malware-cnc.rules) * 1:19658 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MCnovogic.A variant outbound connection (snort3-malware-cnc.rules) * 1:19706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cer variant outbound connection (snort3-malware-cnc.rules) * 1:19711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (snort3-malware-cnc.rules) * 1:7587 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - URLBlaze (snort3-malware-cnc.rules) * 1:19635 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /app/?prj= (snort3-malware-cnc.rules) * 1:19705 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (snort3-malware-cnc.rules) * 1:19723 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pherbot variant outbound connection (snort3-malware-cnc.rules) * 1:19730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KukuBot variant outbound connection (snort3-malware-cnc.rules) * 1:19657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant traffic (snort3-malware-cnc.rules) * 1:19722 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poshtroper variant outbound connection (snort3-malware-cnc.rules) * 1:19756 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Opera/8.89 - P2P-Worm.Win32.Palevo.ddm (snort3-malware-cnc.rules) * 1:19761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftpharvxqq variant outbound connection (snort3-malware-cnc.rules) * 1:19704 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (snort3-malware-cnc.rules) * 1:19732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Idicaf variant outbound connection (snort3-malware-cnc.rules) * 1:19769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos outbound indicator (snort3-malware-cnc.rules) * 1:19770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (snort3-malware-cnc.rules) * 1:19712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (snort3-malware-cnc.rules) * 1:5838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EI (snort3-malware-cnc.rules) * 1:19767 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msposer.A variant outbound connection (snort3-malware-cnc.rules) * 1:5881 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - ftp delivery (snort3-malware-other.rules) * 1:19801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (snort3-malware-cnc.rules) * 1:19864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nvbpass variant outbound connection (snort3-malware-cnc.rules) * 1:19731 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkwebot variant outbound connection (snort3-malware-cnc.rules) * 1:19778 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /games/java_trust.php?f= (snort3-malware-cnc.rules) * 1:5824 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Strip-Player (snort3-malware-cnc.rules) * 1:19913 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - optima/index.php (snort3-malware-cnc.rules) * 1:19964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (snort3-malware-cnc.rules) * 1:19765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (snort3-malware-cnc.rules) * 1:19912 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DelfInject.gen!X variant outbound connection (snort3-malware-cnc.rules) * 1:20011 <-> DISABLED <-> MALWARE-CNC Briewots.A runtime traffic detected (snort3-malware-cnc.rules) * 1:20012 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string feranet/0.4 - Win32/Ferabsa.A (snort3-malware-cnc.rules) * 1:19771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (snort3-malware-cnc.rules) * 1:20009 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string Baby Remote - Win32/Babmote.A (snort3-malware-cnc.rules) * 1:20099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xtrat.A variant outbound connection (snort3-malware-cnc.rules) * 1:20104 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - InfoBot (snort3-malware-cnc.rules) * 1:16817 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (snort3-malware-cnc.rules) * 1:19882 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /160.rar - Win32/Morto.A (snort3-malware-cnc.rules) * 1:20081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Yakes.cbi variant outbound connection (snort3-malware-cnc.rules) * 1:20201 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - meterpreter (snort3-malware-cnc.rules) * 1:20202 <-> DISABLED <-> MALWARE-CNC Apple OSX.Revir-1 variant outbound connection (snort3-malware-cnc.rules) * 1:25107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (snort3-malware-cnc.rules) * 1:25054 <-> DISABLED <-> MALWARE-CNC ZeroAccess Clickserver callback (snort3-malware-cnc.rules) * 1:6394 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - CodeguruBrowser (snort3-malware-cnc.rules) * 1:7511 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ed2k edonkey2000 runtime detection (snort3-malware-cnc.rules) * 1:25530 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:25075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (snort3-malware-cnc.rules) * 1:25545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Printlove variant outbound connection (snort3-malware-cnc.rules) * 1:6281 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - istsvc (snort3-malware-cnc.rules) * 1:10065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (snort3-malware-cnc.rules) * 1:7135 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - IEP (snort3-malware-cnc.rules) * 1:10076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (snort3-malware-cnc.rules) * 1:5978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TM_SEARCH3 (snort3-malware-cnc.rules) * 1:5907 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - check update (snort3-malware-other.rules) * 1:25242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duapz variant outbound connection (snort3-malware-cnc.rules) * 1:25541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sigly variant outbound connection (snort3-malware-cnc.rules) * 1:6197 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - smrtshpr-cs (snort3-malware-cnc.rules) * 1:25098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Daws variant outbound connection (snort3-malware-cnc.rules) * 1:25072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dulom variant outbound connection (snort3-malware-cnc.rules) * 1:25077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Halnine variant outbound connection (snort3-malware-cnc.rules) * 1:25231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (snort3-malware-cnc.rules) * 1:25546 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:7145 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - adfsgecoiwnf (snort3-malware-cnc.rules) * 1:25511 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (snort3-malware-cnc.rules) * 1:6364 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - iMeshBar (snort3-malware-cnc.rules) * 1:25100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Njrat variant outbound connection (snort3-malware-cnc.rules) * 1:25071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Macnsed variant outbound connection (snort3-malware-cnc.rules) * 1:25237 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Firelog variant outbound connection (snort3-malware-cnc.rules) * 1:24632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VaccinePC variant outbound connection (snort3-malware-cnc.rules) * 1:25544 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ctwopop (snort3-malware-cnc.rules) * 1:10066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (snort3-malware-cnc.rules) * 1:16812 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (snort3-malware-cnc.rules) * 1:5908 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - redirect affiliate site request 1 (snort3-malware-other.rules) * 1:5970 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Feat2 Updater (snort3-malware-cnc.rules) * 1:22060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fepgul variant outbound connection (snort3-malware-cnc.rules) * 1:6362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MGS-Internal-Web-Manager (snort3-malware-cnc.rules) * 1:25476 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (snort3-malware-cnc.rules) * 1:25229 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkkomet variant inbound connection (snort3-malware-cnc.rules) * 1:7537 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Arrow Search (snort3-malware-cnc.rules) * 1:25399 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/win/wcx (snort3-malware-cnc.rules) * 1:5800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWay (snort3-malware-cnc.rules) * 1:25477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:22059 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (snort3-malware-cnc.rules) * 1:25395 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/nt/sk (snort3-malware-cnc.rules) * 1:5760 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - OSSProxy (snort3-malware-cnc.rules) * 1:7116 <-> DISABLED <-> MALWARE-CNC y3k 1.2 variant outbound connection icq notification (snort3-malware-cnc.rules) * 1:10067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (snort3-malware-cnc.rules) * 1:25074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (snort3-malware-cnc.rules) * 1:22048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus P2P outbound connection (snort3-malware-cnc.rules) * 1:9419 <-> DISABLED <-> MALWARE-OTHER sasser attempt (snort3-malware-other.rules) * 1:25239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (snort3-malware-cnc.rules) * 1:5955 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Popup Stopper (snort3-malware-cnc.rules) * 1:19995 <-> DISABLED <-> MALWARE-CNC Waledac variant outbound connection (snort3-malware-cnc.rules) * 1:20106 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - darkness (snort3-malware-cnc.rules) * 1:20228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant outbound connection (snort3-malware-cnc.rules) * 1:20229 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jinchodz variant outbound connection (snort3-malware-cnc.rules) * 1:20080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi.A variant outbound connection (snort3-malware-cnc.rules) * 1:25023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (snort3-malware-cnc.rules) * 1:20221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (snort3-malware-cnc.rules) * 1:20232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cycbot variant outbound connection (snort3-malware-cnc.rules) * 1:20280 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (snort3-malware-cnc.rules) * 1:20105 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - IPHONE (snort3-malware-cnc.rules) * 1:20231 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozilla//4.0 (snort3-malware-cnc.rules) * 1:25028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peed variant outbound connection (snort3-malware-cnc.rules) * 1:20527 <-> DISABLED <-> MALWARE-CNC Sirefef initial C&C connection variant outbound connection (snort3-malware-cnc.rules) * 1:20754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut-3 variant outbound connection (snort3-malware-cnc.rules) * 1:20213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (snort3-malware-cnc.rules) * 1:16827 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (snort3-malware-cnc.rules) * 1:20293 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MBVDFRESCT (snort3-malware-cnc.rules) * 1:20759 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gbot.oce variant outbound connection (snort3-malware-cnc.rules) * 1:16823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FlyStudio known command and control channel traffic (snort3-malware-cnc.rules) * 1:20762 <-> DISABLED <-> MALWARE-CNC MacOS.Flashback.A variant outbound connection (snort3-malware-cnc.rules) * 1:10068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (snort3-malware-cnc.rules) * 1:20230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 0pera 10 (snort3-malware-cnc.rules) * 1:20756 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (snort3-malware-cnc.rules) * 1:20927 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye-207 variant outbound connection (snort3-malware-cnc.rules) * 1:21047 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Sykipot C&C (snort3-malware-cnc.rules) * 1:20281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (snort3-malware-cnc.rules) * 1:20837 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mecklow.C runtime traffic detected (snort3-malware-cnc.rules) * 1:21206 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Aldi Bot (snort3-malware-cnc.rules) * 1:21208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RShot.brw variant outbound connection (snort3-malware-cnc.rules) * 1:20755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Krap variant outbound connection (snort3-malware-cnc.rules) * 1:21188 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string API Guide test program (snort3-malware-cnc.rules) * 1:21239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (snort3-malware-cnc.rules) * 1:21240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater variant outbound connection (snort3-malware-cnc.rules) * 1:20763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye-206 variant outbound connection (snort3-malware-cnc.rules) * 1:21230 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Betad variant outbound connection (snort3-malware-cnc.rules) * 1:21257 <-> DISABLED <-> MALWARE-CNC URI - known scanner tool muieblackcat (snort3-malware-cnc.rules) * 1:21269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cycbot variant outbound connection (snort3-malware-cnc.rules) * 1:21175 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Win32 Amti (snort3-malware-cnc.rules) * 1:21242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater variant outbound connection (snort3-malware-cnc.rules) * 1:21311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (snort3-malware-cnc.rules) * 1:21313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (snort3-malware-cnc.rules) * 1:21225 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Flag (snort3-malware-cnc.rules) * 1:21306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye variant outbound connectivity check (snort3-malware-cnc.rules) * 1:21380 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - QvodDown (snort3-malware-cnc.rules) * 1:21418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FareIt variant outbound connection (snort3-malware-cnc.rules) * 1:21241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater initial variant outbound connection (snort3-malware-cnc.rules) * 1:21327 <-> DISABLED <-> MALWARE-CNC User-Agent ASafaWeb Scan (snort3-malware-cnc.rules) * 1:21428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Generic-24 variant outbound connection (snort3-malware-cnc.rules) * 1:21430 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BeeOne runtime traffic detected (snort3-malware-cnc.rules) * 1:21278 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Google Bot (snort3-malware-cnc.rules) * 1:21427 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (snort3-malware-cnc.rules) * 1:21436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Startpage variant outbound connection (snort3-malware-cnc.rules) * 1:21440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Murofet variant outbound connection (snort3-malware-cnc.rules) * 1:21318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV TDSS/PurpleHaze variant outbound connection - base64 encoded (snort3-malware-cnc.rules) * 1:21435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mentor inbound connection - post infection (snort3-malware-cnc.rules) * 1:21469 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 1234567890 (snort3-malware-cnc.rules) * 1:21475 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string core-project (snort3-malware-cnc.rules) * 1:21426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (snort3-malware-cnc.rules) * 1:21455 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string psi (snort3-malware-cnc.rules) * 1:21526 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent TCYWinHTTPDownload (snort3-malware-cnc.rules) * 1:21538 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound payload request (snort3-malware-cnc.rules) * 1:21434 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mentor variant outbound connection (snort3-malware-cnc.rules) * 1:21525 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (snort3-malware-cnc.rules) * 1:21551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kahn variant outbound connection (snort3-malware-cnc.rules) * 1:21552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kahn variant outbound connection (snort3-malware-cnc.rules) * 1:21441 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (snort3-malware-cnc.rules) * 1:21548 <-> DISABLED <-> MALWARE-CNC Cutwail landing page connection (snort3-malware-cnc.rules) * 1:21564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (snort3-malware-cnc.rules) * 1:21565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (snort3-malware-cnc.rules) * 1:21476 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent YZF (snort3-malware-cnc.rules) * 1:21563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (snort3-malware-cnc.rules) * 1:21622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Georbot variant outbound connection (snort3-malware-cnc.rules) * 1:21631 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinowal javascript delivery method (snort3-malware-cnc.rules) * 1:21547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (snort3-malware-cnc.rules) * 1:21593 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (snort3-malware-cnc.rules) * 1:21638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aluereon TDSS infection variant outbound connection (snort3-malware-cnc.rules) * 1:21639 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent mus - TDSS related (snort3-malware-cnc.rules) * 1:21562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bredolab variant outbound connection (snort3-malware-cnc.rules) * 1:21636 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent gbot (snort3-malware-cnc.rules) * 1:21757 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (snort3-malware-cnc.rules) * 1:21758 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (snort3-malware-cnc.rules) * 1:21591 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent Gamevance tl_v (snort3-malware-cnc.rules) * 1:21756 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (snort3-malware-cnc.rules) * 1:21852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orsam variant outbound connection (snort3-malware-cnc.rules) * 1:21877 <-> DISABLED <-> MALWARE-CNC Apple OSX.Sabpub variant outbound connection (snort3-malware-cnc.rules) * 1:21632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (snort3-malware-cnc.rules) * 1:21761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (snort3-malware-cnc.rules) * 1:21912 <-> DISABLED <-> MALWARE-CNC Aldi bot variant outbound connection user-agent (snort3-malware-cnc.rules) * 1:21925 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent BOT/0.1 (snort3-malware-cnc.rules) * 1:21755 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (snort3-malware-cnc.rules) * 1:21911 <-> DISABLED <-> MALWARE-CNC Aldi variant outbound connection C&C checkin (snort3-malware-cnc.rules) * 1:21965 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VB WININET (snort3-malware-cnc.rules) * 1:21983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BamCompiled variant outbound connection (snort3-malware-cnc.rules) * 1:21760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (snort3-malware-cnc.rules) * 1:21946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (snort3-malware-cnc.rules) * 1:22034 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware variant outbound connection (snort3-malware-cnc.rules) * 1:22047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jokbot variant outbound connection (snort3-malware-cnc.rules) * 1:21910 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware user-agent (snort3-malware-cnc.rules) * 1:22033 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware variant outbound connection (snort3-malware-cnc.rules) * 1:22937 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxyier variant outbound connection (snort3-malware-cnc.rules) * 1:22939 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent RAbcLib (snort3-malware-cnc.rules) * 1:21945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (snort3-malware-cnc.rules) * 1:22103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coswid.klk variant outbound connection (snort3-malware-cnc.rules) * 1:23103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik variant outbound connection (snort3-malware-cnc.rules) * 1:23104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (snort3-malware-cnc.rules) * 1:21984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BamCompiled variant inbound updates (snort3-malware-cnc.rules) * 1:23057 <-> DISABLED <-> MALWARE-CNC Flame malware connection - /view.php (snort3-malware-cnc.rules) * 1:23244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (snort3-malware-cnc.rules) * 1:23245 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (snort3-malware-cnc.rules) * 1:22100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Midhos variant outbound connection (snort3-malware-cnc.rules) * 1:23242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.boxg connect to cnc server (snort3-malware-cnc.rules) * 1:23262 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (snort3-malware-cnc.rules) * 1:23307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper connect to server (snort3-malware-cnc.rules) * 1:23019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Flame malware (snort3-malware-cnc.rules) * 1:23261 <-> DISABLED <-> MALWARE-CNC known command and control traffic - Pushbot (snort3-malware-cnc.rules) * 1:23335 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (snort3-malware-cnc.rules) * 1:23342 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:23109 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lolbot variant outbound connection (snort3-malware-cnc.rules) * 1:23334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader initial C&C checkin (snort3-malware-cnc.rules) * 1:23394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbvoleur.a variant outbound connection (snort3-malware-cnc.rules) * 1:23467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mazben file download (snort3-malware-cnc.rules) * 1:23254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf.CL variant outbound connection (snort3-malware-cnc.rules) * 1:23391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hioles.C variant outbound connection (snort3-malware-cnc.rules) * 1:23493 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (snort3-malware-cnc.rules) * 1:23600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue outbound connection (snort3-malware-cnc.rules) * 1:23332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dishigy variant outbound connection (snort3-malware-cnc.rules) * 1:23492 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (snort3-malware-cnc.rules) * 1:24236 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wuwo post infection variant outbound connection (snort3-malware-cnc.rules) * 1:24361 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi.Prinimalka variant outbound connection (snort3-malware-cnc.rules) * 1:23382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyEye variant outbound connection (snort3-malware-cnc.rules) * 1:23627 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - PoisonIvy RAT (snort3-malware-cnc.rules) * 1:24495 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (snort3-malware-cnc.rules) * 1:24439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Encriyoko variant outbound connection (snort3-malware-cnc.rules) * 1:25371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ruskill variant outbound connection (snort3-malware-cnc.rules) * 1:25076 <-> DISABLED <-> MALWARE-CNC Win.Worm.Joanap variant variant outbound connection (snort3-malware-cnc.rules) * 1:8355 <-> ENABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection (snort3-malware-other.rules) * 1:24491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo redirection landing page pre-infection (snort3-malware-cnc.rules) * 1:25099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Daws variant outbound connection (snort3-malware-cnc.rules) * 1:5770 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Casino (snort3-malware-cnc.rules) * 1:24381 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (snort3-malware-cnc.rules) * 1:6354 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ProxyDown (snort3-malware-cnc.rules) * 1:25024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (snort3-malware-cnc.rules) * 1:10071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (snort3-malware-cnc.rules) * 1:7540 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - http protocol (snort3-malware-cnc.rules) * 1:6270 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyBrowser (snort3-malware-cnc.rules) * 1:25543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.VB variant outbound connection (snort3-malware-cnc.rules) * 1:5954 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Browser Pal (snort3-malware-cnc.rules) * 1:25243 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - 04/XP (snort3-malware-cnc.rules) * 1:25533 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - al (snort3-malware-cnc.rules) * 1:25271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (snort3-malware-cnc.rules) * 1:6198 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SQTR_VERIFY (snort3-malware-cnc.rules) * 1:25465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (snort3-malware-cnc.rules) * 1:25256 <-> DISABLED <-> MALWARE-CNC Win.Worm.Gamarue variant outbound connection (snort3-malware-cnc.rules) * 1:6274 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Stubby (snort3-malware-cnc.rules) * 1:7187 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (snort3-malware-cnc.rules) * 1:25119 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - NewBrandTest (snort3-malware-cnc.rules) * 1:24215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (snort3-malware-cnc.rules) * 1:16459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.command and control communication (snort3-malware-cnc.rules) * 1:24492 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (snort3-malware-cnc.rules) * 1:23778 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik variant outbound connection (snort3-malware-cnc.rules) * 1:24440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chiviper variant outbound connection (snort3-malware-cnc.rules) * 1:24235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wuwo initial infection variant outbound connection (snort3-malware-cnc.rules) * 1:16822 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (snort3-malware-cnc.rules) * 1:5901 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - AdTools (snort3-malware-cnc.rules) * 1:25021 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Azbreg variant outbound connection (snort3-malware-cnc.rules) * 1:16526 <-> DISABLED <-> MALWARE-CNC VanBot IRC communication (snort3-malware-cnc.rules) * 1:10077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (snort3-malware-cnc.rules) * 1:24482 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chif variant outbound connection (snort3-malware-cnc.rules) * 1:16824 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (snort3-malware-cnc.rules) * 1:25259 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BancosBanload variant outbound connection (snort3-malware-cnc.rules) * 1:25396 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/dllhost/ac (snort3-malware-cnc.rules) * 1:25471 <-> DISABLED <-> MALWARE-CNC Pushdo Spiral Traffic (snort3-malware-cnc.rules) * 1:25027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Opachki variant connect to cnc-server (snort3-malware-cnc.rules) * 1:25398 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/ms/flush (snort3-malware-cnc.rules) * 1:6491 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - snprtzdialno (snort3-malware-cnc.rules) * 1:25093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hacktool variant outbound connection (snort3-malware-cnc.rules) * 1:25529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (snort3-malware-cnc.rules) * 1:6366 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - eAnthMngr (snort3-malware-cnc.rules) * 1:22054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prorat variant outbound connection (snort3-malware-cnc.rules) * 1:25244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (snort3-malware-cnc.rules) * 1:25240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Menti variant inbound connection (snort3-malware-cnc.rules) * 1:5774 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - FSW (snort3-malware-cnc.rules) * 1:25400 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/win/cab (snort3-malware-cnc.rules) * 1:25532 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:25269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (snort3-malware-cnc.rules) * 1:24382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (snort3-malware-cnc.rules) * 1:25109 <-> DISABLED <-> MALWARE-CNC Autoit.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:5909 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - redirect affiliate site request 2 (snort3-malware-other.rules) * 1:25241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetTrash variant outbound connection (snort3-malware-cnc.rules) * 1:9420 <-> DISABLED <-> MALWARE-OTHER korgo attempt (snort3-malware-other.rules) * 1:24496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (snort3-malware-cnc.rules) * 1:23473 <-> DISABLED <-> MALWARE-CNC URI request for runforestrun - JS.Runfore (snort3-malware-cnc.rules) * 1:24494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (snort3-malware-cnc.rules) * 1:24514 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lucuis variant outbound connection (snort3-malware-cnc.rules) * 1:24523 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MautoitRAT variant outbound connection (snort3-malware-cnc.rules) * 1:23615 <-> DISABLED <-> MALWARE-CNC ACAD.Medre.A variant outbound connection (snort3-malware-cnc.rules) * 1:24504 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (snort3-malware-cnc.rules) * 1:24533 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (snort3-malware-cnc.rules) * 1:24534 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (snort3-malware-cnc.rules) * 1:24493 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (snort3-malware-cnc.rules) * 1:24532 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scondatie.A inbound connection (snort3-malware-cnc.rules) * 1:24568 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Mozilla/00 (snort3-malware-cnc.rules) * 1:24575 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Opera/9.61 (snort3-malware-cnc.rules) * 1:24497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (snort3-malware-cnc.rules) * 1:24566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (snort3-malware-cnc.rules) * 1:24633 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - test_hInternet (snort3-malware-cnc.rules) * 1:24634 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - vaccinepc (snort3-malware-cnc.rules) * 1:24531 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scondatie.A variant outbound connection (snort3-malware-cnc.rules) * 1:24631 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Lizard/1.0 (snort3-malware-cnc.rules) * 1:24885 <-> DISABLED <-> MALWARE-CNC Potential Banking Trojan Config File Download (snort3-malware-cnc.rules) * 1:24886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant outbound connection (snort3-malware-cnc.rules) * 1:24563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Veli variant outbound connection (snort3-malware-cnc.rules) * 1:24873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gnutler variant outbound connection (snort3-malware-cnc.rules) * 1:25010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (snort3-malware-cnc.rules) * 1:25011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (snort3-malware-cnc.rules) * 1:24630 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Klovbot variant outbound connection (snort3-malware-cnc.rules) * 1:25009 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (snort3-malware-cnc.rules) * 1:24858 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quarian variant outbound connection - proxy connection (snort3-malware-cnc.rules) * 1:25007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wealwedst variant outbound connection (snort3-malware-cnc.rules) * 1:25026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Juasek variant outbound connection (snort3-malware-cnc.rules) * 1:8357 <-> DISABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection - send alert out through email (snort3-malware-other.rules) * 1:25022 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato variant outbound connection (snort3-malware-cnc.rules) * 1:23628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pincav variant outbound connection (snort3-malware-cnc.rules) * 1:16924 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /inst.php?fff= (snort3-malware-cnc.rules) * 1:24375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (snort3-malware-cnc.rules) * 1:23824 <-> DISABLED <-> MALWARE-CNC Gauss malware check-in (snort3-malware-cnc.rules) * 1:25050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (snort3-malware-cnc.rules) * 1:16833 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (snort3-malware-cnc.rules) * 1:23893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DistTrack command and control traffic (snort3-malware-cnc.rules) * 1:16810 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (snort3-malware-cnc.rules) * 1:23942 <-> DISABLED <-> MALWARE-CNC Win.Trojan.C0D0SO0 variant outbound traffic (snort3-malware-cnc.rules) * 1:25049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik.Kolilks variant outbound connection (snort3-malware-cnc.rules) * 1:9329 <-> DISABLED <-> MALWARE-CNC yarner.b smtp propagation detection (snort3-malware-cnc.rules) * 1:25016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (snort3-malware-cnc.rules) * 1:23972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (snort3-malware-cnc.rules) * 1:23968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crisis variant outbound connection (snort3-malware-cnc.rules) * 1:24111 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Post (snort3-malware-cnc.rules) * 1:24062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hufysk variant outbound connection (snort3-malware-cnc.rules) * 1:24214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seveto variant outbound connection (snort3-malware-cnc.rules) * 1:24211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xamtrav update protocol connection (snort3-malware-cnc.rules) * 1:23987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik.Kazy variant outbound connection (snort3-malware-cnc.rules) * 1:23946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor file download (snort3-malware-cnc.rules) * 1:24224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (snort3-malware-cnc.rules) * 1:24217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (snort3-malware-cnc.rules) * 1:24185 <-> DISABLED <-> MALWARE-CNC Win.Work.Rokiwobi inbound command from C&C (snort3-malware-cnc.rules) * 1:23978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hostposer variant outbound connection (snort3-malware-cnc.rules) * 1:24216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Biloky variant outbound connection (snort3-malware-cnc.rules) * 1:24169 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (snort3-malware-cnc.rules) * 1:10113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm command and control propagation detected (snort3-malware-cnc.rules) * 1:10073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (snort3-malware-cnc.rules) * 1:10114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm command and control propagation detected (snort3-malware-cnc.rules) * 1:10179 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - BysooTB (snort3-malware-cnc.rules) * 1:10403 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duntek Checkin GET Request (snort3-malware-cnc.rules) * 1:10075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (snort3-malware-cnc.rules) * 1:11308 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpyDawn (snort3-malware-cnc.rules) * 1:11313 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spy-Locked (snort3-malware-cnc.rules) * 1:15165 <-> DISABLED <-> MALWARE-CNC Pushdo client communication (snort3-malware-cnc.rules) * 1:15481 <-> DISABLED <-> MALWARE-CNC Zeus/Zbot malware config file download request (snort3-malware-cnc.rules) * 1:15553 <-> DISABLED <-> MALWARE-CNC Sality virus HTTP GET request (snort3-malware-cnc.rules) * 1:15563 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.server connection (snort3-malware-cnc.rules) * 1:15564 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.file download (snort3-malware-cnc.rules) * 1:15565 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.file download (snort3-malware-cnc.rules) * 1:15730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (snort3-malware-cnc.rules) * 1:15938 <-> DISABLED <-> MALWARE-CNC SubSeven client connection to server (snort3-malware-cnc.rules) * 1:16144 <-> DISABLED <-> MALWARE-CNC Bredolab bot variant outbound connection (snort3-malware-cnc.rules) * 1:16268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.tdss.1.gen install-time detection - yournewsblog.net (snort3-malware-cnc.rules) * 1:16269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.tdss.1.gen install-time detection - findzproportal1.com (snort3-malware-cnc.rules) * 1:16289 <-> DISABLED <-> MALWARE-CNC Clob bot traffic (snort3-malware-cnc.rules) * 1:16362 <-> DISABLED <-> MALWARE-CNC SpyForms malware call home (snort3-malware-cnc.rules) * 1:16368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hydraq variant outbound connection (snort3-malware-cnc.rules) * 1:16391 <-> DISABLED <-> MALWARE-CNC Gozi Win.Trojan.connection to C&C (snort3-malware-cnc.rules) * 1:10072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (snort3-malware-cnc.rules) * 1:25470 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LoDo variant outbound connection (snort3-malware-cnc.rules) * 1:25073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lowzone variant outbound connection (snort3-malware-cnc.rules) * 1:25108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:55862 <-> ENABLED <-> SERVER-WEBAPP Microsoft SharePoint EntityInstanceIdEncoder remote code execution attempt (snort3-server-webapp.rules) * 1:25268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (snort3-malware-cnc.rules) * 1:22058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (snort3-malware-cnc.rules) * 1:25397 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/ms/check (snort3-malware-cnc.rules) * 1:25448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Jinch variant outbound connection (snort3-malware-cnc.rules) * 1:6363 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAcc (snort3-malware-cnc.rules) * 1:25504 <-> DISABLED <-> MALWARE-CNC Necurs Rootkit op.cgi (snort3-malware-cnc.rules) * 1:25249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Basutra variant outbound connection (snort3-malware-cnc.rules) * 1:25257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Skintrim variant outbound connection (snort3-malware-cnc.rules) * 1:25394 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/nt/th (snort3-malware-cnc.rules) * 1:55281 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zegost-9753424-0 download attempt (snort3-malware-other.rules) * 1:6186 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpywareStrike (snort3-malware-cnc.rules) * 1:7195 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - shprrprt-cs- (snort3-malware-cnc.rules) * 1:25503 <-> DISABLED <-> MALWARE-CNC Necurs Rootkit sba.cgi (snort3-malware-cnc.rules) * 1:25245 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - me0hoi (snort3-malware-cnc.rules) * 1:25224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess URI and Referer (snort3-malware-cnc.rules) * 1:25372 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - wh (snort3-malware-cnc.rules) * 1:5913 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - My Agent (snort3-malware-cnc.rules) * 1:10069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (snort3-malware-cnc.rules) * 1:6341 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spedia (snort3-malware-cnc.rules) * 1:25531 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:6357 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Need2Find (snort3-malware-cnc.rules) * 1:25258 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast variant outbound connection (snort3-malware-cnc.rules) * 1:25230 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkkomet variant outbound connection (snort3-malware-cnc.rules) * 1:5986 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TeomaBar (snort3-malware-cnc.rules) * 1:10074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (snort3-malware-cnc.rules) * 1:23633 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kegotip variant report to cnc-server (snort3-malware-cnc.rules) * 1:23945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor variant outbound connection (snort3-malware-cnc.rules) * 1:16826 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (snort3-malware-cnc.rules) * 1:25070 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (snort3-malware-cnc.rules) * 1:16820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (snort3-malware-cnc.rules) * 1:24442 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alerter COM (snort3-malware-cnc.rules) * 1:16816 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (snort3-malware-cnc.rules) * 1:17234 <-> DISABLED <-> MALWARE-CNC VBMania mass mailing worm activity (snort3-malware-cnc.rules) * 1:24441 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Testing (snort3-malware-cnc.rules) * 1:9418 <-> DISABLED <-> MALWARE-CNC bagle.a http notification detection (snort3-malware-cnc.rules) * 1:23938 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ibabyfa.dldr variant outbound connection (snort3-malware-cnc.rules) * 1:25025 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Recslurp variant outbound connection (snort3-malware-cnc.rules) * 1:25030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nevsyn variant outbound connection (snort3-malware-cnc.rules) * 1:23903 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - you (snort3-malware-cnc.rules) * 1:23635 <-> DISABLED <-> MALWARE-CNC Gozi trojan checkin (snort3-malware-cnc.rules) * 1:22099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Piroxcc variant outbound connection (snort3-malware-cnc.rules) * 1:25029 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (snort3-malware-cnc.rules) * 1:10070 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (snort3-malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:55886 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9771263-0 download attempt (malware-other.rules) * 1:55900 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9772677-0 download attempt (malware-other.rules) * 1:55912 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773282-0 download attempt (malware-other.rules) * 1:55883 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Cutwail-9771166-0 download attempt (malware-other.rules) * 1:55882 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9770992-0 download attempt (malware-other.rules) * 1:55899 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9772677-0 download attempt (malware-other.rules) * 1:55877 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Drolnux-9770173-0 download attempt (malware-other.rules) * 1:55893 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9771891-0 download attempt (malware-other.rules) * 1:55863 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ursnif-9769699-0 download attempt (malware-other.rules) * 1:55870 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9769987-0 download attempt (malware-other.rules) * 1:55887 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9771413-0 download attempt (malware-other.rules) * 1:55916 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Neobar-9773833-0 download attempt (malware-other.rules) * 1:55885 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9771263-0 download attempt (malware-other.rules) * 1:55872 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9770089-0 download attempt (malware-other.rules) * 1:55873 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9770097-0 download attempt (malware-other.rules) * 1:55876 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bdld-9770176-0 download attempt (malware-other.rules) * 1:55910 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773289-0 download attempt (malware-other.rules) * 1:55920 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 1:55871 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9770089-0 download attempt (malware-other.rules) * 1:55896 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9772275-0 download attempt (malware-other.rules) * 1:55892 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Kovter-9771867-0 download attempt (malware-other.rules) * 1:55921 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 1:55928 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant script download attempt (malware-cnc.rules) * 1:55874 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9770097-0 download attempt (malware-other.rules) * 1:55918 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 1:55879 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9770611-0 download attempt (malware-other.rules) * 1:55903 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Sdyn-9772921-0 download attempt (malware-other.rules) * 1:55898 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakesysdef-9772554-0 download attempt (malware-other.rules) * 1:55922 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender privilege escalation attempt (os-windows.rules) * 1:55906 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9773106-0 download attempt (malware-other.rules) * 1:55907 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9773294-0 download attempt (malware-other.rules) * 1:55923 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender privilege escalation attempt (os-windows.rules) * 1:55869 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9769987-0 download attempt (malware-other.rules) * 1:55867 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agzz8qk-9769774-0 download attempt (malware-other.rules) * 1:55926 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant outbound connection (malware-cnc.rules) * 1:55895 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9772275-0 download attempt (malware-other.rules) * 1:55864 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ursnif-9769699-0 download attempt (malware-other.rules) * 1:55891 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Kovter-9771867-0 download attempt (malware-other.rules) * 1:55881 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9770992-0 download attempt (malware-other.rules) * 1:55897 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakesysdef-9772554-0 download attempt (malware-other.rules) * 1:55901 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9772681-0 download attempt (malware-other.rules) * 1:55894 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9771891-0 download attempt (malware-other.rules) * 1:55884 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Cutwail-9771166-0 download attempt (malware-other.rules) * 1:55865 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Bulz-9769773-0 download attempt (malware-other.rules) * 1:55905 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9773106-0 download attempt (malware-other.rules) * 1:55909 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773289-0 download attempt (malware-other.rules) * 1:55915 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Neobar-9773833-0 download attempt (malware-other.rules) * 1:55904 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Sdyn-9772921-0 download attempt (malware-other.rules) * 1:55878 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Drolnux-9770173-0 download attempt (malware-other.rules) * 1:55902 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9772681-0 download attempt (malware-other.rules) * 1:55927 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant script download attempt (malware-cnc.rules) * 1:55868 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agzz8qk-9769774-0 download attempt (malware-other.rules) * 1:55890 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Browsefox-9771664-0 download attempt (malware-other.rules) * 1:55914 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9773470-0 download attempt (malware-other.rules) * 1:55913 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9773470-0 download attempt (malware-other.rules) * 1:55880 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9770611-0 download attempt (malware-other.rules) * 1:55911 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773282-0 download attempt (malware-other.rules) * 1:55889 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Browsefox-9771664-0 download attempt (malware-other.rules) * 1:55888 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9771413-0 download attempt (malware-other.rules) * 1:55908 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9773294-0 download attempt (malware-other.rules) * 1:55866 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Bulz-9769773-0 download attempt (malware-other.rules) * 1:55875 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bdld-9770176-0 download attempt (malware-other.rules) * 1:55919 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 3:55924 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55925 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55917 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1159 attack attempt (server-webapp.rules)
* 1:6281 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - istsvc (malware-cnc.rules) * 1:25545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Printlove variant outbound connection (malware-cnc.rules) * 1:5970 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Feat2 Updater (malware-cnc.rules) * 1:25049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik.Kolilks variant outbound connection (malware-cnc.rules) * 1:10073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:25071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Macnsed variant outbound connection (malware-cnc.rules) * 1:10114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm command and control propagation detected (malware-cnc.rules) * 1:6274 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Stubby (malware-cnc.rules) * 1:5978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TM_SEARCH3 (malware-cnc.rules) * 1:7187 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules) * 1:6197 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - smrtshpr-cs (malware-cnc.rules) * 1:22099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Piroxcc variant outbound connection (malware-cnc.rules) * 1:6354 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ProxyDown (malware-cnc.rules) * 1:5954 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Browser Pal (malware-cnc.rules) * 1:16362 <-> DISABLED <-> MALWARE-CNC SpyForms malware call home (malware-cnc.rules) * 1:6341 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spedia (malware-cnc.rules) * 1:7145 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - adfsgecoiwnf (malware-cnc.rules) * 1:7832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Navhelper (malware-cnc.rules) * 1:10066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:5913 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - My Agent (malware-cnc.rules) * 1:25098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Daws variant outbound connection (malware-cnc.rules) * 1:5909 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - redirect affiliate site request 2 (malware-other.rules) * 1:7511 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ed2k edonkey2000 runtime detection (malware-cnc.rules) * 1:5881 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - ftp delivery (malware-other.rules) * 1:5760 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - OSSProxy (malware-cnc.rules) * 1:7540 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - http protocol (malware-cnc.rules) * 1:6394 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - CodeguruBrowser (malware-cnc.rules) * 1:25077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Halnine variant outbound connection (malware-cnc.rules) * 1:15165 <-> DISABLED <-> MALWARE-CNC Pushdo client communication (malware-cnc.rules) * 1:6198 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SQTR_VERIFY (malware-cnc.rules) * 1:9329 <-> DISABLED <-> MALWARE-CNC yarner.b smtp propagation detection (malware-cnc.rules) * 1:25093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hacktool variant outbound connection (malware-cnc.rules) * 1:5774 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - FSW (malware-cnc.rules) * 1:25072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dulom variant outbound connection (malware-cnc.rules) * 1:5908 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - redirect affiliate site request 1 (malware-other.rules) * 1:23019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Flame malware (malware-cnc.rules) * 1:25011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules) * 1:8357 <-> DISABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection - send alert out through email (malware-other.rules) * 1:24566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules) * 1:22047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jokbot variant outbound connection (malware-cnc.rules) * 1:23244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules) * 1:25021 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Azbreg variant outbound connection (malware-cnc.rules) * 1:23245 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:23254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf.CL variant outbound connection (malware-cnc.rules) * 1:25022 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato variant outbound connection (malware-cnc.rules) * 1:22059 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:23262 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:23307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper connect to server (malware-cnc.rules) * 1:9420 <-> DISABLED <-> MALWARE-OTHER korgo attempt (malware-other.rules) * 1:15730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules) * 1:6364 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - iMeshBar (malware-cnc.rules) * 1:10113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm command and control propagation detected (malware-cnc.rules) * 1:6491 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - snprtzdialno (malware-cnc.rules) * 1:6270 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyBrowser (malware-cnc.rules) * 1:25030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nevsyn variant outbound connection (malware-cnc.rules) * 1:10069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:25054 <-> DISABLED <-> MALWARE-CNC ZeroAccess Clickserver callback (malware-cnc.rules) * 1:10068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:23332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dishigy variant outbound connection (malware-cnc.rules) * 1:22103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coswid.klk variant outbound connection (malware-cnc.rules) * 1:25023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:23335 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:23342 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:15565 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.file download (malware-cnc.rules) * 1:23382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyEye variant outbound connection (malware-cnc.rules) * 1:24631 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Lizard/1.0 (malware-cnc.rules) * 1:23057 <-> DISABLED <-> MALWARE-CNC Flame malware connection - /view.php (malware-cnc.rules) * 1:23394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbvoleur.a variant outbound connection (malware-cnc.rules) * 1:23467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mazben file download (malware-cnc.rules) * 1:23473 <-> DISABLED <-> MALWARE-CNC URI request for runforestrun - JS.Runfore (malware-cnc.rules) * 1:23242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.boxg connect to cnc server (malware-cnc.rules) * 1:25025 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Recslurp variant outbound connection (malware-cnc.rules) * 1:23493 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules) * 1:23600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue outbound connection (malware-cnc.rules) * 1:23615 <-> DISABLED <-> MALWARE-CNC ACAD.Medre.A variant outbound connection (malware-cnc.rules) * 1:23261 <-> DISABLED <-> MALWARE-CNC known command and control traffic - Pushbot (malware-cnc.rules) * 1:25026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Juasek variant outbound connection (malware-cnc.rules) * 1:23628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pincav variant outbound connection (malware-cnc.rules) * 1:23633 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kegotip variant report to cnc-server (malware-cnc.rules) * 1:23635 <-> DISABLED <-> MALWARE-CNC Gozi trojan checkin (malware-cnc.rules) * 1:23334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader initial C&C checkin (malware-cnc.rules) * 1:25027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Opachki variant connect to cnc-server (malware-cnc.rules) * 1:23824 <-> DISABLED <-> MALWARE-CNC Gauss malware check-in (malware-cnc.rules) * 1:23893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DistTrack command and control traffic (malware-cnc.rules) * 1:5805 <-> DISABLED <-> MALWARE-OTHER Trackware myway speedbar runtime detection - switch engines (malware-other.rules) * 1:23903 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - you (malware-cnc.rules) * 1:24858 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quarian variant outbound connection - proxy connection (malware-cnc.rules) * 1:23391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hioles.C variant outbound connection (malware-cnc.rules) * 1:23942 <-> DISABLED <-> MALWARE-CNC Win.Trojan.C0D0SO0 variant outbound traffic (malware-cnc.rules) * 1:23945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor variant outbound connection (malware-cnc.rules) * 1:23946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor file download (malware-cnc.rules) * 1:25029 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:23492 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules) * 1:23972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:23978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hostposer variant outbound connection (malware-cnc.rules) * 1:23987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik.Kazy variant outbound connection (malware-cnc.rules) * 1:23627 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - PoisonIvy RAT (malware-cnc.rules) * 1:24111 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Post (malware-cnc.rules) * 1:24169 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:24185 <-> DISABLED <-> MALWARE-CNC Win.Work.Rokiwobi inbound command from C&C (malware-cnc.rules) * 1:23778 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik variant outbound connection (malware-cnc.rules) * 1:24214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seveto variant outbound connection (malware-cnc.rules) * 1:24215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:24216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Biloky variant outbound connection (malware-cnc.rules) * 1:25007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wealwedst variant outbound connection (malware-cnc.rules) * 1:23938 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ibabyfa.dldr variant outbound connection (malware-cnc.rules) * 1:24224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules) * 1:24235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wuwo initial infection variant outbound connection (malware-cnc.rules) * 1:24236 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wuwo post infection variant outbound connection (malware-cnc.rules) * 1:23968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crisis variant outbound connection (malware-cnc.rules) * 1:10071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:16269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.tdss.1.gen install-time detection - findzproportal1.com (malware-cnc.rules) * 1:25546 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy.Agent variant outbound connection (malware-cnc.rules) * 1:5986 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TeomaBar (malware-cnc.rules) * 1:7195 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - shprrprt-cs- (malware-cnc.rules) * 1:8355 <-> ENABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection (malware-other.rules) * 1:7572 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - DigExt (malware-cnc.rules) * 1:5880 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - smtp delivery (malware-other.rules) * 1:5824 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Strip-Player (malware-cnc.rules) * 1:8356 <-> DISABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection - send log out through email (malware-other.rules) * 1:7537 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Arrow Search (malware-cnc.rules) * 1:16459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.command and control communication (malware-cnc.rules) * 1:21983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BamCompiled variant outbound connection (malware-cnc.rules) * 1:5800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWay (malware-cnc.rules) * 1:24534 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules) * 1:15938 <-> DISABLED <-> MALWARE-CNC SubSeven client connection to server (malware-cnc.rules) * 1:21925 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent BOT/0.1 (malware-cnc.rules) * 1:24441 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Testing (malware-cnc.rules) * 1:15563 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.server connection (malware-cnc.rules) * 1:24482 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chif variant outbound connection (malware-cnc.rules) * 1:24563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Veli variant outbound connection (malware-cnc.rules) * 1:24568 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Mozilla/00 (malware-cnc.rules) * 1:24575 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Opera/9.61 (malware-cnc.rules) * 1:24630 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Klovbot variant outbound connection (malware-cnc.rules) * 1:24494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VaccinePC variant outbound connection (malware-cnc.rules) * 1:24633 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - test_hInternet (malware-cnc.rules) * 1:24634 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - vaccinepc (malware-cnc.rules) * 1:24504 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules) * 1:24873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gnutler variant outbound connection (malware-cnc.rules) * 1:24885 <-> DISABLED <-> MALWARE-CNC Potential Banking Trojan Config File Download (malware-cnc.rules) * 1:24886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant outbound connection (malware-cnc.rules) * 1:24532 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scondatie.A inbound connection (malware-cnc.rules) * 1:25009 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules) * 1:24375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules) * 1:24381 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules) * 1:25010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules) * 1:24382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules) * 1:24062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hufysk variant outbound connection (malware-cnc.rules) * 1:23103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik variant outbound connection (malware-cnc.rules) * 1:6363 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAcc (malware-cnc.rules) * 1:24442 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alerter COM (malware-cnc.rules) * 1:7135 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - IEP (malware-cnc.rules) * 1:6366 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - eAnthMngr (malware-cnc.rules) * 1:7116 <-> DISABLED <-> MALWARE-CNC y3k 1.2 variant outbound connection icq notification (malware-cnc.rules) * 1:16489 <-> DISABLED <-> MALWARE-CNC Bobax botnet variant outbound connection (malware-cnc.rules) * 1:16493 <-> DISABLED <-> MALWARE-CNC TT-bot botnet variant outbound connection (malware-cnc.rules) * 1:16496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.hacktool variant outbound connection (malware-cnc.rules) * 1:16526 <-> DISABLED <-> MALWARE-CNC VanBot IRC communication (malware-cnc.rules) * 1:16527 <-> DISABLED <-> MALWARE-CNC Zbot malware config file download request (malware-cnc.rules) * 1:16528 <-> DISABLED <-> MALWARE-CNC Zbot malware config file download request (malware-cnc.rules) * 1:16669 <-> DISABLED <-> MALWARE-CNC Spyeye bot variant outbound connection (malware-cnc.rules) * 1:16670 <-> DISABLED <-> MALWARE-CNC Koobface worm executable download (malware-cnc.rules) * 1:16695 <-> DISABLED <-> MALWARE-CNC Rogue AV download/update (malware-cnc.rules) * 1:16485 <-> DISABLED <-> MALWARE-CNC Koobface request for captcha (malware-cnc.rules) * 1:10077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:16497 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Tear Application (malware-cnc.rules) * 1:16551 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - malware (malware-cnc.rules) * 1:16809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FraudPack variant outbound connection (malware-cnc.rules) * 1:16810 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16811 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16812 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16817 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (malware-cnc.rules) * 1:16822 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16824 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16826 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16827 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16832 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16833 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16924 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /inst.php?fff= (malware-cnc.rules) * 1:17235 <-> DISABLED <-> MALWARE-CNC VBMania mass mailing worm download (malware-cnc.rules) * 1:17815 <-> DISABLED <-> MALWARE-CNC Thinkpoint fake antivirus - user display (malware-cnc.rules) * 1:17816 <-> DISABLED <-> MALWARE-CNC Thinkpoint fake antivirus - credit card submission (malware-cnc.rules) * 1:16816 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:18353 <-> DISABLED <-> MALWARE-CNC User-Agent request for known PUA user agent - SelectRebates (malware-cnc.rules) * 1:18388 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RookIE/1.0 (malware-cnc.rules) * 1:18458 <-> DISABLED <-> MALWARE-CNC Night Dragon initial beacon (malware-cnc.rules) * 1:16823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FlyStudio known command and control channel traffic (malware-cnc.rules) * 1:18715 <-> DISABLED <-> MALWARE-CNC Ozdok botnet communication with C&C server (malware-cnc.rules) * 1:18934 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (Coreflood -- malware-cnc.rules) * 1:18939 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16828 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:19017 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19018 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19019 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:17234 <-> DISABLED <-> MALWARE-CNC VBMania mass mailing worm activity (malware-cnc.rules) * 1:19047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - RCleanT (malware-cnc.rules) * 1:19052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Httpbot.qdc variant outbound connection (malware-cnc.rules) * 1:19053 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Nusump.A variant outbound connection (malware-cnc.rules) * 1:18247 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ErrCode - W32/Fujacks.htm (malware-cnc.rules) * 1:19056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (malware-cnc.rules) * 1:19057 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (malware-cnc.rules) * 1:19058 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Faketube update request (malware-cnc.rules) * 1:18459 <-> DISABLED <-> MALWARE-CNC Night Dragon keepalive message (malware-cnc.rules) * 1:19165 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Microsoft Internet Explorer (malware-cnc.rules) * 1:19175 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent wget 3.0 (malware-cnc.rules) * 1:19328 <-> DISABLED <-> MALWARE-CNC PointGuide variant outbound connection (malware-cnc.rules) * 1:19016 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poison.banr variant outbound connection (malware-cnc.rules) * 1:19348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.FraudLoad.emq variant outbound connection (malware-cnc.rules) * 1:19351 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Clicker Win.Trojan.Hatigh.C variant outbound connection (malware-cnc.rules) * 1:25119 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - NewBrandTest (malware-cnc.rules) * 1:19038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jzzer.A variant outbound connection (malware-cnc.rules) * 1:25231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:19357 <-> DISABLED <-> MALWARE-CNC Win.Worm.Sohanad.ila variant outbound connection (malware-cnc.rules) * 1:19358 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XYTvn.A variant outbound connection (malware-cnc.rules) * 1:25100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Njrat variant outbound connection (malware-cnc.rules) * 1:19429 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy Win.Trojan.Dosenjo.C variant outbound connection (malware-cnc.rules) * 1:25258 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast variant outbound connection (malware-cnc.rules) * 1:25271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules) * 1:19055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gosik.A registration (malware-cnc.rules) * 1:19480 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string STORMDDOS - Backdoor.Win32.Inject.ctt (malware-cnc.rules) * 1:19482 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ErrorFix (malware-cnc.rules) * 1:25245 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - me0hoi (malware-cnc.rules) * 1:25470 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LoDo variant outbound connection (malware-cnc.rules) * 1:19490 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koceg.B variant outbound connection (malware-cnc.rules) * 1:19164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyEye variant outbound connection (malware-cnc.rules) * 1:25503 <-> DISABLED <-> MALWARE-CNC Necurs Rootkit sba.cgi (malware-cnc.rules) * 1:19579 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Potao.A variant outbound connection (malware-cnc.rules) * 1:25399 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/win/wcx (malware-cnc.rules) * 1:19589 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string MacProtector (malware-cnc.rules) * 1:19590 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Savnut.B variant outbound connection (malware-cnc.rules) * 1:19339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper Win.Trojan.Agent.alda variant outbound connection (malware-cnc.rules) * 1:19623 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - vic.aspx?ver= (malware-cnc.rules) * 1:25241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetTrash variant outbound connection (malware-cnc.rules) * 1:25541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sigly variant outbound connection (malware-cnc.rules) * 1:19625 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - .sys.php?getexe= (malware-cnc.rules) * 1:19626 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /setup_b.asp?prj= (malware-cnc.rules) * 1:19353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.bkhu variant outbound connection (malware-cnc.rules) * 1:19628 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /1cup/script.php (malware-cnc.rules) * 1:25395 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/nt/sk (malware-cnc.rules) * 1:19631 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - AnSSip= (malware-cnc.rules) * 1:19632 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/adduser.php?uid= (malware-cnc.rules) * 1:19435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmus.203 variant outbound connection (malware-cnc.rules) * 1:25530 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:19635 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /app/?prj= (malware-cnc.rules) * 1:19636 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /blog/images/3521.jpg?v (malware-cnc.rules) * 1:19637 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /install.asp?mac= (malware-cnc.rules) * 1:19493 <-> DISABLED <-> MALWARE-CNC URI request for known malicious uri config.ini on 3322.org domain (malware-cnc.rules) * 1:19657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant traffic (malware-cnc.rules) * 1:19658 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MCnovogic.A variant outbound connection (malware-cnc.rules) * 1:19702 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zboter.E variant outbound connection (malware-cnc.rules) * 1:19622 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - pte.aspx?ver= (malware-cnc.rules) * 1:19704 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (malware-cnc.rules) * 1:19705 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (malware-cnc.rules) * 1:19706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cer variant outbound connection (malware-cnc.rules) * 1:19627 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /r_autoidcnt.asp?mer_seq= (malware-cnc.rules) * 1:19712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:19722 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poshtroper variant outbound connection (malware-cnc.rules) * 1:19723 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pherbot variant outbound connection (malware-cnc.rules) * 1:19633 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/tasks.php?uid= (malware-cnc.rules) * 1:19731 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkwebot variant outbound connection (malware-cnc.rules) * 1:19732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Idicaf variant outbound connection (malware-cnc.rules) * 1:19756 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Opera/8.89 - P2P-Worm.Win32.Palevo.ddm (malware-cnc.rules) * 1:19638 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /kx4.txt (malware-cnc.rules) * 1:19765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:19767 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msposer.A variant outbound connection (malware-cnc.rules) * 1:19769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos outbound indicator (malware-cnc.rules) * 1:19703 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dusta.br outbound connnection (malware-cnc.rules) * 1:19771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (malware-cnc.rules) * 1:19778 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /games/java_trust.php?f= (malware-cnc.rules) * 1:19801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules) * 1:19711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules) * 1:19882 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /160.rar - Win32/Morto.A (malware-cnc.rules) * 1:19912 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DelfInject.gen!X variant outbound connection (malware-cnc.rules) * 1:16391 <-> DISABLED <-> MALWARE-CNC Gozi Win.Trojan.connection to C&C (malware-cnc.rules) * 1:23104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:24491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo redirection landing page pre-infection (malware-cnc.rules) * 1:24211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xamtrav update protocol connection (malware-cnc.rules) * 1:24492 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24493 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:23109 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lolbot variant outbound connection (malware-cnc.rules) * 1:24217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules) * 1:24495 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24361 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi.Prinimalka variant outbound connection (malware-cnc.rules) * 1:24514 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lucuis variant outbound connection (malware-cnc.rules) * 1:24523 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MautoitRAT variant outbound connection (malware-cnc.rules) * 1:24531 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scondatie.A variant outbound connection (malware-cnc.rules) * 1:10179 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - BysooTB (malware-cnc.rules) * 1:24439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Encriyoko variant outbound connection (malware-cnc.rules) * 1:24533 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:25016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules) * 1:25024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:10403 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duntek Checkin GET Request (malware-cnc.rules) * 1:15553 <-> DISABLED <-> MALWARE-CNC Sality virus HTTP GET request (malware-cnc.rules) * 1:25028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peed variant outbound connection (malware-cnc.rules) * 1:19913 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - optima/index.php (malware-cnc.rules) * 1:19730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KukuBot variant outbound connection (malware-cnc.rules) * 1:19995 <-> DISABLED <-> MALWARE-CNC Waledac variant outbound connection (malware-cnc.rules) * 1:20009 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string Baby Remote - Win32/Babmote.A (malware-cnc.rules) * 1:20011 <-> DISABLED <-> MALWARE-CNC Briewots.A runtime traffic detected (malware-cnc.rules) * 1:19761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftpharvxqq variant outbound connection (malware-cnc.rules) * 1:20080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi.A variant outbound connection (malware-cnc.rules) * 1:20081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Yakes.cbi variant outbound connection (malware-cnc.rules) * 1:20099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xtrat.A variant outbound connection (malware-cnc.rules) * 1:19770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (malware-cnc.rules) * 1:20105 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - IPHONE (malware-cnc.rules) * 1:20106 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - darkness (malware-cnc.rules) * 1:20201 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - meterpreter (malware-cnc.rules) * 1:19864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nvbpass variant outbound connection (malware-cnc.rules) * 1:20213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:20221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules) * 1:20228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant outbound connection (malware-cnc.rules) * 1:19964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:20230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 0pera 10 (malware-cnc.rules) * 1:20231 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozilla//4.0 (malware-cnc.rules) * 1:20232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cycbot variant outbound connection (malware-cnc.rules) * 1:20012 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string feranet/0.4 - Win32/Ferabsa.A (malware-cnc.rules) * 1:20281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:20293 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MBVDFRESCT (malware-cnc.rules) * 1:20527 <-> DISABLED <-> MALWARE-CNC Sirefef initial C&C connection variant outbound connection (malware-cnc.rules) * 1:20104 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - InfoBot (malware-cnc.rules) * 1:20755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Krap variant outbound connection (malware-cnc.rules) * 1:20756 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules) * 1:20759 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gbot.oce variant outbound connection (malware-cnc.rules) * 1:20202 <-> DISABLED <-> MALWARE-CNC Apple OSX.Revir-1 variant outbound connection (malware-cnc.rules) * 1:10074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:20763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye-206 variant outbound connection (malware-cnc.rules) * 1:20837 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mecklow.C runtime traffic detected (malware-cnc.rules) * 1:20927 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye-207 variant outbound connection (malware-cnc.rules) * 1:21175 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Win32 Amti (malware-cnc.rules) * 1:21188 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string API Guide test program (malware-cnc.rules) * 1:21206 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Aldi Bot (malware-cnc.rules) * 1:20280 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:21225 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Flag (malware-cnc.rules) * 1:21230 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Betad variant outbound connection (malware-cnc.rules) * 1:21239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:20754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut-3 variant outbound connection (malware-cnc.rules) * 1:21241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater initial variant outbound connection (malware-cnc.rules) * 1:21242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater variant outbound connection (malware-cnc.rules) * 1:21257 <-> DISABLED <-> MALWARE-CNC URI - known scanner tool muieblackcat (malware-cnc.rules) * 1:20762 <-> DISABLED <-> MALWARE-CNC MacOS.Flashback.A variant outbound connection (malware-cnc.rules) * 1:21278 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Google Bot (malware-cnc.rules) * 1:21306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye variant outbound connectivity check (malware-cnc.rules) * 1:21311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules) * 1:22937 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxyier variant outbound connection (malware-cnc.rules) * 1:16268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.tdss.1.gen install-time detection - yournewsblog.net (malware-cnc.rules) * 1:22939 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent RAbcLib (malware-cnc.rules) * 1:5808 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules) * 1:24440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chiviper variant outbound connection (malware-cnc.rules) * 1:20229 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jinchodz variant outbound connection (malware-cnc.rules) * 1:21047 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Sykipot C&C (malware-cnc.rules) * 1:21318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV TDSS/PurpleHaze variant outbound connection - base64 encoded (malware-cnc.rules) * 1:21327 <-> DISABLED <-> MALWARE-CNC User-Agent ASafaWeb Scan (malware-cnc.rules) * 1:21380 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - QvodDown (malware-cnc.rules) * 1:21208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RShot.brw variant outbound connection (malware-cnc.rules) * 1:21426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:21427 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules) * 1:21428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Generic-24 variant outbound connection (malware-cnc.rules) * 1:21240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater variant outbound connection (malware-cnc.rules) * 1:21434 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mentor variant outbound connection (malware-cnc.rules) * 1:21435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mentor inbound connection - post infection (malware-cnc.rules) * 1:21436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Startpage variant outbound connection (malware-cnc.rules) * 1:21269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cycbot variant outbound connection (malware-cnc.rules) * 1:21441 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules) * 1:21455 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string psi (malware-cnc.rules) * 1:21469 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 1234567890 (malware-cnc.rules) * 1:21313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules) * 1:21476 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent YZF (malware-cnc.rules) * 1:21525 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:21526 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent TCYWinHTTPDownload (malware-cnc.rules) * 1:21418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FareIt variant outbound connection (malware-cnc.rules) * 1:21547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:21548 <-> DISABLED <-> MALWARE-CNC Cutwail landing page connection (malware-cnc.rules) * 1:21551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kahn variant outbound connection (malware-cnc.rules) * 1:21430 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BeeOne runtime traffic detected (malware-cnc.rules) * 1:21562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bredolab variant outbound connection (malware-cnc.rules) * 1:21563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules) * 1:21564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules) * 1:21440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Murofet variant outbound connection (malware-cnc.rules) * 1:21591 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent Gamevance tl_v (malware-cnc.rules) * 1:16484 <-> DISABLED <-> MALWARE-CNC Koobface variant outbound connection (malware-cnc.rules) * 1:21593 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules) * 1:21622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Georbot variant outbound connection (malware-cnc.rules) * 1:21475 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string core-project (malware-cnc.rules) * 1:21632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules) * 1:21636 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent gbot (malware-cnc.rules) * 1:21638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aluereon TDSS infection variant outbound connection (malware-cnc.rules) * 1:21538 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound payload request (malware-cnc.rules) * 1:21755 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules) * 1:21756 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules) * 1:21757 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules) * 1:21552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kahn variant outbound connection (malware-cnc.rules) * 1:21760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:21761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:21852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orsam variant outbound connection (malware-cnc.rules) * 1:21565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules) * 1:21910 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware user-agent (malware-cnc.rules) * 1:21911 <-> DISABLED <-> MALWARE-CNC Aldi variant outbound connection C&C checkin (malware-cnc.rules) * 1:21912 <-> DISABLED <-> MALWARE-CNC Aldi bot variant outbound connection user-agent (malware-cnc.rules) * 1:21631 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinowal javascript delivery method (malware-cnc.rules) * 1:21945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (malware-cnc.rules) * 1:21946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (malware-cnc.rules) * 1:21965 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VB WININET (malware-cnc.rules) * 1:21639 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent mus - TDSS related (malware-cnc.rules) * 1:21984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BamCompiled variant inbound updates (malware-cnc.rules) * 1:22033 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware variant outbound connection (malware-cnc.rules) * 1:22034 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware variant outbound connection (malware-cnc.rules) * 1:21758 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules) * 1:22048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus P2P outbound connection (malware-cnc.rules) * 1:22054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prorat variant outbound connection (malware-cnc.rules) * 1:22058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules) * 1:21877 <-> DISABLED <-> MALWARE-CNC Apple OSX.Sabpub variant outbound connection (malware-cnc.rules) * 1:22060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fepgul variant outbound connection (malware-cnc.rules) * 1:9419 <-> DISABLED <-> MALWARE-OTHER sasser attempt (malware-other.rules) * 1:25050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:10075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:16368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hydraq variant outbound connection (malware-cnc.rules) * 1:16144 <-> DISABLED <-> MALWARE-CNC Bredolab bot variant outbound connection (malware-cnc.rules) * 1:11308 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpyDawn (malware-cnc.rules) * 1:25108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy.Agent variant outbound connection (malware-cnc.rules) * 1:25099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Daws variant outbound connection (malware-cnc.rules) * 1:25268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules) * 1:25239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules) * 1:25074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:25448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Jinch variant outbound connection (malware-cnc.rules) * 1:25243 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - 04/XP (malware-cnc.rules) * 1:25544 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ctwopop (malware-cnc.rules) * 1:25397 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/ms/check (malware-cnc.rules) * 1:25372 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - wh (malware-cnc.rules) * 1:25229 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkkomet variant inbound connection (malware-cnc.rules) * 1:25532 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25256 <-> DISABLED <-> MALWARE-CNC Win.Worm.Gamarue variant outbound connection (malware-cnc.rules) * 1:25511 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:25476 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules) * 1:25107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess URI and Referer (malware-cnc.rules) * 1:25237 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Firelog variant outbound connection (malware-cnc.rules) * 1:25242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duapz variant outbound connection (malware-cnc.rules) * 1:25249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Basutra variant outbound connection (malware-cnc.rules) * 1:25259 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BancosBanload variant outbound connection (malware-cnc.rules) * 1:25371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ruskill variant outbound connection (malware-cnc.rules) * 1:25396 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/dllhost/ac (malware-cnc.rules) * 1:25400 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/win/cab (malware-cnc.rules) * 1:25471 <-> DISABLED <-> MALWARE-CNC Pushdo Spiral Traffic (malware-cnc.rules) * 1:25504 <-> DISABLED <-> MALWARE-CNC Necurs Rootkit op.cgi (malware-cnc.rules) * 1:25531 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.VB variant outbound connection (malware-cnc.rules) * 1:10067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:5901 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - AdTools (malware-cnc.rules) * 1:55281 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zegost-9753424-0 download attempt (malware-other.rules) * 1:6186 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpywareStrike (malware-cnc.rules) * 1:55862 <-> ENABLED <-> SERVER-WEBAPP Microsoft SharePoint EntityInstanceIdEncoder remote code execution attempt (server-webapp.rules) * 1:5770 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Casino (malware-cnc.rules) * 1:25076 <-> DISABLED <-> MALWARE-CNC Win.Worm.Joanap variant variant outbound connection (malware-cnc.rules) * 1:25073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lowzone variant outbound connection (malware-cnc.rules) * 1:6362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MGS-Internal-Web-Manager (malware-cnc.rules) * 1:6357 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Need2Find (malware-cnc.rules) * 1:16289 <-> DISABLED <-> MALWARE-CNC Clob bot traffic (malware-cnc.rules) * 1:5857 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWebSearchSearchAssistance (malware-cnc.rules) * 1:5838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EI (malware-cnc.rules) * 1:5900 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Async HTTP Agent (malware-cnc.rules) * 1:25075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules) * 1:5955 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Popup Stopper (malware-cnc.rules) * 1:25070 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules) * 1:15481 <-> DISABLED <-> MALWARE-CNC Zeus/Zbot malware config file download request (malware-cnc.rules) * 1:11313 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spy-Locked (malware-cnc.rules) * 1:7582 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pcast Live (malware-cnc.rules) * 1:7587 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - URLBlaze (malware-cnc.rules) * 1:25109 <-> DISABLED <-> MALWARE-CNC Autoit.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules) * 1:25230 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkkomet variant outbound connection (malware-cnc.rules) * 1:25244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Menti variant inbound connection (malware-cnc.rules) * 1:25465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:25257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Skintrim variant outbound connection (malware-cnc.rules) * 1:25394 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/nt/th (malware-cnc.rules) * 1:25398 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/ms/flush (malware-cnc.rules) * 1:25477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25533 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - al (malware-cnc.rules) * 1:9418 <-> DISABLED <-> MALWARE-CNC bagle.a http notification detection (malware-cnc.rules) * 1:15564 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.file download (malware-cnc.rules) * 1:10070 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:5907 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - check update (malware-other.rules) * 1:5882 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - alert notification (malware-other.rules) * 1:22100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Midhos variant outbound connection (malware-cnc.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
