Talos has added and modified multiple rules in the malware-cnc and server-other rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:55929 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9774504-0 download attempt (malware-other.rules) * 1:55930 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9774504-0 download attempt (malware-other.rules) * 1:55931 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant outbound connection attempt (malware-cnc.rules) * 1:55932 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic malicious RemoteConstructor deserialization attempt (server-other.rules) * 1:55933 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic malicious RemoteConstructor deserialization attempt (server-other.rules)
* 1:26697 <-> DISABLED <-> MALWARE-CNC Cbeplay Ransomware variant outbound connection - POST Body (malware-cnc.rules) * 1:26702 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win (malware-cnc.rules) * 1:26703 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upero variant outbound connection (malware-cnc.rules) * 1:26712 <-> DISABLED <-> MALWARE-CNC Kazy Trojan check-in (malware-cnc.rules) * 1:26713 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 1 outbound traffic (malware-cnc.rules) * 1:26714 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 2 outbound traffic (malware-cnc.rules) * 1:26715 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 3 outbound traffic (malware-cnc.rules) * 1:26719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules) * 1:26720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules) * 1:26721 <-> DISABLED <-> MALWARE-CNC Pushdo Spiral Traffic (malware-cnc.rules) * 1:26722 <-> DISABLED <-> MALWARE-CNC Bancos fake JPG encrypted config file download (malware-cnc.rules) * 1:26723 <-> DISABLED <-> MALWARE-CNC Trojan Downloader7 (malware-cnc.rules) * 1:26725 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc http command (malware-cnc.rules) * 1:26726 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc stop command (malware-cnc.rules) * 1:26727 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc die command (malware-cnc.rules) * 1:26728 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc sleep command (malware-cnc.rules) * 1:26729 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc simple command (malware-cnc.rules) * 1:26730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc loginpost command (malware-cnc.rules) * 1:26731 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc datapost command (malware-cnc.rules) * 1:26732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc syn command (malware-cnc.rules) * 1:26733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udp command (malware-cnc.rules) * 1:26734 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udpdata command (malware-cnc.rules) * 1:26735 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc data command (malware-cnc.rules) * 1:26736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc icmp command (malware-cnc.rules) * 1:26737 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc tcpdata command (malware-cnc.rules) * 1:26738 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dataget command (malware-cnc.rules) * 1:26739 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc connect command (malware-cnc.rules) * 1:26740 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dns command (malware-cnc.rules) * 1:26741 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc exec command (malware-cnc.rules) * 1:26742 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc resolve command (malware-cnc.rules) * 1:26743 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc antiddos command (malware-cnc.rules) * 1:26744 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc range command (malware-cnc.rules) * 1:26745 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc ftp command (malware-cnc.rules) * 1:26746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc download command (malware-cnc.rules) * 1:26747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc fastddos command (malware-cnc.rules) * 1:26748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc slowhttp command (malware-cnc.rules) * 1:26749 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc allhttp command (malware-cnc.rules) * 1:26750 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc full command (malware-cnc.rules) * 1:26751 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - msctls_progress32 (malware-cnc.rules) * 1:26756 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Datcaen variant outbound connection (malware-cnc.rules) * 1:26757 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Datcaen variant outbound connection (malware-cnc.rules) * 1:26758 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elefin variant outbound connection (malware-cnc.rules) * 1:26763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:26770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:26771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:26774 <-> DISABLED <-> MALWARE-CNC Win.Worm.Luder variant outbound connection (malware-cnc.rules) * 1:26775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker variant outbound connection HTTP Header Structure (malware-cnc.rules) * 1:26776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker variant outbound connection POST (malware-cnc.rules) * 1:26777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:26779 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex encrypted POST check-in (malware-cnc.rules) * 1:26780 <-> DISABLED <-> MALWARE-CNC cridex HTTP Response - default0.js (malware-cnc.rules) * 1:26785 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qrmon variant outbound connection (malware-cnc.rules) * 1:26792 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbula variant outbound connection (malware-cnc.rules) * 1:26793 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbula variant initial CNC contact (malware-cnc.rules) * 1:26809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor.Tomvode variant outbound connection (malware-cnc.rules) * 1:26811 <-> DISABLED <-> MALWARE-CNC XP Fake Antivirus Payment Page Request (malware-cnc.rules) * 1:26812 <-> DISABLED <-> MALWARE-CNC XP Fake Antivirus Check-in (malware-cnc.rules) * 1:26813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato CMS spambot check-in (malware-cnc.rules) * 1:26815 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.KitM variant outbound connection user-agent (malware-cnc.rules) * 1:26816 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.KitM variant outbound connection (malware-cnc.rules) * 1:26818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Zawat variant outbound connection (malware-cnc.rules) * 1:26819 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Datash variant outbound connection (malware-cnc.rules) * 1:26820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Datash variant outbound connection (malware-cnc.rules) * 1:26822 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules) * 1:26828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uperti variant outbound connection (malware-cnc.rules) * 1:26835 <-> DISABLED <-> MALWARE-CNC RDN Banker POST variant outbound connection (malware-cnc.rules) * 1:26836 <-> DISABLED <-> MALWARE-CNC RDN Banker Strange Google Traffic (malware-cnc.rules) * 1:26837 <-> DISABLED <-> MALWARE-CNC BitBot Idle C2 response (malware-cnc.rules) * 1:26840 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (malware-cnc.rules) * 1:26841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (malware-cnc.rules) * 1:26880 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zotob.E gc.exe download (malware-cnc.rules) * 1:26911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules) * 1:26912 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules) * 1:26923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:26924 <-> DISABLED <-> MALWARE-CNC Potential Gozi Trojan HTTP Header Structure (malware-cnc.rules) * 1:26930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules) * 1:26931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules) * 1:26932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules) * 1:26940 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TripleNine RAT beacon (malware-cnc.rules) * 1:26941 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PipCreat RAT dropper download (malware-cnc.rules) * 1:26942 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PipCreat RAT beacon (malware-cnc.rules) * 1:26943 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Post_Show RAT beacon (malware-cnc.rules) * 1:26944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Post_Show RAT beacon (malware-cnc.rules) * 1:26945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bisonal RAT beacon (malware-cnc.rules) * 1:26946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uptime RAT beacon (malware-cnc.rules) * 1:26952 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcim variant outbound connection (malware-cnc.rules) * 1:26954 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Talsab variant outbound connection (malware-cnc.rules) * 1:26955 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Talsab variant outbound connection (malware-cnc.rules) * 1:26965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Facebook Secure Cryptor C2 (malware-cnc.rules) * 1:26966 <-> DISABLED <-> MALWARE-CNC Win32/Autorun.JN variant outbound connection (malware-cnc.rules) * 1:26967 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules) * 1:26968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi Data Theft POST Data (malware-cnc.rules) * 1:26969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi Trojan Data Theft POST URL (malware-cnc.rules) * 1:26970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pirminay variant outbound connection (malware-cnc.rules) * 1:26984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector Info Stealer Trojan variant outbound connection (malware-cnc.rules) * 1:26986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xenil variant outbound connection (malware-cnc.rules) * 1:26987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyvadextr variant outbound connection (malware-cnc.rules) * 1:26995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26997 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Morcut variant outbound connection (malware-cnc.rules) * 1:26998 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Morcut file download (malware-cnc.rules) * 1:26999 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chinoxy variant outbound connection (malware-cnc.rules) * 1:27000 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chinoxy variant outbound connection (malware-cnc.rules) * 1:27002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:27003 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:27007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:27008 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:27010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot payment .scr download (malware-cnc.rules) * 1:27012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant outbound connection (malware-cnc.rules) * 1:27013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant inbound connection (malware-cnc.rules) * 1:27014 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epipenwa variant outbound connection (malware-cnc.rules) * 1:27017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato variant inbound response connection (malware-cnc.rules) * 1:27021 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Layvam variant outbound connection (malware-cnc.rules) * 1:27022 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules) * 1:27023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules) * 1:27033 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Transhell variant outbound connection user-agent (malware-cnc.rules) * 1:27039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.OnlineGameHack variant outbound connection (malware-cnc.rules) * 1:27044 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string pb - Htbot (malware-cnc.rules) * 1:27045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker Download (malware-cnc.rules) * 1:27049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dokstormac variant outbound connection (malware-cnc.rules) * 1:27054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant outbound connection (malware-cnc.rules) * 1:27058 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.HackBack variant outbound connection (malware-cnc.rules) * 1:27093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules) * 1:27120 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:27169 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atezag variant outbound connection (malware-cnc.rules) * 1:27199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meredrop variant outbound connection GET Request (malware-cnc.rules) * 1:27200 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meredrop variant outbound connection POST Request (malware-cnc.rules) * 1:27201 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neurevt variant outbound connection (malware-cnc.rules) * 1:27248 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue - Mozi1la User-Agent (malware-cnc.rules) * 1:27252 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess 111-byte URL variant outbound connection (malware-cnc.rules) * 1:27256 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik Drive-by Download Malware (malware-cnc.rules) * 1:27257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptic 7-byte URI Invalid Firefox Headers - no Accept-Language (malware-cnc.rules) * 1:27260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Java.Agent.NFK variant connection (malware-cnc.rules) * 1:27263 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - yahoonews (malware-cnc.rules) * 1:27533 <-> DISABLED <-> MALWARE-CNC Potential Win.Trojan.Kraziomel Download - 000.jpg (malware-cnc.rules) * 1:27551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorapu variant outbound connection (malware-cnc.rules) * 1:27558 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bezigate variant outbound connection (malware-cnc.rules) * 1:27567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix malicious download request (malware-cnc.rules) * 1:27577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:27596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redyms variant outbound connection (malware-cnc.rules) * 1:27599 <-> DISABLED <-> MALWARE-CNC Fort Disco Registration variant outbound connection (malware-cnc.rules) * 1:27600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nawpers variant connection (malware-cnc.rules) * 1:27629 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules) * 1:27630 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules) * 1:27631 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules) * 1:27633 <-> DISABLED <-> MALWARE-CNC Worm.Silly variant outbound connection (malware-cnc.rules) * 1:27636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Likseput variant connection (malware-cnc.rules) * 1:27637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syhcmd variant connection (malware-cnc.rules) * 1:27639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epipenwa variant connection (malware-cnc.rules) * 1:27640 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chekafe variant connection (malware-cnc.rules) * 1:27641 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meilat variant connection (malware-cnc.rules) * 1:27642 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downbot variant connection (malware-cnc.rules) * 1:27643 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Betabot variant connection (malware-cnc.rules) * 1:27644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Merong variant connection (malware-cnc.rules) * 1:27645 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Binjo variant outbound connection (malware-cnc.rules) * 1:27647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nelaja variant outbound connection (malware-cnc.rules) * 1:27648 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker.ZSL variant outbound connection (malware-cnc.rules) * 1:27649 <-> DISABLED <-> MALWARE-CNC Brazilian Banking Trojan data theft (malware-cnc.rules) * 1:27655 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Enchanim variant connection (malware-cnc.rules) * 1:27659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gapz variant connection (malware-cnc.rules) * 1:27660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reabfrus variant connection (malware-cnc.rules) * 1:27661 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reabfrus variant connection (malware-cnc.rules) * 1:27662 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Galfun variant outbound connection (malware-cnc.rules) * 1:27664 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules) * 1:27665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules) * 1:27670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.evf variant connection (malware-cnc.rules) * 1:27678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Goolelo variant connection (malware-cnc.rules) * 1:27679 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules) * 1:27680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess variant outbound connection (malware-cnc.rules) * 1:27699 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tartober variant connection (malware-cnc.rules) * 1:27709 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string umbra (malware-cnc.rules) * 1:27710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string IExplore (malware-cnc.rules) * 1:27711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant outbound connection (malware-cnc.rules) * 1:27720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kolok variant connection (malware-cnc.rules) * 1:27726 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules) * 1:27727 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules) * 1:27728 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules) * 1:27737 <-> DISABLED <-> MALWARE-CNC DNS suspicious .c0m.li dns query (malware-cnc.rules) * 1:27746 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Hanthie variant outbound connection (malware-cnc.rules) * 1:27747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banechant outbound variant connection (malware-cnc.rules) * 1:27759 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Treizt variant connection (malware-cnc.rules) * 1:27774 <-> DISABLED <-> MALWARE-CNC RDN Banker Data Exfiltration (malware-cnc.rules) * 1:27775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:27802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PRISM variant outbound connection (malware-cnc.rules) * 1:27803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PRISM variant outbound connection (malware-cnc.rules) * 1:27805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bisonha variant outbound connection (malware-cnc.rules) * 1:27806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retruse variant connection (malware-cnc.rules) * 1:27811 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mindweq variant connection (malware-cnc.rules) * 1:27817 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenavt connection (malware-cnc.rules) * 1:27864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinowal variant connection (malware-cnc.rules) * 1:27867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper outbound connection (malware-cnc.rules) * 1:27868 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - dt12012 (malware-cnc.rules) * 1:27905 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helauto variant connection (malware-cnc.rules) * 1:27918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:27919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus encrypted POST Data exfiltration (malware-cnc.rules) * 1:27939 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Galock variant connection (malware-cnc.rules) * 1:27955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mevade variant outbound connection (malware-cnc.rules) * 1:27963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lolbot variant outbound connection (malware-cnc.rules) * 1:27964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules) * 1:27965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eupuds variant connection (malware-cnc.rules) * 1:27966 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:27968 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:27969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Updays variant connection (malware-cnc.rules) * 1:27970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus dropper variant connection (malware-cnc.rules) * 1:27980 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /botnet/adduser.php?uid= (malware-cnc.rules) * 1:27981 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /botnet/tasks.php?uid= (malware-cnc.rules) * 1:28005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz outbound command (malware-cnc.rules) * 1:28007 <-> DISABLED <-> MALWARE-CNC BLYPT installer startupkey outbound traffic (malware-cnc.rules) * 1:28008 <-> DISABLED <-> MALWARE-CNC BLYPT installer reuse outbound traffic (malware-cnc.rules) * 1:28009 <-> DISABLED <-> MALWARE-CNC BLYPT installer configkey outbound traffic (malware-cnc.rules) * 1:28010 <-> DISABLED <-> MALWARE-CNC BLYPT installer tserror outbound traffic (malware-cnc.rules) * 1:28011 <-> DISABLED <-> MALWARE-CNC BLYPT installer createproc outbound traffic (malware-cnc.rules) * 1:28012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:28033 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Urausy variant outbound connection (malware-cnc.rules) * 1:28040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules) * 1:28042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Caphaw variant outbound connection (malware-cnc.rules) * 1:28044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker variant connection (malware-cnc.rules) * 1:28045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBKrypt variant connection (malware-cnc.rules) * 1:28072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Omexo outbound connection (malware-cnc.rules) * 1:28073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32.Kimsuky variant file stealing (malware-cnc.rules) * 1:28074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ADKR connection (malware-cnc.rules) * 1:28075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.gzfw connection (malware-cnc.rules) * 1:28079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar variant outbound connection (malware-cnc.rules) * 1:28080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar data theft (malware-cnc.rules) * 1:28084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant connection (malware-cnc.rules) * 1:28094 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Liteol variant connection (malware-cnc.rules) * 1:28095 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Liteol variant connection (malware-cnc.rules) * 1:28096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spynet variant connection (malware-cnc.rules) * 1:28097 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ohlat variant connection (malware-cnc.rules) * 1:28105 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:28106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload information upload (malware-cnc.rules) * 1:28107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload download (malware-cnc.rules) * 1:28114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /default.htm GET Encrypted Payload (malware-cnc.rules) * 1:28115 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /file.htm GET Encrypted Payload (malware-cnc.rules) * 1:28116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /home.htm GET Encrypted Payload (malware-cnc.rules) * 1:28117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /install.htm GET Encrypted Payload (malware-cnc.rules) * 1:28118 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /login.htm GET Encrypted Payload (malware-cnc.rules) * 1:28119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /search.htm GET Encrypted Payload (malware-cnc.rules) * 1:28120 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /start.htm GET Encrypted Payload (malware-cnc.rules) * 1:28121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /welcome.htm GET Encrypted Payload (malware-cnc.rules) * 1:28122 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /index.htm GET Encrypted Payload (malware-cnc.rules) * 1:28123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /setup.htm GET Encrypted Payload (malware-cnc.rules) * 1:28125 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant connection (malware-cnc.rules) * 1:28134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant connection (malware-cnc.rules) * 1:28141 <-> DISABLED <-> MALWARE-CNC Win.Trojan.banker outbound connection (malware-cnc.rules) * 1:28143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos outbound connection (malware-cnc.rules) * 1:28144 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32.Wpbrutebot variant connection (malware-cnc.rules) * 1:28146 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Salgorea variant connection (malware-cnc.rules) * 1:28147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules) * 1:28148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mevade variant outbound connection (malware-cnc.rules) * 1:28153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - /html2/ (malware-cnc.rules) * 1:28154 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - MSIE 7.1 (malware-cnc.rules) * 1:28155 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - MSIE 7.2 (malware-cnc.rules) * 1:28166 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bifrose variant connection (malware-cnc.rules) * 1:26448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakesig variant outbound connection (malware-cnc.rules) * 1:26449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules) * 1:26463 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linog.A variant outbound connection (malware-cnc.rules) * 1:26464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linog.A variant outbound connection (malware-cnc.rules) * 1:26467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Magic variant inbound connection (malware-cnc.rules) * 1:26480 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot fake PNG config file download without User-Agent (malware-cnc.rules) * 1:26482 <-> DISABLED <-> MALWARE-CNC Unknown Thinner Encrypted POST botnet C&C (malware-cnc.rules) * 1:26522 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent NOKIAN95/WEB (malware-cnc.rules) * 1:26533 <-> DISABLED <-> MALWARE-CNC Unknown malware - Incorrect headers - Referer HTTP/1.0 (malware-cnc.rules) * 1:26558 <-> DISABLED <-> MALWARE-CNC User-Agent known Malicious user agent Brutus AET (malware-cnc.rules) * 1:26560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - getcomando POST data (malware-cnc.rules) * 1:26561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:26563 <-> DISABLED <-> MALWARE-CNC Harakit botnet traffic (malware-cnc.rules) * 1:26576 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules) * 1:26577 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent Opera 10 (malware-cnc.rules) * 1:26578 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy/FakeAV Checkin with IE6 User-Agent (malware-cnc.rules) * 1:26579 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy/FakeAV Checkin with IE6 User-Agent (malware-cnc.rules) * 1:26604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bydra variant outbound connection (malware-cnc.rules) * 1:26605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bydra variant outbound connection (malware-cnc.rules) * 1:26606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sosork variant outbound connection (malware-cnc.rules) * 1:26607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korlia variant outbound connection (malware-cnc.rules) * 1:26608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rocra variant outbound connection (malware-cnc.rules) * 1:26609 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Dockster variant outbound connection (malware-cnc.rules) * 1:26613 <-> DISABLED <-> MALWARE-CNC Medfos Trojan variant outbound connection (malware-cnc.rules) * 1:26656 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Travnet Botnet data upload (malware-cnc.rules) * 1:26657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz variant outbound connection (malware-cnc.rules) * 1:26677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:26678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:26679 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:26680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:26681 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:26683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shyape variant outbound connection (malware-cnc.rules) * 1:26684 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neshax variant outbound connection (malware-cnc.rules) * 1:26685 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string J13A (malware-cnc.rules) * 1:26686 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alina (malware-cnc.rules) * 1:26690 <-> DISABLED <-> MALWARE-CNC Miniduke server contact (malware-cnc.rules) * 1:26691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UFRStealer variant outbound connection (malware-cnc.rules) * 1:26692 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyremoav variant outbound connection (malware-cnc.rules) * 1:26695 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Namihno variant outbound request (malware-cnc.rules) * 1:26696 <-> DISABLED <-> MALWARE-CNC Cbeplay Ransomware variant outbound connection - Abnormal HTTP Headers (malware-cnc.rules) * 1:25547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules) * 1:25551 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dipasik variant outbound connection (malware-cnc.rules) * 1:25553 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (malware-cnc.rules) * 1:25570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medialabs variant outbound connection (malware-cnc.rules) * 1:25571 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medialabs variant outbound connection (malware-cnc.rules) * 1:25572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut variant outbound connection (malware-cnc.rules) * 1:25577 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Necurs possible URI with encrypted POST (malware-cnc.rules) * 1:25599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gupboot variant outbound connection (malware-cnc.rules) * 1:25600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dilavtor variant outbound connection (malware-cnc.rules) * 1:25609 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:25610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mofsmall variant outbound connection (malware-cnc.rules) * 1:25623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jimpime variant outbound connection (malware-cnc.rules) * 1:25625 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Daws variant outbound connection (malware-cnc.rules) * 1:25626 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:25628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant connect to cnc-server (malware-cnc.rules) * 1:25632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Golisy variant outbound connection (malware-cnc.rules) * 1:25652 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptic variant outbound connection (malware-cnc.rules) * 1:25660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules) * 1:25661 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules) * 1:25662 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chowspy variant outbound connection (malware-cnc.rules) * 1:25663 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rimod variant outbound connection (malware-cnc.rules) * 1:25665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sycomder variant outbound connection (malware-cnc.rules) * 1:25666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25667 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nflog variant outbound connection (malware-cnc.rules) * 1:25668 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nflog variant outbound connection (malware-cnc.rules) * 1:25669 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Selasloot variant outbound connection (malware-cnc.rules) * 1:25671 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25672 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound connection (malware-cnc.rules) * 1:25673 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.QQDragon variant outbound connection (malware-cnc.rules) * 1:25674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shimwoc variant outbound connection (malware-cnc.rules) * 1:25675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeavlock variant outbound connection (malware-cnc.rules) * 1:25765 <-> DISABLED <-> MALWARE-CNC Trojan Agent YEH variant outbound connection (malware-cnc.rules) * 1:25766 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:25807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Urausy Botnet variant outbound connection (malware-cnc.rules) * 1:25829 <-> DISABLED <-> MALWARE-CNC Trojan Banker FTC variant outbound connection (malware-cnc.rules) * 1:25854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection - MSIE7 No Referer No Cookie (malware-cnc.rules) * 1:25863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.QBundle variant outbound connection (malware-cnc.rules) * 1:25865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boolflot variant outbound connection (malware-cnc.rules) * 1:25974 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lukprofin variant outbound connection (malware-cnc.rules) * 1:25979 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lukprofin variant outbound connection (malware-cnc.rules) * 1:25980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pass (malware-cnc.rules) * 1:25987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upof variant outbound connection (malware-cnc.rules) * 1:25990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (malware-cnc.rules) * 1:25991 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (malware-cnc.rules) * 1:25992 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules) * 1:25993 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules) * 1:25994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reswor variant outbound connection (malware-cnc.rules) * 1:26010 <-> DISABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules) * 1:26011 <-> DISABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules) * 1:26019 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bredo variant outbound connection (malware-cnc.rules) * 1:26023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant in.php outbound connection (malware-cnc.rules) * 1:26024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wecod variant outbound connection (malware-cnc.rules) * 1:26072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locati variant outbound connection (malware-cnc.rules) * 1:26075 <-> DISABLED <-> MALWARE-CNC Bancos variant outbound connection SQL query POST data (malware-cnc.rules) * 1:26086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Exicon variant outbound connection (malware-cnc.rules) * 1:26088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Encriyoko variant outbound connection (malware-cnc.rules) * 1:26106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:26115 <-> DISABLED <-> MALWARE-CNC NSIS.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26116 <-> DISABLED <-> MALWARE-CNC NSIS.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarctox variant outbound connection (malware-cnc.rules) * 1:26118 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26201 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lobparck variant outbound connection (malware-cnc.rules) * 1:26202 <-> DISABLED <-> MALWARE-CNC VBS.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gupd variant outbound connection (malware-cnc.rules) * 1:26204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malex variant outbound connection (malware-cnc.rules) * 1:26211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eldorado variant outbound connection (malware-cnc.rules) * 1:26238 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Snopexy variant outbound connection (malware-cnc.rules) * 1:26239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stehlox variant outbound connection (malware-cnc.rules) * 1:26240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vkeikooc variant outbound connection (malware-cnc.rules) * 1:26244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Troll variant outbound connection (malware-cnc.rules) * 1:26245 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:26248 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent cibabam (malware-cnc.rules) * 1:26249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Sonide variant outbound connection (malware-cnc.rules) * 1:26260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Vectmp variant outbound connection (malware-cnc.rules) * 1:26266 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26267 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Surok variant outbound connection (malware-cnc.rules) * 1:26285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Garveep variant outbound connection (malware-cnc.rules) * 1:26288 <-> DISABLED <-> MALWARE-CNC Brontok Worm variant outbound connection (malware-cnc.rules) * 1:26289 <-> DISABLED <-> MALWARE-CNC Daws Trojan Outbound Plaintext over SSL Port (malware-cnc.rules) * 1:26319 <-> DISABLED <-> MALWARE-CNC file path used as User-Agent - potential Trojan (malware-cnc.rules) * 1:26325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:26327 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Flashfake variant outbound connection (malware-cnc.rules) * 1:26331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qhost variant outbound connection (malware-cnc.rules) * 1:26335 <-> DISABLED <-> MALWARE-CNC FBI Ransom Trojan variant outbound connection (malware-cnc.rules) * 1:26370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - ksa.txt (malware-cnc.rules) * 1:26371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - op POST (malware-cnc.rules) * 1:26398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue variant outbound connection (malware-cnc.rules) * 1:26428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:26444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26445 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler variant outbound connection (malware-cnc.rules) * 1:28192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz Potential Phishing URL (malware-cnc.rules) * 1:28209 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules) * 1:28210 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules) * 1:28211 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules) * 1:28212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bitsto variant connection (malware-cnc.rules) * 1:28216 <-> DISABLED <-> MALWARE-CNC known malware FTP login (malware-cnc.rules) * 1:28230 <-> DISABLED <-> MALWARE-CNC Boot.Bootroot Variant data upload (malware-cnc.rules) * 1:28234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hdslogger outbound connection (malware-cnc.rules) * 1:28239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tuxido outbound connection (malware-cnc.rules) * 1:28242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KanKan variant connection (malware-cnc.rules) * 1:28244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phrovon outbound connection (malware-cnc.rules) * 1:28247 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules) * 1:28250 <-> DISABLED <-> MALWARE-CNC Security Cleaner Pro Install Confirmation (malware-cnc.rules) * 1:28254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perl.Shellbot variant outbound connection (malware-cnc.rules) * 1:28255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz Potential phishing URL (malware-cnc.rules) * 1:28285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.hdog connectivity check-in version 2 (malware-cnc.rules) * 1:28300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant connection (malware-cnc.rules) * 1:28323 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:28325 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zuza variant outbound connection (malware-cnc.rules) * 1:28326 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zuza variant outbound connection (malware-cnc.rules) * 1:28328 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Hupigon variant outbound connection (malware-cnc.rules) * 1:28362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string SUiCiDE/1.5 (malware-cnc.rules) * 1:28366 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Venik variant outbound connection (malware-cnc.rules) * 1:28373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mutopy variant outbound connection (malware-cnc.rules) * 1:28399 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Tsunami outbound connection (malware-cnc.rules) * 1:28405 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:28406 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:28410 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner variant outbound connection (malware-cnc.rules) * 1:28411 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner variant outbound connection (malware-cnc.rules) * 1:28415 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:28416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker outbound connection (malware-cnc.rules) * 1:28417 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Molgomsg variant outbound connection (malware-cnc.rules) * 1:28418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Dtcontx outbound connection (malware-cnc.rules) * 1:28419 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tesch variant outbound connection (malware-cnc.rules) * 1:28444 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CBgate variant outbound connection (malware-cnc.rules) * 1:28446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant SQL check-in (malware-cnc.rules) * 1:28463 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AllAple Variant ICMP flood (malware-cnc.rules) * 1:28484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delpbank variant outbound connection (malware-cnc.rules) * 1:28485 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Khalog variant outbound connection (malware-cnc.rules) * 1:28486 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Codiltak variant outbound connection (malware-cnc.rules) * 1:28528 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (malware-cnc.rules) * 1:28529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (malware-cnc.rules) * 1:28538 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox/Kuluoz variant connection (malware-cnc.rules) * 1:28541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess Download Headers (malware-cnc.rules) * 1:28542 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules) * 1:28543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules) * 1:28547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:28548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.chfx variant outbound connection (malware-cnc.rules) * 1:28551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NXI ftp username connection (malware-cnc.rules) * 1:28553 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /main.htm GET Encrypted Payload (malware-cnc.rules) * 1:28554 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /online.htm GET Encrypted Payload (malware-cnc.rules) * 1:28558 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string getURLdown (malware-cnc.rules) * 1:28559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules) * 1:28560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plugx FTP keepalive outbound connection (malware-cnc.rules) * 1:28561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plugx outbound connection (malware-cnc.rules) * 1:28562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sidopa variant outbound connection (malware-cnc.rules) * 1:28563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pkdesco variant outbound connection (malware-cnc.rules) * 1:28564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pkdesco variant outbound connection (malware-cnc.rules) * 1:28565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sluegot variant connection (malware-cnc.rules) * 1:28599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Lesirt variant outbound connection (malware-cnc.rules) * 1:28604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kasnam variant connection (malware-cnc.rules) * 1:28605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kasnam variant connection (malware-cnc.rules) * 1:28606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Surtr variant connection (malware-cnc.rules) * 1:28607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:28724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent outbound connection (malware-cnc.rules) * 1:28799 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mxtcycle variant outbound connection (malware-cnc.rules) * 1:28800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (malware-cnc.rules) * 1:28802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos outbound connection (malware-cnc.rules) * 1:28803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector inbound connection (malware-cnc.rules) * 1:28804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector outbound connection (malware-cnc.rules) * 1:28805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Palevo outbound connection (malware-cnc.rules) * 1:28807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules) * 1:28808 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Ptiger variant outbound connection (malware-cnc.rules) * 1:28809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil inbound connection (malware-cnc.rules) * 1:28810 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection - MSIE7 No Referer No Cookie (malware-cnc.rules) * 1:28813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ufraie variant outbound connection (malware-cnc.rules) * 1:28814 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi/Neverquest variant outbound connection (malware-cnc.rules) * 1:28815 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi/Neverquest variant outbound connection (malware-cnc.rules) * 1:28816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Siluhdur variant outbound connection (malware-cnc.rules) * 1:28820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:28852 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules) * 1:28853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dipverdle variant outbound connection (malware-cnc.rules) * 1:28856 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yowdab variant connection (malware-cnc.rules) * 1:28857 <-> DISABLED <-> MALWARE-CNC Adwind UNRECOM connnection back to cnc server (malware-cnc.rules) * 1:28858 <-> DISABLED <-> MALWARE-CNC Adwind UNRECOM connnection back to cnc server (malware-cnc.rules) * 1:28859 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent z00sAgent - Win.Trojan.Zbot (malware-cnc.rules) * 1:28860 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Nitedrem (malware-cnc.rules) * 1:28861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Roxfora variant outbound connection (malware-cnc.rules) * 1:28864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tofsee variant outbound connection (malware-cnc.rules) * 1:28886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:28914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Anony variant connection (malware-cnc.rules) * 1:28918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant network connectivity check (malware-cnc.rules) * 1:28919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant network connectivity check (malware-cnc.rules) * 1:28930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeav variant outbound data connection (malware-cnc.rules) * 1:28940 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix malicious download (malware-cnc.rules) * 1:28947 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tapaoux variant connection (malware-cnc.rules) * 1:28948 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishlog variant outbound connection (malware-cnc.rules) * 1:28949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishlog variant outbound connection (malware-cnc.rules) * 1:28958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jussuc variant outbound connection (malware-cnc.rules) * 1:28960 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alurewo outbound connection (malware-cnc.rules) * 1:48157 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:55929 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9774504-0 download attempt (malware-other.rules) * 1:55931 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant outbound connection attempt (malware-cnc.rules) * 1:55932 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic malicious RemoteConstructor deserialization attempt (server-other.rules) * 1:55930 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9774504-0 download attempt (malware-other.rules) * 1:55933 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic malicious RemoteConstructor deserialization attempt (server-other.rules)
* 1:25547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules) * 1:25551 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dipasik variant outbound connection (malware-cnc.rules) * 1:25553 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (malware-cnc.rules) * 1:25570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medialabs variant outbound connection (malware-cnc.rules) * 1:25571 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medialabs variant outbound connection (malware-cnc.rules) * 1:25572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut variant outbound connection (malware-cnc.rules) * 1:25577 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Necurs possible URI with encrypted POST (malware-cnc.rules) * 1:25599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gupboot variant outbound connection (malware-cnc.rules) * 1:25600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dilavtor variant outbound connection (malware-cnc.rules) * 1:25609 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:25610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mofsmall variant outbound connection (malware-cnc.rules) * 1:25623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jimpime variant outbound connection (malware-cnc.rules) * 1:25625 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Daws variant outbound connection (malware-cnc.rules) * 1:25626 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:25628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant connect to cnc-server (malware-cnc.rules) * 1:25632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Golisy variant outbound connection (malware-cnc.rules) * 1:25652 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptic variant outbound connection (malware-cnc.rules) * 1:25660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules) * 1:25661 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules) * 1:25662 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chowspy variant outbound connection (malware-cnc.rules) * 1:25663 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rimod variant outbound connection (malware-cnc.rules) * 1:25665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sycomder variant outbound connection (malware-cnc.rules) * 1:25666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25667 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nflog variant outbound connection (malware-cnc.rules) * 1:25668 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nflog variant outbound connection (malware-cnc.rules) * 1:25669 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Selasloot variant outbound connection (malware-cnc.rules) * 1:25671 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25672 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound connection (malware-cnc.rules) * 1:25673 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.QQDragon variant outbound connection (malware-cnc.rules) * 1:25674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shimwoc variant outbound connection (malware-cnc.rules) * 1:25675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeavlock variant outbound connection (malware-cnc.rules) * 1:25765 <-> DISABLED <-> MALWARE-CNC Trojan Agent YEH variant outbound connection (malware-cnc.rules) * 1:25766 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:25807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Urausy Botnet variant outbound connection (malware-cnc.rules) * 1:25829 <-> DISABLED <-> MALWARE-CNC Trojan Banker FTC variant outbound connection (malware-cnc.rules) * 1:25854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection - MSIE7 No Referer No Cookie (malware-cnc.rules) * 1:25863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.QBundle variant outbound connection (malware-cnc.rules) * 1:25865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boolflot variant outbound connection (malware-cnc.rules) * 1:25974 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lukprofin variant outbound connection (malware-cnc.rules) * 1:25979 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lukprofin variant outbound connection (malware-cnc.rules) * 1:25980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pass (malware-cnc.rules) * 1:25987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upof variant outbound connection (malware-cnc.rules) * 1:25990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (malware-cnc.rules) * 1:25991 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (malware-cnc.rules) * 1:25992 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules) * 1:25993 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules) * 1:25994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reswor variant outbound connection (malware-cnc.rules) * 1:26010 <-> DISABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules) * 1:26011 <-> DISABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules) * 1:26019 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bredo variant outbound connection (malware-cnc.rules) * 1:26023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant in.php outbound connection (malware-cnc.rules) * 1:26024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wecod variant outbound connection (malware-cnc.rules) * 1:26072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locati variant outbound connection (malware-cnc.rules) * 1:26075 <-> DISABLED <-> MALWARE-CNC Bancos variant outbound connection SQL query POST data (malware-cnc.rules) * 1:26086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Exicon variant outbound connection (malware-cnc.rules) * 1:26088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Encriyoko variant outbound connection (malware-cnc.rules) * 1:26106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:26115 <-> DISABLED <-> MALWARE-CNC NSIS.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26116 <-> DISABLED <-> MALWARE-CNC NSIS.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarctox variant outbound connection (malware-cnc.rules) * 1:26118 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26201 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lobparck variant outbound connection (malware-cnc.rules) * 1:26202 <-> DISABLED <-> MALWARE-CNC VBS.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gupd variant outbound connection (malware-cnc.rules) * 1:26204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malex variant outbound connection (malware-cnc.rules) * 1:26211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eldorado variant outbound connection (malware-cnc.rules) * 1:26238 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Snopexy variant outbound connection (malware-cnc.rules) * 1:26239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stehlox variant outbound connection (malware-cnc.rules) * 1:26240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vkeikooc variant outbound connection (malware-cnc.rules) * 1:26244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Troll variant outbound connection (malware-cnc.rules) * 1:26245 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:26248 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent cibabam (malware-cnc.rules) * 1:26249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Sonide variant outbound connection (malware-cnc.rules) * 1:26260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Vectmp variant outbound connection (malware-cnc.rules) * 1:26266 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26267 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Surok variant outbound connection (malware-cnc.rules) * 1:26285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Garveep variant outbound connection (malware-cnc.rules) * 1:26288 <-> DISABLED <-> MALWARE-CNC Brontok Worm variant outbound connection (malware-cnc.rules) * 1:26289 <-> DISABLED <-> MALWARE-CNC Daws Trojan Outbound Plaintext over SSL Port (malware-cnc.rules) * 1:26319 <-> DISABLED <-> MALWARE-CNC file path used as User-Agent - potential Trojan (malware-cnc.rules) * 1:26325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:26327 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Flashfake variant outbound connection (malware-cnc.rules) * 1:26331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qhost variant outbound connection (malware-cnc.rules) * 1:26335 <-> DISABLED <-> MALWARE-CNC FBI Ransom Trojan variant outbound connection (malware-cnc.rules) * 1:26370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - ksa.txt (malware-cnc.rules) * 1:26371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - op POST (malware-cnc.rules) * 1:26398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue variant outbound connection (malware-cnc.rules) * 1:26428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:26444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26445 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler variant outbound connection (malware-cnc.rules) * 1:26448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakesig variant outbound connection (malware-cnc.rules) * 1:26449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules) * 1:26463 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linog.A variant outbound connection (malware-cnc.rules) * 1:26464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linog.A variant outbound connection (malware-cnc.rules) * 1:26467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Magic variant inbound connection (malware-cnc.rules) * 1:26480 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot fake PNG config file download without User-Agent (malware-cnc.rules) * 1:26482 <-> DISABLED <-> MALWARE-CNC Unknown Thinner Encrypted POST botnet C&C (malware-cnc.rules) * 1:26522 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent NOKIAN95/WEB (malware-cnc.rules) * 1:26533 <-> DISABLED <-> MALWARE-CNC Unknown malware - Incorrect headers - Referer HTTP/1.0 (malware-cnc.rules) * 1:26558 <-> DISABLED <-> MALWARE-CNC User-Agent known Malicious user agent Brutus AET (malware-cnc.rules) * 1:26560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - getcomando POST data (malware-cnc.rules) * 1:26561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:26563 <-> DISABLED <-> MALWARE-CNC Harakit botnet traffic (malware-cnc.rules) * 1:26576 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules) * 1:26577 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent Opera 10 (malware-cnc.rules) * 1:26578 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy/FakeAV Checkin with IE6 User-Agent (malware-cnc.rules) * 1:26579 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy/FakeAV Checkin with IE6 User-Agent (malware-cnc.rules) * 1:26604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bydra variant outbound connection (malware-cnc.rules) * 1:26605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bydra variant outbound connection (malware-cnc.rules) * 1:26606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sosork variant outbound connection (malware-cnc.rules) * 1:26607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korlia variant outbound connection (malware-cnc.rules) * 1:28106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload information upload (malware-cnc.rules) * 1:28097 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ohlat variant connection (malware-cnc.rules) * 1:26609 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Dockster variant outbound connection (malware-cnc.rules) * 1:26613 <-> DISABLED <-> MALWARE-CNC Medfos Trojan variant outbound connection (malware-cnc.rules) * 1:26656 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Travnet Botnet data upload (malware-cnc.rules) * 1:26657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz variant outbound connection (malware-cnc.rules) * 1:26677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:26678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:26679 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:26680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:26681 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:26683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shyape variant outbound connection (malware-cnc.rules) * 1:26684 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neshax variant outbound connection (malware-cnc.rules) * 1:26685 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string J13A (malware-cnc.rules) * 1:26686 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alina (malware-cnc.rules) * 1:26690 <-> DISABLED <-> MALWARE-CNC Miniduke server contact (malware-cnc.rules) * 1:26691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UFRStealer variant outbound connection (malware-cnc.rules) * 1:26692 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyremoav variant outbound connection (malware-cnc.rules) * 1:26695 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Namihno variant outbound request (malware-cnc.rules) * 1:26696 <-> DISABLED <-> MALWARE-CNC Cbeplay Ransomware variant outbound connection - Abnormal HTTP Headers (malware-cnc.rules) * 1:26697 <-> DISABLED <-> MALWARE-CNC Cbeplay Ransomware variant outbound connection - POST Body (malware-cnc.rules) * 1:26702 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win (malware-cnc.rules) * 1:26703 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upero variant outbound connection (malware-cnc.rules) * 1:26712 <-> DISABLED <-> MALWARE-CNC Kazy Trojan check-in (malware-cnc.rules) * 1:26713 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 1 outbound traffic (malware-cnc.rules) * 1:26714 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 2 outbound traffic (malware-cnc.rules) * 1:26715 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 3 outbound traffic (malware-cnc.rules) * 1:26719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules) * 1:26720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules) * 1:26721 <-> DISABLED <-> MALWARE-CNC Pushdo Spiral Traffic (malware-cnc.rules) * 1:26722 <-> DISABLED <-> MALWARE-CNC Bancos fake JPG encrypted config file download (malware-cnc.rules) * 1:26723 <-> DISABLED <-> MALWARE-CNC Trojan Downloader7 (malware-cnc.rules) * 1:26725 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc http command (malware-cnc.rules) * 1:26726 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc stop command (malware-cnc.rules) * 1:26727 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc die command (malware-cnc.rules) * 1:26728 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc sleep command (malware-cnc.rules) * 1:26729 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc simple command (malware-cnc.rules) * 1:26730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc loginpost command (malware-cnc.rules) * 1:26731 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc datapost command (malware-cnc.rules) * 1:26732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc syn command (malware-cnc.rules) * 1:26733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udp command (malware-cnc.rules) * 1:26734 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udpdata command (malware-cnc.rules) * 1:26735 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc data command (malware-cnc.rules) * 1:26736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc icmp command (malware-cnc.rules) * 1:28209 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules) * 1:28210 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules) * 1:28211 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules) * 1:28212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bitsto variant connection (malware-cnc.rules) * 1:28216 <-> DISABLED <-> MALWARE-CNC known malware FTP login (malware-cnc.rules) * 1:28230 <-> DISABLED <-> MALWARE-CNC Boot.Bootroot Variant data upload (malware-cnc.rules) * 1:28234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hdslogger outbound connection (malware-cnc.rules) * 1:28239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tuxido outbound connection (malware-cnc.rules) * 1:28242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KanKan variant connection (malware-cnc.rules) * 1:28244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phrovon outbound connection (malware-cnc.rules) * 1:28247 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules) * 1:28250 <-> DISABLED <-> MALWARE-CNC Security Cleaner Pro Install Confirmation (malware-cnc.rules) * 1:28254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perl.Shellbot variant outbound connection (malware-cnc.rules) * 1:28255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz Potential phishing URL (malware-cnc.rules) * 1:28285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.hdog connectivity check-in version 2 (malware-cnc.rules) * 1:28300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant connection (malware-cnc.rules) * 1:28323 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:28325 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zuza variant outbound connection (malware-cnc.rules) * 1:28326 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zuza variant outbound connection (malware-cnc.rules) * 1:28328 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Hupigon variant outbound connection (malware-cnc.rules) * 1:28362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string SUiCiDE/1.5 (malware-cnc.rules) * 1:28366 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Venik variant outbound connection (malware-cnc.rules) * 1:28373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mutopy variant outbound connection (malware-cnc.rules) * 1:28399 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Tsunami outbound connection (malware-cnc.rules) * 1:28405 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:28406 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:28410 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner variant outbound connection (malware-cnc.rules) * 1:28411 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner variant outbound connection (malware-cnc.rules) * 1:28415 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:28416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker outbound connection (malware-cnc.rules) * 1:28417 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Molgomsg variant outbound connection (malware-cnc.rules) * 1:28418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Dtcontx outbound connection (malware-cnc.rules) * 1:28419 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tesch variant outbound connection (malware-cnc.rules) * 1:28444 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CBgate variant outbound connection (malware-cnc.rules) * 1:28446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant SQL check-in (malware-cnc.rules) * 1:28463 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AllAple Variant ICMP flood (malware-cnc.rules) * 1:28484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delpbank variant outbound connection (malware-cnc.rules) * 1:28485 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Khalog variant outbound connection (malware-cnc.rules) * 1:28486 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Codiltak variant outbound connection (malware-cnc.rules) * 1:28528 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (malware-cnc.rules) * 1:28529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (malware-cnc.rules) * 1:28538 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox/Kuluoz variant connection (malware-cnc.rules) * 1:26737 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc tcpdata command (malware-cnc.rules) * 1:26738 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dataget command (malware-cnc.rules) * 1:26739 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc connect command (malware-cnc.rules) * 1:26740 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dns command (malware-cnc.rules) * 1:26741 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc exec command (malware-cnc.rules) * 1:26742 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc resolve command (malware-cnc.rules) * 1:26743 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc antiddos command (malware-cnc.rules) * 1:26744 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc range command (malware-cnc.rules) * 1:26745 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc ftp command (malware-cnc.rules) * 1:26746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc download command (malware-cnc.rules) * 1:26747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc fastddos command (malware-cnc.rules) * 1:26748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc slowhttp command (malware-cnc.rules) * 1:26749 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc allhttp command (malware-cnc.rules) * 1:26750 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc full command (malware-cnc.rules) * 1:26751 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - msctls_progress32 (malware-cnc.rules) * 1:26756 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Datcaen variant outbound connection (malware-cnc.rules) * 1:26757 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Datcaen variant outbound connection (malware-cnc.rules) * 1:26758 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elefin variant outbound connection (malware-cnc.rules) * 1:26763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:26770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:26771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:26774 <-> DISABLED <-> MALWARE-CNC Win.Worm.Luder variant outbound connection (malware-cnc.rules) * 1:26775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker variant outbound connection HTTP Header Structure (malware-cnc.rules) * 1:26776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker variant outbound connection POST (malware-cnc.rules) * 1:26777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:26779 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex encrypted POST check-in (malware-cnc.rules) * 1:26780 <-> DISABLED <-> MALWARE-CNC cridex HTTP Response - default0.js (malware-cnc.rules) * 1:26785 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qrmon variant outbound connection (malware-cnc.rules) * 1:26792 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbula variant outbound connection (malware-cnc.rules) * 1:26793 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbula variant initial CNC contact (malware-cnc.rules) * 1:26809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor.Tomvode variant outbound connection (malware-cnc.rules) * 1:26811 <-> DISABLED <-> MALWARE-CNC XP Fake Antivirus Payment Page Request (malware-cnc.rules) * 1:26812 <-> DISABLED <-> MALWARE-CNC XP Fake Antivirus Check-in (malware-cnc.rules) * 1:26813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato CMS spambot check-in (malware-cnc.rules) * 1:26815 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.KitM variant outbound connection user-agent (malware-cnc.rules) * 1:26816 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.KitM variant outbound connection (malware-cnc.rules) * 1:26818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Zawat variant outbound connection (malware-cnc.rules) * 1:26819 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Datash variant outbound connection (malware-cnc.rules) * 1:26820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Datash variant outbound connection (malware-cnc.rules) * 1:26822 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules) * 1:26828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uperti variant outbound connection (malware-cnc.rules) * 1:26835 <-> DISABLED <-> MALWARE-CNC RDN Banker POST variant outbound connection (malware-cnc.rules) * 1:26836 <-> DISABLED <-> MALWARE-CNC RDN Banker Strange Google Traffic (malware-cnc.rules) * 1:26837 <-> DISABLED <-> MALWARE-CNC BitBot Idle C2 response (malware-cnc.rules) * 1:26840 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (malware-cnc.rules) * 1:26841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (malware-cnc.rules) * 1:26880 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zotob.E gc.exe download (malware-cnc.rules) * 1:26911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules) * 1:26912 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules) * 1:26923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:26924 <-> DISABLED <-> MALWARE-CNC Potential Gozi Trojan HTTP Header Structure (malware-cnc.rules) * 1:26930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules) * 1:26931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules) * 1:26932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules) * 1:26940 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TripleNine RAT beacon (malware-cnc.rules) * 1:26941 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PipCreat RAT dropper download (malware-cnc.rules) * 1:26942 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PipCreat RAT beacon (malware-cnc.rules) * 1:26943 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Post_Show RAT beacon (malware-cnc.rules) * 1:26944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Post_Show RAT beacon (malware-cnc.rules) * 1:26945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bisonal RAT beacon (malware-cnc.rules) * 1:26946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uptime RAT beacon (malware-cnc.rules) * 1:26952 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcim variant outbound connection (malware-cnc.rules) * 1:26954 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Talsab variant outbound connection (malware-cnc.rules) * 1:26955 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Talsab variant outbound connection (malware-cnc.rules) * 1:26965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Facebook Secure Cryptor C2 (malware-cnc.rules) * 1:26966 <-> DISABLED <-> MALWARE-CNC Win32/Autorun.JN variant outbound connection (malware-cnc.rules) * 1:26967 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules) * 1:26968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi Data Theft POST Data (malware-cnc.rules) * 1:26969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi Trojan Data Theft POST URL (malware-cnc.rules) * 1:26970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pirminay variant outbound connection (malware-cnc.rules) * 1:26984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector Info Stealer Trojan variant outbound connection (malware-cnc.rules) * 1:26986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xenil variant outbound connection (malware-cnc.rules) * 1:26987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyvadextr variant outbound connection (malware-cnc.rules) * 1:26995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26997 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Morcut variant outbound connection (malware-cnc.rules) * 1:26998 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Morcut file download (malware-cnc.rules) * 1:26999 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chinoxy variant outbound connection (malware-cnc.rules) * 1:27000 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chinoxy variant outbound connection (malware-cnc.rules) * 1:27002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:27003 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:27007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:27008 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:27010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot payment .scr download (malware-cnc.rules) * 1:27012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant outbound connection (malware-cnc.rules) * 1:27013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant inbound connection (malware-cnc.rules) * 1:27014 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epipenwa variant outbound connection (malware-cnc.rules) * 1:27017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato variant inbound response connection (malware-cnc.rules) * 1:27021 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Layvam variant outbound connection (malware-cnc.rules) * 1:27022 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules) * 1:27023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules) * 1:27033 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Transhell variant outbound connection user-agent (malware-cnc.rules) * 1:27039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.OnlineGameHack variant outbound connection (malware-cnc.rules) * 1:27044 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string pb - Htbot (malware-cnc.rules) * 1:27045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker Download (malware-cnc.rules) * 1:27049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dokstormac variant outbound connection (malware-cnc.rules) * 1:27054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant outbound connection (malware-cnc.rules) * 1:27058 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.HackBack variant outbound connection (malware-cnc.rules) * 1:27093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules) * 1:27120 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:27169 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atezag variant outbound connection (malware-cnc.rules) * 1:27199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meredrop variant outbound connection GET Request (malware-cnc.rules) * 1:27201 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neurevt variant outbound connection (malware-cnc.rules) * 1:27200 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meredrop variant outbound connection POST Request (malware-cnc.rules) * 1:26608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rocra variant outbound connection (malware-cnc.rules) * 1:27248 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue - Mozi1la User-Agent (malware-cnc.rules) * 1:27252 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess 111-byte URL variant outbound connection (malware-cnc.rules) * 1:27256 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik Drive-by Download Malware (malware-cnc.rules) * 1:27257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptic 7-byte URI Invalid Firefox Headers - no Accept-Language (malware-cnc.rules) * 1:27260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Java.Agent.NFK variant connection (malware-cnc.rules) * 1:27263 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - yahoonews (malware-cnc.rules) * 1:27533 <-> DISABLED <-> MALWARE-CNC Potential Win.Trojan.Kraziomel Download - 000.jpg (malware-cnc.rules) * 1:27551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorapu variant outbound connection (malware-cnc.rules) * 1:27558 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bezigate variant outbound connection (malware-cnc.rules) * 1:27567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix malicious download request (malware-cnc.rules) * 1:27577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:27596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redyms variant outbound connection (malware-cnc.rules) * 1:27599 <-> DISABLED <-> MALWARE-CNC Fort Disco Registration variant outbound connection (malware-cnc.rules) * 1:27600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nawpers variant connection (malware-cnc.rules) * 1:27629 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules) * 1:27630 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules) * 1:27631 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules) * 1:27633 <-> DISABLED <-> MALWARE-CNC Worm.Silly variant outbound connection (malware-cnc.rules) * 1:27636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Likseput variant connection (malware-cnc.rules) * 1:27637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syhcmd variant connection (malware-cnc.rules) * 1:27639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epipenwa variant connection (malware-cnc.rules) * 1:27640 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chekafe variant connection (malware-cnc.rules) * 1:27641 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meilat variant connection (malware-cnc.rules) * 1:27642 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downbot variant connection (malware-cnc.rules) * 1:27643 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Betabot variant connection (malware-cnc.rules) * 1:27644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Merong variant connection (malware-cnc.rules) * 1:27645 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Binjo variant outbound connection (malware-cnc.rules) * 1:27647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nelaja variant outbound connection (malware-cnc.rules) * 1:27648 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker.ZSL variant outbound connection (malware-cnc.rules) * 1:27649 <-> DISABLED <-> MALWARE-CNC Brazilian Banking Trojan data theft (malware-cnc.rules) * 1:27655 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Enchanim variant connection (malware-cnc.rules) * 1:27659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gapz variant connection (malware-cnc.rules) * 1:27660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reabfrus variant connection (malware-cnc.rules) * 1:27661 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reabfrus variant connection (malware-cnc.rules) * 1:27662 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Galfun variant outbound connection (malware-cnc.rules) * 1:27664 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules) * 1:27665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules) * 1:27670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.evf variant connection (malware-cnc.rules) * 1:27678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Goolelo variant connection (malware-cnc.rules) * 1:27679 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules) * 1:27680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess variant outbound connection (malware-cnc.rules) * 1:27699 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tartober variant connection (malware-cnc.rules) * 1:27709 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string umbra (malware-cnc.rules) * 1:27710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string IExplore (malware-cnc.rules) * 1:27711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant outbound connection (malware-cnc.rules) * 1:27720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kolok variant connection (malware-cnc.rules) * 1:27726 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules) * 1:27727 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules) * 1:27728 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules) * 1:27737 <-> DISABLED <-> MALWARE-CNC DNS suspicious .c0m.li dns query (malware-cnc.rules) * 1:27746 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Hanthie variant outbound connection (malware-cnc.rules) * 1:27747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banechant outbound variant connection (malware-cnc.rules) * 1:27759 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Treizt variant connection (malware-cnc.rules) * 1:27774 <-> DISABLED <-> MALWARE-CNC RDN Banker Data Exfiltration (malware-cnc.rules) * 1:27775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:27802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PRISM variant outbound connection (malware-cnc.rules) * 1:27803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PRISM variant outbound connection (malware-cnc.rules) * 1:27805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bisonha variant outbound connection (malware-cnc.rules) * 1:27806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retruse variant connection (malware-cnc.rules) * 1:27811 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mindweq variant connection (malware-cnc.rules) * 1:27817 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenavt connection (malware-cnc.rules) * 1:27864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinowal variant connection (malware-cnc.rules) * 1:27867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper outbound connection (malware-cnc.rules) * 1:27868 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - dt12012 (malware-cnc.rules) * 1:27905 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helauto variant connection (malware-cnc.rules) * 1:27918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:27919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus encrypted POST Data exfiltration (malware-cnc.rules) * 1:27939 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Galock variant connection (malware-cnc.rules) * 1:27955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mevade variant outbound connection (malware-cnc.rules) * 1:27963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lolbot variant outbound connection (malware-cnc.rules) * 1:27964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules) * 1:27965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eupuds variant connection (malware-cnc.rules) * 1:27966 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:27968 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:27969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Updays variant connection (malware-cnc.rules) * 1:27970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus dropper variant connection (malware-cnc.rules) * 1:27980 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /botnet/adduser.php?uid= (malware-cnc.rules) * 1:27981 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /botnet/tasks.php?uid= (malware-cnc.rules) * 1:28005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz outbound command (malware-cnc.rules) * 1:28007 <-> DISABLED <-> MALWARE-CNC BLYPT installer startupkey outbound traffic (malware-cnc.rules) * 1:28008 <-> DISABLED <-> MALWARE-CNC BLYPT installer reuse outbound traffic (malware-cnc.rules) * 1:28009 <-> DISABLED <-> MALWARE-CNC BLYPT installer configkey outbound traffic (malware-cnc.rules) * 1:28010 <-> DISABLED <-> MALWARE-CNC BLYPT installer tserror outbound traffic (malware-cnc.rules) * 1:28011 <-> DISABLED <-> MALWARE-CNC BLYPT installer createproc outbound traffic (malware-cnc.rules) * 1:28012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:28033 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Urausy variant outbound connection (malware-cnc.rules) * 1:28040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules) * 1:28042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Caphaw variant outbound connection (malware-cnc.rules) * 1:28044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker variant connection (malware-cnc.rules) * 1:28045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBKrypt variant connection (malware-cnc.rules) * 1:28072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Omexo outbound connection (malware-cnc.rules) * 1:28073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32.Kimsuky variant file stealing (malware-cnc.rules) * 1:28074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ADKR connection (malware-cnc.rules) * 1:28075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.gzfw connection (malware-cnc.rules) * 1:28079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar variant outbound connection (malware-cnc.rules) * 1:28080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar data theft (malware-cnc.rules) * 1:28084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant connection (malware-cnc.rules) * 1:28094 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Liteol variant connection (malware-cnc.rules) * 1:28095 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Liteol variant connection (malware-cnc.rules) * 1:28105 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:28107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload download (malware-cnc.rules) * 1:28114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /default.htm GET Encrypted Payload (malware-cnc.rules) * 1:28115 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /file.htm GET Encrypted Payload (malware-cnc.rules) * 1:28116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /home.htm GET Encrypted Payload (malware-cnc.rules) * 1:28117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /install.htm GET Encrypted Payload (malware-cnc.rules) * 1:28118 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /login.htm GET Encrypted Payload (malware-cnc.rules) * 1:28119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /search.htm GET Encrypted Payload (malware-cnc.rules) * 1:28120 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /start.htm GET Encrypted Payload (malware-cnc.rules) * 1:28121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /welcome.htm GET Encrypted Payload (malware-cnc.rules) * 1:28122 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /index.htm GET Encrypted Payload (malware-cnc.rules) * 1:28123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /setup.htm GET Encrypted Payload (malware-cnc.rules) * 1:28125 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant connection (malware-cnc.rules) * 1:28134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant connection (malware-cnc.rules) * 1:28141 <-> DISABLED <-> MALWARE-CNC Win.Trojan.banker outbound connection (malware-cnc.rules) * 1:28143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos outbound connection (malware-cnc.rules) * 1:28144 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32.Wpbrutebot variant connection (malware-cnc.rules) * 1:28146 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Salgorea variant connection (malware-cnc.rules) * 1:28147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules) * 1:28148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mevade variant outbound connection (malware-cnc.rules) * 1:28153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - /html2/ (malware-cnc.rules) * 1:28154 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - MSIE 7.1 (malware-cnc.rules) * 1:28155 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - MSIE 7.2 (malware-cnc.rules) * 1:28166 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bifrose variant connection (malware-cnc.rules) * 1:28192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz Potential Phishing URL (malware-cnc.rules) * 1:28541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess Download Headers (malware-cnc.rules) * 1:28542 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules) * 1:28543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules) * 1:28547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:28548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.chfx variant outbound connection (malware-cnc.rules) * 1:28551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NXI ftp username connection (malware-cnc.rules) * 1:28553 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /main.htm GET Encrypted Payload (malware-cnc.rules) * 1:28554 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /online.htm GET Encrypted Payload (malware-cnc.rules) * 1:28558 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string getURLdown (malware-cnc.rules) * 1:28559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules) * 1:28560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plugx FTP keepalive outbound connection (malware-cnc.rules) * 1:28561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plugx outbound connection (malware-cnc.rules) * 1:28562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sidopa variant outbound connection (malware-cnc.rules) * 1:28563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pkdesco variant outbound connection (malware-cnc.rules) * 1:28564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pkdesco variant outbound connection (malware-cnc.rules) * 1:28565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sluegot variant connection (malware-cnc.rules) * 1:28599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Lesirt variant outbound connection (malware-cnc.rules) * 1:28604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kasnam variant connection (malware-cnc.rules) * 1:28605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kasnam variant connection (malware-cnc.rules) * 1:28606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Surtr variant connection (malware-cnc.rules) * 1:28607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:28724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent outbound connection (malware-cnc.rules) * 1:28799 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mxtcycle variant outbound connection (malware-cnc.rules) * 1:28800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (malware-cnc.rules) * 1:28802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos outbound connection (malware-cnc.rules) * 1:28803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector inbound connection (malware-cnc.rules) * 1:28804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector outbound connection (malware-cnc.rules) * 1:28805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Palevo outbound connection (malware-cnc.rules) * 1:28807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules) * 1:28808 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Ptiger variant outbound connection (malware-cnc.rules) * 1:28809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil inbound connection (malware-cnc.rules) * 1:28810 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection - MSIE7 No Referer No Cookie (malware-cnc.rules) * 1:28813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ufraie variant outbound connection (malware-cnc.rules) * 1:28814 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi/Neverquest variant outbound connection (malware-cnc.rules) * 1:28815 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi/Neverquest variant outbound connection (malware-cnc.rules) * 1:28816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Siluhdur variant outbound connection (malware-cnc.rules) * 1:28820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:28852 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules) * 1:28853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dipverdle variant outbound connection (malware-cnc.rules) * 1:28856 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yowdab variant connection (malware-cnc.rules) * 1:28857 <-> DISABLED <-> MALWARE-CNC Adwind UNRECOM connnection back to cnc server (malware-cnc.rules) * 1:28858 <-> DISABLED <-> MALWARE-CNC Adwind UNRECOM connnection back to cnc server (malware-cnc.rules) * 1:28859 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent z00sAgent - Win.Trojan.Zbot (malware-cnc.rules) * 1:28860 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Nitedrem (malware-cnc.rules) * 1:28861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Roxfora variant outbound connection (malware-cnc.rules) * 1:28864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tofsee variant outbound connection (malware-cnc.rules) * 1:28886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:28914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Anony variant connection (malware-cnc.rules) * 1:28918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant network connectivity check (malware-cnc.rules) * 1:28919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant network connectivity check (malware-cnc.rules) * 1:28930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeav variant outbound data connection (malware-cnc.rules) * 1:28940 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix malicious download (malware-cnc.rules) * 1:28947 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tapaoux variant connection (malware-cnc.rules) * 1:28948 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishlog variant outbound connection (malware-cnc.rules) * 1:28949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishlog variant outbound connection (malware-cnc.rules) * 1:28958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jussuc variant outbound connection (malware-cnc.rules) * 1:28960 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alurewo outbound connection (malware-cnc.rules) * 1:48157 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:28096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spynet variant connection (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:55929 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9774504-0 download attempt (malware-other.rules) * 1:55933 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic malicious RemoteConstructor deserialization attempt (server-other.rules) * 1:55931 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant outbound connection attempt (malware-cnc.rules) * 1:55930 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9774504-0 download attempt (malware-other.rules) * 1:55932 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic malicious RemoteConstructor deserialization attempt (server-other.rules)
* 1:28097 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ohlat variant connection (malware-cnc.rules) * 1:28154 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - MSIE 7.1 (malware-cnc.rules) * 1:28155 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - MSIE 7.2 (malware-cnc.rules) * 1:28166 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bifrose variant connection (malware-cnc.rules) * 1:28192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz Potential Phishing URL (malware-cnc.rules) * 1:28209 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules) * 1:28210 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules) * 1:28211 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules) * 1:28212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bitsto variant connection (malware-cnc.rules) * 1:28216 <-> DISABLED <-> MALWARE-CNC known malware FTP login (malware-cnc.rules) * 1:28230 <-> DISABLED <-> MALWARE-CNC Boot.Bootroot Variant data upload (malware-cnc.rules) * 1:28234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hdslogger outbound connection (malware-cnc.rules) * 1:28239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tuxido outbound connection (malware-cnc.rules) * 1:28242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KanKan variant connection (malware-cnc.rules) * 1:28244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phrovon outbound connection (malware-cnc.rules) * 1:28247 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules) * 1:28250 <-> DISABLED <-> MALWARE-CNC Security Cleaner Pro Install Confirmation (malware-cnc.rules) * 1:28254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perl.Shellbot variant outbound connection (malware-cnc.rules) * 1:28255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz Potential phishing URL (malware-cnc.rules) * 1:28285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.hdog connectivity check-in version 2 (malware-cnc.rules) * 1:28300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant connection (malware-cnc.rules) * 1:28323 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:28325 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zuza variant outbound connection (malware-cnc.rules) * 1:28326 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zuza variant outbound connection (malware-cnc.rules) * 1:28328 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Hupigon variant outbound connection (malware-cnc.rules) * 1:28362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string SUiCiDE/1.5 (malware-cnc.rules) * 1:28366 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Venik variant outbound connection (malware-cnc.rules) * 1:28373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mutopy variant outbound connection (malware-cnc.rules) * 1:28399 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Tsunami outbound connection (malware-cnc.rules) * 1:28405 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:28406 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:28410 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner variant outbound connection (malware-cnc.rules) * 1:28411 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner variant outbound connection (malware-cnc.rules) * 1:28415 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:28416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker outbound connection (malware-cnc.rules) * 1:28417 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Molgomsg variant outbound connection (malware-cnc.rules) * 1:28418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Dtcontx outbound connection (malware-cnc.rules) * 1:28419 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tesch variant outbound connection (malware-cnc.rules) * 1:28444 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CBgate variant outbound connection (malware-cnc.rules) * 1:28446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant SQL check-in (malware-cnc.rules) * 1:28463 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AllAple Variant ICMP flood (malware-cnc.rules) * 1:28484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delpbank variant outbound connection (malware-cnc.rules) * 1:28485 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Khalog variant outbound connection (malware-cnc.rules) * 1:28486 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Codiltak variant outbound connection (malware-cnc.rules) * 1:28528 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (malware-cnc.rules) * 1:28529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (malware-cnc.rules) * 1:28538 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox/Kuluoz variant connection (malware-cnc.rules) * 1:28541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess Download Headers (malware-cnc.rules) * 1:28542 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules) * 1:28543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules) * 1:28547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:28548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.chfx variant outbound connection (malware-cnc.rules) * 1:28551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NXI ftp username connection (malware-cnc.rules) * 1:28553 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /main.htm GET Encrypted Payload (malware-cnc.rules) * 1:28554 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /online.htm GET Encrypted Payload (malware-cnc.rules) * 1:28558 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string getURLdown (malware-cnc.rules) * 1:28559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules) * 1:28560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plugx FTP keepalive outbound connection (malware-cnc.rules) * 1:28561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plugx outbound connection (malware-cnc.rules) * 1:28562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sidopa variant outbound connection (malware-cnc.rules) * 1:28563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pkdesco variant outbound connection (malware-cnc.rules) * 1:28564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pkdesco variant outbound connection (malware-cnc.rules) * 1:28565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sluegot variant connection (malware-cnc.rules) * 1:28599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Lesirt variant outbound connection (malware-cnc.rules) * 1:28604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kasnam variant connection (malware-cnc.rules) * 1:28605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kasnam variant connection (malware-cnc.rules) * 1:28606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Surtr variant connection (malware-cnc.rules) * 1:28607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:28724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent outbound connection (malware-cnc.rules) * 1:28799 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mxtcycle variant outbound connection (malware-cnc.rules) * 1:28800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (malware-cnc.rules) * 1:28802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos outbound connection (malware-cnc.rules) * 1:28803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector inbound connection (malware-cnc.rules) * 1:28804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector outbound connection (malware-cnc.rules) * 1:28805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Palevo outbound connection (malware-cnc.rules) * 1:28807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules) * 1:28808 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Ptiger variant outbound connection (malware-cnc.rules) * 1:28809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil inbound connection (malware-cnc.rules) * 1:28810 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection - MSIE7 No Referer No Cookie (malware-cnc.rules) * 1:28813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ufraie variant outbound connection (malware-cnc.rules) * 1:28814 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi/Neverquest variant outbound connection (malware-cnc.rules) * 1:28815 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi/Neverquest variant outbound connection (malware-cnc.rules) * 1:28816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Siluhdur variant outbound connection (malware-cnc.rules) * 1:25547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules) * 1:28116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /home.htm GET Encrypted Payload (malware-cnc.rules) * 1:28118 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /login.htm GET Encrypted Payload (malware-cnc.rules) * 1:28114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /default.htm GET Encrypted Payload (malware-cnc.rules) * 1:28107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload download (malware-cnc.rules) * 1:28119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /search.htm GET Encrypted Payload (malware-cnc.rules) * 1:27636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Likseput variant connection (malware-cnc.rules) * 1:28117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /install.htm GET Encrypted Payload (malware-cnc.rules) * 1:28121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /welcome.htm GET Encrypted Payload (malware-cnc.rules) * 1:27639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epipenwa variant connection (malware-cnc.rules) * 1:27637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syhcmd variant connection (malware-cnc.rules) * 1:28120 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /start.htm GET Encrypted Payload (malware-cnc.rules) * 1:28125 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant connection (malware-cnc.rules) * 1:28122 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /index.htm GET Encrypted Payload (malware-cnc.rules) * 1:28123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /setup.htm GET Encrypted Payload (malware-cnc.rules) * 1:28106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload information upload (malware-cnc.rules) * 1:28134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant connection (malware-cnc.rules) * 1:28141 <-> DISABLED <-> MALWARE-CNC Win.Trojan.banker outbound connection (malware-cnc.rules) * 1:28143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos outbound connection (malware-cnc.rules) * 1:28144 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32.Wpbrutebot variant connection (malware-cnc.rules) * 1:28146 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Salgorea variant connection (malware-cnc.rules) * 1:28147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules) * 1:28148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mevade variant outbound connection (malware-cnc.rules) * 1:28153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - /html2/ (malware-cnc.rules) * 1:28105 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:28115 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /file.htm GET Encrypted Payload (malware-cnc.rules) * 1:26775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker variant outbound connection HTTP Header Structure (malware-cnc.rules) * 1:25570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medialabs variant outbound connection (malware-cnc.rules) * 1:25571 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medialabs variant outbound connection (malware-cnc.rules) * 1:25572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut variant outbound connection (malware-cnc.rules) * 1:25577 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Necurs possible URI with encrypted POST (malware-cnc.rules) * 1:25599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gupboot variant outbound connection (malware-cnc.rules) * 1:25600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dilavtor variant outbound connection (malware-cnc.rules) * 1:25609 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:25610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mofsmall variant outbound connection (malware-cnc.rules) * 1:25623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jimpime variant outbound connection (malware-cnc.rules) * 1:25625 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Daws variant outbound connection (malware-cnc.rules) * 1:25626 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:25628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant connect to cnc-server (malware-cnc.rules) * 1:25632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Golisy variant outbound connection (malware-cnc.rules) * 1:25652 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptic variant outbound connection (malware-cnc.rules) * 1:25660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules) * 1:25661 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules) * 1:25662 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chowspy variant outbound connection (malware-cnc.rules) * 1:25663 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rimod variant outbound connection (malware-cnc.rules) * 1:25665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sycomder variant outbound connection (malware-cnc.rules) * 1:25666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25667 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nflog variant outbound connection (malware-cnc.rules) * 1:25668 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nflog variant outbound connection (malware-cnc.rules) * 1:25669 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Selasloot variant outbound connection (malware-cnc.rules) * 1:25671 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25672 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound connection (malware-cnc.rules) * 1:25673 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.QQDragon variant outbound connection (malware-cnc.rules) * 1:25674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shimwoc variant outbound connection (malware-cnc.rules) * 1:25675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeavlock variant outbound connection (malware-cnc.rules) * 1:25765 <-> DISABLED <-> MALWARE-CNC Trojan Agent YEH variant outbound connection (malware-cnc.rules) * 1:25766 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:25807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Urausy Botnet variant outbound connection (malware-cnc.rules) * 1:25829 <-> DISABLED <-> MALWARE-CNC Trojan Banker FTC variant outbound connection (malware-cnc.rules) * 1:25854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection - MSIE7 No Referer No Cookie (malware-cnc.rules) * 1:25863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.QBundle variant outbound connection (malware-cnc.rules) * 1:25865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boolflot variant outbound connection (malware-cnc.rules) * 1:25974 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lukprofin variant outbound connection (malware-cnc.rules) * 1:25979 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lukprofin variant outbound connection (malware-cnc.rules) * 1:25987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upof variant outbound connection (malware-cnc.rules) * 1:25990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (malware-cnc.rules) * 1:25991 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (malware-cnc.rules) * 1:25992 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules) * 1:25993 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules) * 1:25994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reswor variant outbound connection (malware-cnc.rules) * 1:26010 <-> DISABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules) * 1:26011 <-> DISABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules) * 1:26019 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bredo variant outbound connection (malware-cnc.rules) * 1:26023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant in.php outbound connection (malware-cnc.rules) * 1:26024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wecod variant outbound connection (malware-cnc.rules) * 1:26072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locati variant outbound connection (malware-cnc.rules) * 1:26075 <-> DISABLED <-> MALWARE-CNC Bancos variant outbound connection SQL query POST data (malware-cnc.rules) * 1:26086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Exicon variant outbound connection (malware-cnc.rules) * 1:26088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Encriyoko variant outbound connection (malware-cnc.rules) * 1:26106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:26115 <-> DISABLED <-> MALWARE-CNC NSIS.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26116 <-> DISABLED <-> MALWARE-CNC NSIS.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarctox variant outbound connection (malware-cnc.rules) * 1:26118 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26201 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lobparck variant outbound connection (malware-cnc.rules) * 1:26202 <-> DISABLED <-> MALWARE-CNC VBS.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gupd variant outbound connection (malware-cnc.rules) * 1:26204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malex variant outbound connection (malware-cnc.rules) * 1:26211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eldorado variant outbound connection (malware-cnc.rules) * 1:26238 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Snopexy variant outbound connection (malware-cnc.rules) * 1:26239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stehlox variant outbound connection (malware-cnc.rules) * 1:26240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vkeikooc variant outbound connection (malware-cnc.rules) * 1:26244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Troll variant outbound connection (malware-cnc.rules) * 1:26245 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:26248 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent cibabam (malware-cnc.rules) * 1:26249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Sonide variant outbound connection (malware-cnc.rules) * 1:26260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Vectmp variant outbound connection (malware-cnc.rules) * 1:26266 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26267 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Surok variant outbound connection (malware-cnc.rules) * 1:28820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:28852 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules) * 1:28853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dipverdle variant outbound connection (malware-cnc.rules) * 1:28856 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yowdab variant connection (malware-cnc.rules) * 1:28857 <-> DISABLED <-> MALWARE-CNC Adwind UNRECOM connnection back to cnc server (malware-cnc.rules) * 1:28858 <-> DISABLED <-> MALWARE-CNC Adwind UNRECOM connnection back to cnc server (malware-cnc.rules) * 1:28859 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent z00sAgent - Win.Trojan.Zbot (malware-cnc.rules) * 1:28860 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Nitedrem (malware-cnc.rules) * 1:28861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Roxfora variant outbound connection (malware-cnc.rules) * 1:28864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tofsee variant outbound connection (malware-cnc.rules) * 1:28886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:28914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Anony variant connection (malware-cnc.rules) * 1:28918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant network connectivity check (malware-cnc.rules) * 1:28919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant network connectivity check (malware-cnc.rules) * 1:28930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeav variant outbound data connection (malware-cnc.rules) * 1:28940 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix malicious download (malware-cnc.rules) * 1:28947 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tapaoux variant connection (malware-cnc.rules) * 1:28948 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishlog variant outbound connection (malware-cnc.rules) * 1:28949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishlog variant outbound connection (malware-cnc.rules) * 1:28958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jussuc variant outbound connection (malware-cnc.rules) * 1:28960 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alurewo outbound connection (malware-cnc.rules) * 1:48157 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:25980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pass (malware-cnc.rules) * 1:26285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Garveep variant outbound connection (malware-cnc.rules) * 1:26288 <-> DISABLED <-> MALWARE-CNC Brontok Worm variant outbound connection (malware-cnc.rules) * 1:26289 <-> DISABLED <-> MALWARE-CNC Daws Trojan Outbound Plaintext over SSL Port (malware-cnc.rules) * 1:26319 <-> DISABLED <-> MALWARE-CNC file path used as User-Agent - potential Trojan (malware-cnc.rules) * 1:26325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:26327 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Flashfake variant outbound connection (malware-cnc.rules) * 1:26331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qhost variant outbound connection (malware-cnc.rules) * 1:26335 <-> DISABLED <-> MALWARE-CNC FBI Ransom Trojan variant outbound connection (malware-cnc.rules) * 1:26370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - ksa.txt (malware-cnc.rules) * 1:26371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - op POST (malware-cnc.rules) * 1:26398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue variant outbound connection (malware-cnc.rules) * 1:26428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:26444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26445 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler variant outbound connection (malware-cnc.rules) * 1:26448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakesig variant outbound connection (malware-cnc.rules) * 1:26449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules) * 1:26463 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linog.A variant outbound connection (malware-cnc.rules) * 1:26464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linog.A variant outbound connection (malware-cnc.rules) * 1:26467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Magic variant inbound connection (malware-cnc.rules) * 1:26480 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot fake PNG config file download without User-Agent (malware-cnc.rules) * 1:26482 <-> DISABLED <-> MALWARE-CNC Unknown Thinner Encrypted POST botnet C&C (malware-cnc.rules) * 1:26522 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent NOKIAN95/WEB (malware-cnc.rules) * 1:26533 <-> DISABLED <-> MALWARE-CNC Unknown malware - Incorrect headers - Referer HTTP/1.0 (malware-cnc.rules) * 1:26558 <-> DISABLED <-> MALWARE-CNC User-Agent known Malicious user agent Brutus AET (malware-cnc.rules) * 1:26560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - getcomando POST data (malware-cnc.rules) * 1:26561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:26563 <-> DISABLED <-> MALWARE-CNC Harakit botnet traffic (malware-cnc.rules) * 1:26576 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules) * 1:26577 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent Opera 10 (malware-cnc.rules) * 1:26578 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy/FakeAV Checkin with IE6 User-Agent (malware-cnc.rules) * 1:26579 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy/FakeAV Checkin with IE6 User-Agent (malware-cnc.rules) * 1:26604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bydra variant outbound connection (malware-cnc.rules) * 1:26605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bydra variant outbound connection (malware-cnc.rules) * 1:26606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sosork variant outbound connection (malware-cnc.rules) * 1:26607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korlia variant outbound connection (malware-cnc.rules) * 1:26608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rocra variant outbound connection (malware-cnc.rules) * 1:26609 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Dockster variant outbound connection (malware-cnc.rules) * 1:26613 <-> DISABLED <-> MALWARE-CNC Medfos Trojan variant outbound connection (malware-cnc.rules) * 1:26656 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Travnet Botnet data upload (malware-cnc.rules) * 1:26657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz variant outbound connection (malware-cnc.rules) * 1:26677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:26678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:26679 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:26680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:26681 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:26683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shyape variant outbound connection (malware-cnc.rules) * 1:26684 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neshax variant outbound connection (malware-cnc.rules) * 1:26685 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string J13A (malware-cnc.rules) * 1:26686 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alina (malware-cnc.rules) * 1:26690 <-> DISABLED <-> MALWARE-CNC Miniduke server contact (malware-cnc.rules) * 1:26691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UFRStealer variant outbound connection (malware-cnc.rules) * 1:26692 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyremoav variant outbound connection (malware-cnc.rules) * 1:26695 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Namihno variant outbound request (malware-cnc.rules) * 1:26696 <-> DISABLED <-> MALWARE-CNC Cbeplay Ransomware variant outbound connection - Abnormal HTTP Headers (malware-cnc.rules) * 1:26697 <-> DISABLED <-> MALWARE-CNC Cbeplay Ransomware variant outbound connection - POST Body (malware-cnc.rules) * 1:26702 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win (malware-cnc.rules) * 1:26703 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upero variant outbound connection (malware-cnc.rules) * 1:26712 <-> DISABLED <-> MALWARE-CNC Kazy Trojan check-in (malware-cnc.rules) * 1:26713 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 1 outbound traffic (malware-cnc.rules) * 1:26714 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 2 outbound traffic (malware-cnc.rules) * 1:26715 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 3 outbound traffic (malware-cnc.rules) * 1:26719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules) * 1:26720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules) * 1:26721 <-> DISABLED <-> MALWARE-CNC Pushdo Spiral Traffic (malware-cnc.rules) * 1:26722 <-> DISABLED <-> MALWARE-CNC Bancos fake JPG encrypted config file download (malware-cnc.rules) * 1:26723 <-> DISABLED <-> MALWARE-CNC Trojan Downloader7 (malware-cnc.rules) * 1:26725 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc http command (malware-cnc.rules) * 1:26726 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc stop command (malware-cnc.rules) * 1:26727 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc die command (malware-cnc.rules) * 1:26728 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc sleep command (malware-cnc.rules) * 1:26729 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc simple command (malware-cnc.rules) * 1:26730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc loginpost command (malware-cnc.rules) * 1:26731 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc datapost command (malware-cnc.rules) * 1:26732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc syn command (malware-cnc.rules) * 1:26733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udp command (malware-cnc.rules) * 1:26734 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udpdata command (malware-cnc.rules) * 1:26735 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc data command (malware-cnc.rules) * 1:26736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc icmp command (malware-cnc.rules) * 1:26737 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc tcpdata command (malware-cnc.rules) * 1:26738 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dataget command (malware-cnc.rules) * 1:26739 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc connect command (malware-cnc.rules) * 1:26740 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dns command (malware-cnc.rules) * 1:26741 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc exec command (malware-cnc.rules) * 1:26742 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc resolve command (malware-cnc.rules) * 1:26743 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc antiddos command (malware-cnc.rules) * 1:26744 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc range command (malware-cnc.rules) * 1:26745 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc ftp command (malware-cnc.rules) * 1:26746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc download command (malware-cnc.rules) * 1:26747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc fastddos command (malware-cnc.rules) * 1:26748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc slowhttp command (malware-cnc.rules) * 1:26749 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc allhttp command (malware-cnc.rules) * 1:26750 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc full command (malware-cnc.rules) * 1:26751 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - msctls_progress32 (malware-cnc.rules) * 1:26756 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Datcaen variant outbound connection (malware-cnc.rules) * 1:26757 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Datcaen variant outbound connection (malware-cnc.rules) * 1:26758 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elefin variant outbound connection (malware-cnc.rules) * 1:26763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:26770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:26774 <-> DISABLED <-> MALWARE-CNC Win.Worm.Luder variant outbound connection (malware-cnc.rules) * 1:26771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:26776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker variant outbound connection POST (malware-cnc.rules) * 1:26777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:26779 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex encrypted POST check-in (malware-cnc.rules) * 1:26780 <-> DISABLED <-> MALWARE-CNC cridex HTTP Response - default0.js (malware-cnc.rules) * 1:26785 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qrmon variant outbound connection (malware-cnc.rules) * 1:26792 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbula variant outbound connection (malware-cnc.rules) * 1:26793 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbula variant initial CNC contact (malware-cnc.rules) * 1:26809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor.Tomvode variant outbound connection (malware-cnc.rules) * 1:26811 <-> DISABLED <-> MALWARE-CNC XP Fake Antivirus Payment Page Request (malware-cnc.rules) * 1:26812 <-> DISABLED <-> MALWARE-CNC XP Fake Antivirus Check-in (malware-cnc.rules) * 1:26813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato CMS spambot check-in (malware-cnc.rules) * 1:26815 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.KitM variant outbound connection user-agent (malware-cnc.rules) * 1:26816 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.KitM variant outbound connection (malware-cnc.rules) * 1:26818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Zawat variant outbound connection (malware-cnc.rules) * 1:26819 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Datash variant outbound connection (malware-cnc.rules) * 1:26820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Datash variant outbound connection (malware-cnc.rules) * 1:26822 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules) * 1:26828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uperti variant outbound connection (malware-cnc.rules) * 1:26835 <-> DISABLED <-> MALWARE-CNC RDN Banker POST variant outbound connection (malware-cnc.rules) * 1:26836 <-> DISABLED <-> MALWARE-CNC RDN Banker Strange Google Traffic (malware-cnc.rules) * 1:26837 <-> DISABLED <-> MALWARE-CNC BitBot Idle C2 response (malware-cnc.rules) * 1:26840 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (malware-cnc.rules) * 1:26841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (malware-cnc.rules) * 1:26880 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zotob.E gc.exe download (malware-cnc.rules) * 1:26911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules) * 1:26912 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules) * 1:26923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:26924 <-> DISABLED <-> MALWARE-CNC Potential Gozi Trojan HTTP Header Structure (malware-cnc.rules) * 1:26930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules) * 1:26931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules) * 1:26932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules) * 1:26940 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TripleNine RAT beacon (malware-cnc.rules) * 1:26941 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PipCreat RAT dropper download (malware-cnc.rules) * 1:26942 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PipCreat RAT beacon (malware-cnc.rules) * 1:26943 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Post_Show RAT beacon (malware-cnc.rules) * 1:26944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Post_Show RAT beacon (malware-cnc.rules) * 1:26945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bisonal RAT beacon (malware-cnc.rules) * 1:26946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uptime RAT beacon (malware-cnc.rules) * 1:26952 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcim variant outbound connection (malware-cnc.rules) * 1:26954 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Talsab variant outbound connection (malware-cnc.rules) * 1:26955 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Talsab variant outbound connection (malware-cnc.rules) * 1:26965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Facebook Secure Cryptor C2 (malware-cnc.rules) * 1:26966 <-> DISABLED <-> MALWARE-CNC Win32/Autorun.JN variant outbound connection (malware-cnc.rules) * 1:26967 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules) * 1:26968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi Data Theft POST Data (malware-cnc.rules) * 1:26969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi Trojan Data Theft POST URL (malware-cnc.rules) * 1:26970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pirminay variant outbound connection (malware-cnc.rules) * 1:26984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector Info Stealer Trojan variant outbound connection (malware-cnc.rules) * 1:26986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xenil variant outbound connection (malware-cnc.rules) * 1:26987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyvadextr variant outbound connection (malware-cnc.rules) * 1:26995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26997 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Morcut variant outbound connection (malware-cnc.rules) * 1:26998 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Morcut file download (malware-cnc.rules) * 1:26999 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chinoxy variant outbound connection (malware-cnc.rules) * 1:27000 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chinoxy variant outbound connection (malware-cnc.rules) * 1:27002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:27003 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:27007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:27008 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:27010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot payment .scr download (malware-cnc.rules) * 1:27012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant outbound connection (malware-cnc.rules) * 1:27013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant inbound connection (malware-cnc.rules) * 1:27014 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epipenwa variant outbound connection (malware-cnc.rules) * 1:27017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato variant inbound response connection (malware-cnc.rules) * 1:27021 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Layvam variant outbound connection (malware-cnc.rules) * 1:27022 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules) * 1:27023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules) * 1:27033 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Transhell variant outbound connection user-agent (malware-cnc.rules) * 1:27039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.OnlineGameHack variant outbound connection (malware-cnc.rules) * 1:27044 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string pb - Htbot (malware-cnc.rules) * 1:27045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker Download (malware-cnc.rules) * 1:27049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dokstormac variant outbound connection (malware-cnc.rules) * 1:27054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant outbound connection (malware-cnc.rules) * 1:27058 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.HackBack variant outbound connection (malware-cnc.rules) * 1:27093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules) * 1:27120 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:27169 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atezag variant outbound connection (malware-cnc.rules) * 1:27199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meredrop variant outbound connection GET Request (malware-cnc.rules) * 1:27200 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meredrop variant outbound connection POST Request (malware-cnc.rules) * 1:27201 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neurevt variant outbound connection (malware-cnc.rules) * 1:27248 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue - Mozi1la User-Agent (malware-cnc.rules) * 1:27252 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess 111-byte URL variant outbound connection (malware-cnc.rules) * 1:27256 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik Drive-by Download Malware (malware-cnc.rules) * 1:27257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptic 7-byte URI Invalid Firefox Headers - no Accept-Language (malware-cnc.rules) * 1:27260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Java.Agent.NFK variant connection (malware-cnc.rules) * 1:27263 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - yahoonews (malware-cnc.rules) * 1:27533 <-> DISABLED <-> MALWARE-CNC Potential Win.Trojan.Kraziomel Download - 000.jpg (malware-cnc.rules) * 1:27551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorapu variant outbound connection (malware-cnc.rules) * 1:27558 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bezigate variant outbound connection (malware-cnc.rules) * 1:27567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix malicious download request (malware-cnc.rules) * 1:27577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:27596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redyms variant outbound connection (malware-cnc.rules) * 1:27599 <-> DISABLED <-> MALWARE-CNC Fort Disco Registration variant outbound connection (malware-cnc.rules) * 1:27600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nawpers variant connection (malware-cnc.rules) * 1:27629 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules) * 1:27630 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules) * 1:27631 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules) * 1:25553 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (malware-cnc.rules) * 1:25551 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dipasik variant outbound connection (malware-cnc.rules) * 1:27640 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chekafe variant connection (malware-cnc.rules) * 1:27641 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meilat variant connection (malware-cnc.rules) * 1:27642 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downbot variant connection (malware-cnc.rules) * 1:27643 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Betabot variant connection (malware-cnc.rules) * 1:27644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Merong variant connection (malware-cnc.rules) * 1:27645 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Binjo variant outbound connection (malware-cnc.rules) * 1:27647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nelaja variant outbound connection (malware-cnc.rules) * 1:27648 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker.ZSL variant outbound connection (malware-cnc.rules) * 1:27649 <-> DISABLED <-> MALWARE-CNC Brazilian Banking Trojan data theft (malware-cnc.rules) * 1:27655 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Enchanim variant connection (malware-cnc.rules) * 1:27659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gapz variant connection (malware-cnc.rules) * 1:27660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reabfrus variant connection (malware-cnc.rules) * 1:27661 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reabfrus variant connection (malware-cnc.rules) * 1:27662 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Galfun variant outbound connection (malware-cnc.rules) * 1:27664 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules) * 1:27665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules) * 1:27670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.evf variant connection (malware-cnc.rules) * 1:27678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Goolelo variant connection (malware-cnc.rules) * 1:27679 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules) * 1:27680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess variant outbound connection (malware-cnc.rules) * 1:27699 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tartober variant connection (malware-cnc.rules) * 1:27709 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string umbra (malware-cnc.rules) * 1:27710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string IExplore (malware-cnc.rules) * 1:27711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant outbound connection (malware-cnc.rules) * 1:27720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kolok variant connection (malware-cnc.rules) * 1:27726 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules) * 1:27727 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules) * 1:27728 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules) * 1:27737 <-> DISABLED <-> MALWARE-CNC DNS suspicious .c0m.li dns query (malware-cnc.rules) * 1:27746 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Hanthie variant outbound connection (malware-cnc.rules) * 1:27747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banechant outbound variant connection (malware-cnc.rules) * 1:27759 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Treizt variant connection (malware-cnc.rules) * 1:27774 <-> DISABLED <-> MALWARE-CNC RDN Banker Data Exfiltration (malware-cnc.rules) * 1:27775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:27802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PRISM variant outbound connection (malware-cnc.rules) * 1:27803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PRISM variant outbound connection (malware-cnc.rules) * 1:27805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bisonha variant outbound connection (malware-cnc.rules) * 1:27806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retruse variant connection (malware-cnc.rules) * 1:27811 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mindweq variant connection (malware-cnc.rules) * 1:27817 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenavt connection (malware-cnc.rules) * 1:27864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinowal variant connection (malware-cnc.rules) * 1:27867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper outbound connection (malware-cnc.rules) * 1:27868 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - dt12012 (malware-cnc.rules) * 1:27905 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helauto variant connection (malware-cnc.rules) * 1:27918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:27919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus encrypted POST Data exfiltration (malware-cnc.rules) * 1:27939 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Galock variant connection (malware-cnc.rules) * 1:27955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mevade variant outbound connection (malware-cnc.rules) * 1:27963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lolbot variant outbound connection (malware-cnc.rules) * 1:27964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules) * 1:27965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eupuds variant connection (malware-cnc.rules) * 1:27966 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:27968 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:27969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Updays variant connection (malware-cnc.rules) * 1:27970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus dropper variant connection (malware-cnc.rules) * 1:27980 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /botnet/adduser.php?uid= (malware-cnc.rules) * 1:27981 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /botnet/tasks.php?uid= (malware-cnc.rules) * 1:28005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz outbound command (malware-cnc.rules) * 1:28007 <-> DISABLED <-> MALWARE-CNC BLYPT installer startupkey outbound traffic (malware-cnc.rules) * 1:28008 <-> DISABLED <-> MALWARE-CNC BLYPT installer reuse outbound traffic (malware-cnc.rules) * 1:28009 <-> DISABLED <-> MALWARE-CNC BLYPT installer configkey outbound traffic (malware-cnc.rules) * 1:28010 <-> DISABLED <-> MALWARE-CNC BLYPT installer tserror outbound traffic (malware-cnc.rules) * 1:28011 <-> DISABLED <-> MALWARE-CNC BLYPT installer createproc outbound traffic (malware-cnc.rules) * 1:28012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:28033 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Urausy variant outbound connection (malware-cnc.rules) * 1:28040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules) * 1:28042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Caphaw variant outbound connection (malware-cnc.rules) * 1:28044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker variant connection (malware-cnc.rules) * 1:28045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBKrypt variant connection (malware-cnc.rules) * 1:28072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Omexo outbound connection (malware-cnc.rules) * 1:28073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32.Kimsuky variant file stealing (malware-cnc.rules) * 1:28074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ADKR connection (malware-cnc.rules) * 1:28075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.gzfw connection (malware-cnc.rules) * 1:28079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar variant outbound connection (malware-cnc.rules) * 1:28080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar data theft (malware-cnc.rules) * 1:28084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant connection (malware-cnc.rules) * 1:28094 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Liteol variant connection (malware-cnc.rules) * 1:28095 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Liteol variant connection (malware-cnc.rules) * 1:28096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spynet variant connection (malware-cnc.rules) * 1:27633 <-> DISABLED <-> MALWARE-CNC Worm.Silly variant outbound connection (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:55931 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant outbound connection attempt (malware-cnc.rules) * 1:55929 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9774504-0 download attempt (malware-other.rules) * 1:55930 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9774504-0 download attempt (malware-other.rules) * 1:55932 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic malicious RemoteConstructor deserialization attempt (server-other.rules) * 1:55933 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic malicious RemoteConstructor deserialization attempt (server-other.rules)
* 1:28859 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent z00sAgent - Win.Trojan.Zbot (malware-cnc.rules) * 1:28860 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Nitedrem (malware-cnc.rules) * 1:28861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Roxfora variant outbound connection (malware-cnc.rules) * 1:28864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tofsee variant outbound connection (malware-cnc.rules) * 1:28886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:28914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Anony variant connection (malware-cnc.rules) * 1:28918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant network connectivity check (malware-cnc.rules) * 1:28919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant network connectivity check (malware-cnc.rules) * 1:28930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeav variant outbound data connection (malware-cnc.rules) * 1:28940 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix malicious download (malware-cnc.rules) * 1:28947 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tapaoux variant connection (malware-cnc.rules) * 1:28948 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishlog variant outbound connection (malware-cnc.rules) * 1:28949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishlog variant outbound connection (malware-cnc.rules) * 1:28958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jussuc variant outbound connection (malware-cnc.rules) * 1:28960 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alurewo outbound connection (malware-cnc.rules) * 1:48157 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:28561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plugx outbound connection (malware-cnc.rules) * 1:28558 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string getURLdown (malware-cnc.rules) * 1:28107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload download (malware-cnc.rules) * 1:28285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.hdog connectivity check-in version 2 (malware-cnc.rules) * 1:28599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Lesirt variant outbound connection (malware-cnc.rules) * 1:28418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Dtcontx outbound connection (malware-cnc.rules) * 1:28543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules) * 1:28209 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules) * 1:28444 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CBgate variant outbound connection (malware-cnc.rules) * 1:28122 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /index.htm GET Encrypted Payload (malware-cnc.rules) * 1:28606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Surtr variant connection (malware-cnc.rules) * 1:28560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plugx FTP keepalive outbound connection (malware-cnc.rules) * 1:28803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector inbound connection (malware-cnc.rules) * 1:28553 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /main.htm GET Encrypted Payload (malware-cnc.rules) * 1:28141 <-> DISABLED <-> MALWARE-CNC Win.Trojan.banker outbound connection (malware-cnc.rules) * 1:28234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hdslogger outbound connection (malware-cnc.rules) * 1:28538 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox/Kuluoz variant connection (malware-cnc.rules) * 1:28244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phrovon outbound connection (malware-cnc.rules) * 1:28604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kasnam variant connection (malware-cnc.rules) * 1:28411 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner variant outbound connection (malware-cnc.rules) * 1:28562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sidopa variant outbound connection (malware-cnc.rules) * 1:28155 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - MSIE 7.2 (malware-cnc.rules) * 1:28484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delpbank variant outbound connection (malware-cnc.rules) * 1:28802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos outbound connection (malware-cnc.rules) * 1:28808 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Ptiger variant outbound connection (malware-cnc.rules) * 1:28724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent outbound connection (malware-cnc.rules) * 1:28143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos outbound connection (malware-cnc.rules) * 1:28804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector outbound connection (malware-cnc.rules) * 1:28114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /default.htm GET Encrypted Payload (malware-cnc.rules) * 1:28366 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Venik variant outbound connection (malware-cnc.rules) * 1:28807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules) * 1:28116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /home.htm GET Encrypted Payload (malware-cnc.rules) * 1:28326 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zuza variant outbound connection (malware-cnc.rules) * 1:28485 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Khalog variant outbound connection (malware-cnc.rules) * 1:28809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil inbound connection (malware-cnc.rules) * 1:28805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Palevo outbound connection (malware-cnc.rules) * 1:28541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess Download Headers (malware-cnc.rules) * 1:28144 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32.Wpbrutebot variant connection (malware-cnc.rules) * 1:28147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules) * 1:28551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NXI ftp username connection (malware-cnc.rules) * 1:28120 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /start.htm GET Encrypted Payload (malware-cnc.rules) * 1:28463 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AllAple Variant ICMP flood (malware-cnc.rules) * 1:28362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string SUiCiDE/1.5 (malware-cnc.rules) * 1:28419 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tesch variant outbound connection (malware-cnc.rules) * 1:28528 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (malware-cnc.rules) * 1:28416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker outbound connection (malware-cnc.rules) * 1:28146 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Salgorea variant connection (malware-cnc.rules) * 1:28300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant connection (malware-cnc.rules) * 1:28814 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi/Neverquest variant outbound connection (malware-cnc.rules) * 1:28242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KanKan variant connection (malware-cnc.rules) * 1:28148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mevade variant outbound connection (malware-cnc.rules) * 1:28548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.chfx variant outbound connection (malware-cnc.rules) * 1:28154 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - MSIE 7.1 (malware-cnc.rules) * 1:28192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz Potential Phishing URL (malware-cnc.rules) * 1:28255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz Potential phishing URL (malware-cnc.rules) * 1:28325 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zuza variant outbound connection (malware-cnc.rules) * 1:28559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules) * 1:28153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - /html2/ (malware-cnc.rules) * 1:28563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pkdesco variant outbound connection (malware-cnc.rules) * 1:28254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perl.Shellbot variant outbound connection (malware-cnc.rules) * 1:28405 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:28565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sluegot variant connection (malware-cnc.rules) * 1:28813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ufraie variant outbound connection (malware-cnc.rules) * 1:28815 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi/Neverquest variant outbound connection (malware-cnc.rules) * 1:28564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pkdesco variant outbound connection (malware-cnc.rules) * 1:28166 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bifrose variant connection (malware-cnc.rules) * 1:28373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mutopy variant outbound connection (malware-cnc.rules) * 1:28212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bitsto variant connection (malware-cnc.rules) * 1:28328 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Hupigon variant outbound connection (malware-cnc.rules) * 1:28800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (malware-cnc.rules) * 1:28123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /setup.htm GET Encrypted Payload (malware-cnc.rules) * 1:28852 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules) * 1:28115 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /file.htm GET Encrypted Payload (malware-cnc.rules) * 1:28105 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:28097 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ohlat variant connection (malware-cnc.rules) * 1:28857 <-> DISABLED <-> MALWARE-CNC Adwind UNRECOM connnection back to cnc server (malware-cnc.rules) * 1:28117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /install.htm GET Encrypted Payload (malware-cnc.rules) * 1:28820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:28856 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yowdab variant connection (malware-cnc.rules) * 1:28853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dipverdle variant outbound connection (malware-cnc.rules) * 1:28816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Siluhdur variant outbound connection (malware-cnc.rules) * 1:28858 <-> DISABLED <-> MALWARE-CNC Adwind UNRECOM connnection back to cnc server (malware-cnc.rules) * 1:27640 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chekafe variant connection (malware-cnc.rules) * 1:28119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /search.htm GET Encrypted Payload (malware-cnc.rules) * 1:28216 <-> DISABLED <-> MALWARE-CNC known malware FTP login (malware-cnc.rules) * 1:28486 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Codiltak variant outbound connection (malware-cnc.rules) * 1:28446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant SQL check-in (malware-cnc.rules) * 1:28399 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Tsunami outbound connection (malware-cnc.rules) * 1:28415 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:28121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /welcome.htm GET Encrypted Payload (malware-cnc.rules) * 1:28239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tuxido outbound connection (malware-cnc.rules) * 1:28554 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /online.htm GET Encrypted Payload (malware-cnc.rules) * 1:28547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:28607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:28118 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /login.htm GET Encrypted Payload (malware-cnc.rules) * 1:28810 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection - MSIE7 No Referer No Cookie (malware-cnc.rules) * 1:28529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (malware-cnc.rules) * 1:28323 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:28250 <-> DISABLED <-> MALWARE-CNC Security Cleaner Pro Install Confirmation (malware-cnc.rules) * 1:28211 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules) * 1:28542 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules) * 1:28605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kasnam variant connection (malware-cnc.rules) * 1:28417 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Molgomsg variant outbound connection (malware-cnc.rules) * 1:28230 <-> DISABLED <-> MALWARE-CNC Boot.Bootroot Variant data upload (malware-cnc.rules) * 1:28125 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant connection (malware-cnc.rules) * 1:28247 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules) * 1:28210 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules) * 1:28134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant connection (malware-cnc.rules) * 1:28406 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:28410 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner variant outbound connection (malware-cnc.rules) * 1:28799 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mxtcycle variant outbound connection (malware-cnc.rules) * 1:27709 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string umbra (malware-cnc.rules) * 1:26319 <-> DISABLED <-> MALWARE-CNC file path used as User-Agent - potential Trojan (malware-cnc.rules) * 1:25671 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25672 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound connection (malware-cnc.rules) * 1:25673 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.QQDragon variant outbound connection (malware-cnc.rules) * 1:25674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shimwoc variant outbound connection (malware-cnc.rules) * 1:25675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeavlock variant outbound connection (malware-cnc.rules) * 1:25765 <-> DISABLED <-> MALWARE-CNC Trojan Agent YEH variant outbound connection (malware-cnc.rules) * 1:25766 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:25807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Urausy Botnet variant outbound connection (malware-cnc.rules) * 1:25829 <-> DISABLED <-> MALWARE-CNC Trojan Banker FTC variant outbound connection (malware-cnc.rules) * 1:25854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection - MSIE7 No Referer No Cookie (malware-cnc.rules) * 1:25863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.QBundle variant outbound connection (malware-cnc.rules) * 1:25865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boolflot variant outbound connection (malware-cnc.rules) * 1:25974 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lukprofin variant outbound connection (malware-cnc.rules) * 1:25979 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lukprofin variant outbound connection (malware-cnc.rules) * 1:25980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pass (malware-cnc.rules) * 1:25987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upof variant outbound connection (malware-cnc.rules) * 1:25990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (malware-cnc.rules) * 1:25991 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (malware-cnc.rules) * 1:25992 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules) * 1:25993 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules) * 1:25994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reswor variant outbound connection (malware-cnc.rules) * 1:26010 <-> DISABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules) * 1:26011 <-> DISABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules) * 1:26019 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bredo variant outbound connection (malware-cnc.rules) * 1:26023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant in.php outbound connection (malware-cnc.rules) * 1:26024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wecod variant outbound connection (malware-cnc.rules) * 1:26072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locati variant outbound connection (malware-cnc.rules) * 1:26075 <-> DISABLED <-> MALWARE-CNC Bancos variant outbound connection SQL query POST data (malware-cnc.rules) * 1:26086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Exicon variant outbound connection (malware-cnc.rules) * 1:26088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Encriyoko variant outbound connection (malware-cnc.rules) * 1:26106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:26115 <-> DISABLED <-> MALWARE-CNC NSIS.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26116 <-> DISABLED <-> MALWARE-CNC NSIS.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarctox variant outbound connection (malware-cnc.rules) * 1:26118 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26202 <-> DISABLED <-> MALWARE-CNC VBS.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gupd variant outbound connection (malware-cnc.rules) * 1:26204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malex variant outbound connection (malware-cnc.rules) * 1:26211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eldorado variant outbound connection (malware-cnc.rules) * 1:26238 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Snopexy variant outbound connection (malware-cnc.rules) * 1:26239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stehlox variant outbound connection (malware-cnc.rules) * 1:26240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vkeikooc variant outbound connection (malware-cnc.rules) * 1:26244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Troll variant outbound connection (malware-cnc.rules) * 1:26245 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:26248 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent cibabam (malware-cnc.rules) * 1:26249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Sonide variant outbound connection (malware-cnc.rules) * 1:26260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Vectmp variant outbound connection (malware-cnc.rules) * 1:26266 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26267 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Surok variant outbound connection (malware-cnc.rules) * 1:26285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Garveep variant outbound connection (malware-cnc.rules) * 1:26288 <-> DISABLED <-> MALWARE-CNC Brontok Worm variant outbound connection (malware-cnc.rules) * 1:26289 <-> DISABLED <-> MALWARE-CNC Daws Trojan Outbound Plaintext over SSL Port (malware-cnc.rules) * 1:28106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload information upload (malware-cnc.rules) * 1:27641 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meilat variant connection (malware-cnc.rules) * 1:27642 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downbot variant connection (malware-cnc.rules) * 1:27643 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Betabot variant connection (malware-cnc.rules) * 1:27644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Merong variant connection (malware-cnc.rules) * 1:27645 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Binjo variant outbound connection (malware-cnc.rules) * 1:27647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nelaja variant outbound connection (malware-cnc.rules) * 1:27648 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker.ZSL variant outbound connection (malware-cnc.rules) * 1:27649 <-> DISABLED <-> MALWARE-CNC Brazilian Banking Trojan data theft (malware-cnc.rules) * 1:27655 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Enchanim variant connection (malware-cnc.rules) * 1:27659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gapz variant connection (malware-cnc.rules) * 1:27660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reabfrus variant connection (malware-cnc.rules) * 1:27661 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reabfrus variant connection (malware-cnc.rules) * 1:27662 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Galfun variant outbound connection (malware-cnc.rules) * 1:27664 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules) * 1:27665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules) * 1:27670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.evf variant connection (malware-cnc.rules) * 1:27678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Goolelo variant connection (malware-cnc.rules) * 1:27679 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules) * 1:27680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess variant outbound connection (malware-cnc.rules) * 1:27699 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tartober variant connection (malware-cnc.rules) * 1:27710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string IExplore (malware-cnc.rules) * 1:27711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant outbound connection (malware-cnc.rules) * 1:27720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kolok variant connection (malware-cnc.rules) * 1:27726 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules) * 1:27727 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules) * 1:27728 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules) * 1:27737 <-> DISABLED <-> MALWARE-CNC DNS suspicious .c0m.li dns query (malware-cnc.rules) * 1:27746 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Hanthie variant outbound connection (malware-cnc.rules) * 1:27747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banechant outbound variant connection (malware-cnc.rules) * 1:27759 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Treizt variant connection (malware-cnc.rules) * 1:27774 <-> DISABLED <-> MALWARE-CNC RDN Banker Data Exfiltration (malware-cnc.rules) * 1:27775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:27802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PRISM variant outbound connection (malware-cnc.rules) * 1:27803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PRISM variant outbound connection (malware-cnc.rules) * 1:27805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bisonha variant outbound connection (malware-cnc.rules) * 1:27806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retruse variant connection (malware-cnc.rules) * 1:27811 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mindweq variant connection (malware-cnc.rules) * 1:27817 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenavt connection (malware-cnc.rules) * 1:27864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinowal variant connection (malware-cnc.rules) * 1:27867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper outbound connection (malware-cnc.rules) * 1:27868 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - dt12012 (malware-cnc.rules) * 1:27905 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helauto variant connection (malware-cnc.rules) * 1:27918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:27919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus encrypted POST Data exfiltration (malware-cnc.rules) * 1:27939 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Galock variant connection (malware-cnc.rules) * 1:27955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mevade variant outbound connection (malware-cnc.rules) * 1:27963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lolbot variant outbound connection (malware-cnc.rules) * 1:27964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules) * 1:27965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eupuds variant connection (malware-cnc.rules) * 1:27966 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:27968 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:27969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Updays variant connection (malware-cnc.rules) * 1:27970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus dropper variant connection (malware-cnc.rules) * 1:27980 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /botnet/adduser.php?uid= (malware-cnc.rules) * 1:27981 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /botnet/tasks.php?uid= (malware-cnc.rules) * 1:28005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz outbound command (malware-cnc.rules) * 1:28007 <-> DISABLED <-> MALWARE-CNC BLYPT installer startupkey outbound traffic (malware-cnc.rules) * 1:28008 <-> DISABLED <-> MALWARE-CNC BLYPT installer reuse outbound traffic (malware-cnc.rules) * 1:28009 <-> DISABLED <-> MALWARE-CNC BLYPT installer configkey outbound traffic (malware-cnc.rules) * 1:28010 <-> DISABLED <-> MALWARE-CNC BLYPT installer tserror outbound traffic (malware-cnc.rules) * 1:28011 <-> DISABLED <-> MALWARE-CNC BLYPT installer createproc outbound traffic (malware-cnc.rules) * 1:28012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:28033 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Urausy variant outbound connection (malware-cnc.rules) * 1:28040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules) * 1:28042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Caphaw variant outbound connection (malware-cnc.rules) * 1:28044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker variant connection (malware-cnc.rules) * 1:28045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBKrypt variant connection (malware-cnc.rules) * 1:28072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Omexo outbound connection (malware-cnc.rules) * 1:28073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32.Kimsuky variant file stealing (malware-cnc.rules) * 1:28074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ADKR connection (malware-cnc.rules) * 1:28075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.gzfw connection (malware-cnc.rules) * 1:28079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar variant outbound connection (malware-cnc.rules) * 1:28080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar data theft (malware-cnc.rules) * 1:28084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant connection (malware-cnc.rules) * 1:28094 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Liteol variant connection (malware-cnc.rules) * 1:28095 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Liteol variant connection (malware-cnc.rules) * 1:28096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spynet variant connection (malware-cnc.rules) * 1:26777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:27639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epipenwa variant connection (malware-cnc.rules) * 1:25547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules) * 1:25551 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dipasik variant outbound connection (malware-cnc.rules) * 1:25553 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (malware-cnc.rules) * 1:25570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medialabs variant outbound connection (malware-cnc.rules) * 1:25571 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medialabs variant outbound connection (malware-cnc.rules) * 1:25572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut variant outbound connection (malware-cnc.rules) * 1:25577 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Necurs possible URI with encrypted POST (malware-cnc.rules) * 1:25599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gupboot variant outbound connection (malware-cnc.rules) * 1:25600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dilavtor variant outbound connection (malware-cnc.rules) * 1:25609 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:25610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mofsmall variant outbound connection (malware-cnc.rules) * 1:25623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jimpime variant outbound connection (malware-cnc.rules) * 1:25625 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Daws variant outbound connection (malware-cnc.rules) * 1:25626 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:25628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant connect to cnc-server (malware-cnc.rules) * 1:25632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Golisy variant outbound connection (malware-cnc.rules) * 1:25652 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptic variant outbound connection (malware-cnc.rules) * 1:25660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules) * 1:25661 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules) * 1:25662 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chowspy variant outbound connection (malware-cnc.rules) * 1:25663 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rimod variant outbound connection (malware-cnc.rules) * 1:25665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sycomder variant outbound connection (malware-cnc.rules) * 1:25666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25667 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nflog variant outbound connection (malware-cnc.rules) * 1:25668 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nflog variant outbound connection (malware-cnc.rules) * 1:25669 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Selasloot variant outbound connection (malware-cnc.rules) * 1:26201 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lobparck variant outbound connection (malware-cnc.rules) * 1:26325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:26327 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Flashfake variant outbound connection (malware-cnc.rules) * 1:26331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qhost variant outbound connection (malware-cnc.rules) * 1:26335 <-> DISABLED <-> MALWARE-CNC FBI Ransom Trojan variant outbound connection (malware-cnc.rules) * 1:26370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - ksa.txt (malware-cnc.rules) * 1:26371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - op POST (malware-cnc.rules) * 1:26398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue variant outbound connection (malware-cnc.rules) * 1:26428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:26444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26445 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler variant outbound connection (malware-cnc.rules) * 1:26448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakesig variant outbound connection (malware-cnc.rules) * 1:26449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules) * 1:26463 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linog.A variant outbound connection (malware-cnc.rules) * 1:26464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linog.A variant outbound connection (malware-cnc.rules) * 1:26467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Magic variant inbound connection (malware-cnc.rules) * 1:26480 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot fake PNG config file download without User-Agent (malware-cnc.rules) * 1:26482 <-> DISABLED <-> MALWARE-CNC Unknown Thinner Encrypted POST botnet C&C (malware-cnc.rules) * 1:26522 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent NOKIAN95/WEB (malware-cnc.rules) * 1:26533 <-> DISABLED <-> MALWARE-CNC Unknown malware - Incorrect headers - Referer HTTP/1.0 (malware-cnc.rules) * 1:26558 <-> DISABLED <-> MALWARE-CNC User-Agent known Malicious user agent Brutus AET (malware-cnc.rules) * 1:26560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - getcomando POST data (malware-cnc.rules) * 1:26561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:26563 <-> DISABLED <-> MALWARE-CNC Harakit botnet traffic (malware-cnc.rules) * 1:26576 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules) * 1:26577 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent Opera 10 (malware-cnc.rules) * 1:26578 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy/FakeAV Checkin with IE6 User-Agent (malware-cnc.rules) * 1:26579 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy/FakeAV Checkin with IE6 User-Agent (malware-cnc.rules) * 1:26604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bydra variant outbound connection (malware-cnc.rules) * 1:26605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bydra variant outbound connection (malware-cnc.rules) * 1:26606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sosork variant outbound connection (malware-cnc.rules) * 1:26607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korlia variant outbound connection (malware-cnc.rules) * 1:26608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rocra variant outbound connection (malware-cnc.rules) * 1:26609 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Dockster variant outbound connection (malware-cnc.rules) * 1:26613 <-> DISABLED <-> MALWARE-CNC Medfos Trojan variant outbound connection (malware-cnc.rules) * 1:26656 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Travnet Botnet data upload (malware-cnc.rules) * 1:26657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz variant outbound connection (malware-cnc.rules) * 1:26677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:26678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:26679 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:26680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:26681 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:26683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shyape variant outbound connection (malware-cnc.rules) * 1:26684 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neshax variant outbound connection (malware-cnc.rules) * 1:26685 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string J13A (malware-cnc.rules) * 1:26686 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alina (malware-cnc.rules) * 1:26690 <-> DISABLED <-> MALWARE-CNC Miniduke server contact (malware-cnc.rules) * 1:26691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UFRStealer variant outbound connection (malware-cnc.rules) * 1:26692 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyremoav variant outbound connection (malware-cnc.rules) * 1:26695 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Namihno variant outbound request (malware-cnc.rules) * 1:26696 <-> DISABLED <-> MALWARE-CNC Cbeplay Ransomware variant outbound connection - Abnormal HTTP Headers (malware-cnc.rules) * 1:26697 <-> DISABLED <-> MALWARE-CNC Cbeplay Ransomware variant outbound connection - POST Body (malware-cnc.rules) * 1:26702 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win (malware-cnc.rules) * 1:26703 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upero variant outbound connection (malware-cnc.rules) * 1:26712 <-> DISABLED <-> MALWARE-CNC Kazy Trojan check-in (malware-cnc.rules) * 1:26713 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 1 outbound traffic (malware-cnc.rules) * 1:26714 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 2 outbound traffic (malware-cnc.rules) * 1:26715 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 3 outbound traffic (malware-cnc.rules) * 1:26719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules) * 1:26720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules) * 1:26721 <-> DISABLED <-> MALWARE-CNC Pushdo Spiral Traffic (malware-cnc.rules) * 1:26722 <-> DISABLED <-> MALWARE-CNC Bancos fake JPG encrypted config file download (malware-cnc.rules) * 1:26723 <-> DISABLED <-> MALWARE-CNC Trojan Downloader7 (malware-cnc.rules) * 1:26725 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc http command (malware-cnc.rules) * 1:26726 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc stop command (malware-cnc.rules) * 1:26727 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc die command (malware-cnc.rules) * 1:26728 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc sleep command (malware-cnc.rules) * 1:26729 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc simple command (malware-cnc.rules) * 1:26730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc loginpost command (malware-cnc.rules) * 1:26731 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc datapost command (malware-cnc.rules) * 1:26732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc syn command (malware-cnc.rules) * 1:26733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udp command (malware-cnc.rules) * 1:26734 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udpdata command (malware-cnc.rules) * 1:26735 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc data command (malware-cnc.rules) * 1:26736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc icmp command (malware-cnc.rules) * 1:26737 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc tcpdata command (malware-cnc.rules) * 1:26738 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dataget command (malware-cnc.rules) * 1:26739 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc connect command (malware-cnc.rules) * 1:26740 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dns command (malware-cnc.rules) * 1:26741 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc exec command (malware-cnc.rules) * 1:26742 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc resolve command (malware-cnc.rules) * 1:26743 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc antiddos command (malware-cnc.rules) * 1:26744 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc range command (malware-cnc.rules) * 1:26745 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc ftp command (malware-cnc.rules) * 1:26746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc download command (malware-cnc.rules) * 1:26747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc fastddos command (malware-cnc.rules) * 1:26748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc slowhttp command (malware-cnc.rules) * 1:26749 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc allhttp command (malware-cnc.rules) * 1:26750 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc full command (malware-cnc.rules) * 1:26751 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - msctls_progress32 (malware-cnc.rules) * 1:26756 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Datcaen variant outbound connection (malware-cnc.rules) * 1:26757 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Datcaen variant outbound connection (malware-cnc.rules) * 1:26758 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elefin variant outbound connection (malware-cnc.rules) * 1:26763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:26770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:26771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:26774 <-> DISABLED <-> MALWARE-CNC Win.Worm.Luder variant outbound connection (malware-cnc.rules) * 1:26775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker variant outbound connection HTTP Header Structure (malware-cnc.rules) * 1:26779 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex encrypted POST check-in (malware-cnc.rules) * 1:26776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker variant outbound connection POST (malware-cnc.rules) * 1:26780 <-> DISABLED <-> MALWARE-CNC cridex HTTP Response - default0.js (malware-cnc.rules) * 1:26785 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qrmon variant outbound connection (malware-cnc.rules) * 1:26792 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbula variant outbound connection (malware-cnc.rules) * 1:26793 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbula variant initial CNC contact (malware-cnc.rules) * 1:26809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor.Tomvode variant outbound connection (malware-cnc.rules) * 1:26811 <-> DISABLED <-> MALWARE-CNC XP Fake Antivirus Payment Page Request (malware-cnc.rules) * 1:26812 <-> DISABLED <-> MALWARE-CNC XP Fake Antivirus Check-in (malware-cnc.rules) * 1:26813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato CMS spambot check-in (malware-cnc.rules) * 1:26815 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.KitM variant outbound connection user-agent (malware-cnc.rules) * 1:26816 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.KitM variant outbound connection (malware-cnc.rules) * 1:26818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Zawat variant outbound connection (malware-cnc.rules) * 1:26819 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Datash variant outbound connection (malware-cnc.rules) * 1:26820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Datash variant outbound connection (malware-cnc.rules) * 1:26822 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules) * 1:26828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uperti variant outbound connection (malware-cnc.rules) * 1:26835 <-> DISABLED <-> MALWARE-CNC RDN Banker POST variant outbound connection (malware-cnc.rules) * 1:26836 <-> DISABLED <-> MALWARE-CNC RDN Banker Strange Google Traffic (malware-cnc.rules) * 1:26837 <-> DISABLED <-> MALWARE-CNC BitBot Idle C2 response (malware-cnc.rules) * 1:26840 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (malware-cnc.rules) * 1:26841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (malware-cnc.rules) * 1:26880 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zotob.E gc.exe download (malware-cnc.rules) * 1:26911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules) * 1:26912 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules) * 1:26923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:26924 <-> DISABLED <-> MALWARE-CNC Potential Gozi Trojan HTTP Header Structure (malware-cnc.rules) * 1:26930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules) * 1:26931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules) * 1:26932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules) * 1:26940 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TripleNine RAT beacon (malware-cnc.rules) * 1:26941 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PipCreat RAT dropper download (malware-cnc.rules) * 1:26942 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PipCreat RAT beacon (malware-cnc.rules) * 1:26943 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Post_Show RAT beacon (malware-cnc.rules) * 1:26944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Post_Show RAT beacon (malware-cnc.rules) * 1:26945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bisonal RAT beacon (malware-cnc.rules) * 1:26946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uptime RAT beacon (malware-cnc.rules) * 1:26952 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcim variant outbound connection (malware-cnc.rules) * 1:26954 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Talsab variant outbound connection (malware-cnc.rules) * 1:26955 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Talsab variant outbound connection (malware-cnc.rules) * 1:26965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Facebook Secure Cryptor C2 (malware-cnc.rules) * 1:26966 <-> DISABLED <-> MALWARE-CNC Win32/Autorun.JN variant outbound connection (malware-cnc.rules) * 1:26967 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules) * 1:26968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi Data Theft POST Data (malware-cnc.rules) * 1:26969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi Trojan Data Theft POST URL (malware-cnc.rules) * 1:26970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pirminay variant outbound connection (malware-cnc.rules) * 1:26984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector Info Stealer Trojan variant outbound connection (malware-cnc.rules) * 1:26986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xenil variant outbound connection (malware-cnc.rules) * 1:26987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyvadextr variant outbound connection (malware-cnc.rules) * 1:26995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26997 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Morcut variant outbound connection (malware-cnc.rules) * 1:26998 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Morcut file download (malware-cnc.rules) * 1:26999 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chinoxy variant outbound connection (malware-cnc.rules) * 1:27000 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chinoxy variant outbound connection (malware-cnc.rules) * 1:27002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:27003 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:27007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:27008 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:27010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot payment .scr download (malware-cnc.rules) * 1:27012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant outbound connection (malware-cnc.rules) * 1:27013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant inbound connection (malware-cnc.rules) * 1:27014 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epipenwa variant outbound connection (malware-cnc.rules) * 1:27017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato variant inbound response connection (malware-cnc.rules) * 1:27021 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Layvam variant outbound connection (malware-cnc.rules) * 1:27022 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules) * 1:27023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules) * 1:27033 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Transhell variant outbound connection user-agent (malware-cnc.rules) * 1:27039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.OnlineGameHack variant outbound connection (malware-cnc.rules) * 1:27044 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string pb - Htbot (malware-cnc.rules) * 1:27045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker Download (malware-cnc.rules) * 1:27049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dokstormac variant outbound connection (malware-cnc.rules) * 1:27054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant outbound connection (malware-cnc.rules) * 1:27058 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.HackBack variant outbound connection (malware-cnc.rules) * 1:27093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules) * 1:27120 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:27169 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atezag variant outbound connection (malware-cnc.rules) * 1:27199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meredrop variant outbound connection GET Request (malware-cnc.rules) * 1:27200 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meredrop variant outbound connection POST Request (malware-cnc.rules) * 1:27201 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neurevt variant outbound connection (malware-cnc.rules) * 1:27248 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue - Mozi1la User-Agent (malware-cnc.rules) * 1:27252 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess 111-byte URL variant outbound connection (malware-cnc.rules) * 1:27256 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik Drive-by Download Malware (malware-cnc.rules) * 1:27257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptic 7-byte URI Invalid Firefox Headers - no Accept-Language (malware-cnc.rules) * 1:27260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Java.Agent.NFK variant connection (malware-cnc.rules) * 1:27263 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - yahoonews (malware-cnc.rules) * 1:27533 <-> DISABLED <-> MALWARE-CNC Potential Win.Trojan.Kraziomel Download - 000.jpg (malware-cnc.rules) * 1:27551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorapu variant outbound connection (malware-cnc.rules) * 1:27558 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bezigate variant outbound connection (malware-cnc.rules) * 1:27567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix malicious download request (malware-cnc.rules) * 1:27577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:27596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redyms variant outbound connection (malware-cnc.rules) * 1:27599 <-> DISABLED <-> MALWARE-CNC Fort Disco Registration variant outbound connection (malware-cnc.rules) * 1:27600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nawpers variant connection (malware-cnc.rules) * 1:27629 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules) * 1:27630 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules) * 1:27631 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules) * 1:27633 <-> DISABLED <-> MALWARE-CNC Worm.Silly variant outbound connection (malware-cnc.rules) * 1:27636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Likseput variant connection (malware-cnc.rules) * 1:27637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syhcmd variant connection (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:55931 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant outbound connection attempt (malware-cnc.rules) * 1:55929 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9774504-0 download attempt (malware-other.rules) * 1:55933 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic malicious RemoteConstructor deserialization attempt (server-other.rules) * 1:55932 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic malicious RemoteConstructor deserialization attempt (server-other.rules) * 1:55930 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9774504-0 download attempt (malware-other.rules)
* 1:28117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /install.htm GET Encrypted Payload (malware-cnc.rules) * 1:28105 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:28115 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /file.htm GET Encrypted Payload (malware-cnc.rules) * 1:28857 <-> DISABLED <-> MALWARE-CNC Adwind UNRECOM connnection back to cnc server (malware-cnc.rules) * 1:28106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload information upload (malware-cnc.rules) * 1:28856 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yowdab variant connection (malware-cnc.rules) * 1:25548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules) * 1:28852 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules) * 1:28816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Siluhdur variant outbound connection (malware-cnc.rules) * 1:28853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dipverdle variant outbound connection (malware-cnc.rules) * 1:25547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:28820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:28285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.hdog connectivity check-in version 2 (malware-cnc.rules) * 1:28799 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mxtcycle variant outbound connection (malware-cnc.rules) * 1:28561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plugx outbound connection (malware-cnc.rules) * 1:28406 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:28446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant SQL check-in (malware-cnc.rules) * 1:28134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant connection (malware-cnc.rules) * 1:28247 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules) * 1:28553 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /main.htm GET Encrypted Payload (malware-cnc.rules) * 1:28141 <-> DISABLED <-> MALWARE-CNC Win.Trojan.banker outbound connection (malware-cnc.rules) * 1:28606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Surtr variant connection (malware-cnc.rules) * 1:28410 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner variant outbound connection (malware-cnc.rules) * 1:28209 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules) * 1:28543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules) * 1:26119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:28599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Lesirt variant outbound connection (malware-cnc.rules) * 1:28418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Dtcontx outbound connection (malware-cnc.rules) * 1:28210 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules) * 1:28118 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /login.htm GET Encrypted Payload (malware-cnc.rules) * 1:28607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:28547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:28554 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /online.htm GET Encrypted Payload (malware-cnc.rules) * 1:28399 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Tsunami outbound connection (malware-cnc.rules) * 1:28121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /welcome.htm GET Encrypted Payload (malware-cnc.rules) * 1:28444 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CBgate variant outbound connection (malware-cnc.rules) * 1:28239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tuxido outbound connection (malware-cnc.rules) * 1:28415 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:28216 <-> DISABLED <-> MALWARE-CNC known malware FTP login (malware-cnc.rules) * 1:28119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /search.htm GET Encrypted Payload (malware-cnc.rules) * 1:28486 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Codiltak variant outbound connection (malware-cnc.rules) * 1:28125 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant connection (malware-cnc.rules) * 1:28211 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules) * 1:28250 <-> DISABLED <-> MALWARE-CNC Security Cleaner Pro Install Confirmation (malware-cnc.rules) * 1:28230 <-> DISABLED <-> MALWARE-CNC Boot.Bootroot Variant data upload (malware-cnc.rules) * 1:28417 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Molgomsg variant outbound connection (malware-cnc.rules) * 1:28605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kasnam variant connection (malware-cnc.rules) * 1:28542 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules) * 1:28234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hdslogger outbound connection (malware-cnc.rules) * 1:28244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phrovon outbound connection (malware-cnc.rules) * 1:28323 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:28810 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection - MSIE7 No Referer No Cookie (malware-cnc.rules) * 1:28529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (malware-cnc.rules) * 1:28123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /setup.htm GET Encrypted Payload (malware-cnc.rules) * 1:28528 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (malware-cnc.rules) * 1:28419 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tesch variant outbound connection (malware-cnc.rules) * 1:28154 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - MSIE 7.1 (malware-cnc.rules) * 1:28192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz Potential Phishing URL (malware-cnc.rules) * 1:28255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz Potential phishing URL (malware-cnc.rules) * 1:28325 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zuza variant outbound connection (malware-cnc.rules) * 1:28803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector inbound connection (malware-cnc.rules) * 1:28814 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi/Neverquest variant outbound connection (malware-cnc.rules) * 1:28548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.chfx variant outbound connection (malware-cnc.rules) * 1:28122 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /index.htm GET Encrypted Payload (malware-cnc.rules) * 1:28724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent outbound connection (malware-cnc.rules) * 1:28146 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Salgorea variant connection (malware-cnc.rules) * 1:28242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KanKan variant connection (malware-cnc.rules) * 1:28300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant connection (malware-cnc.rules) * 1:28800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (malware-cnc.rules) * 1:28373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mutopy variant outbound connection (malware-cnc.rules) * 1:28212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bitsto variant connection (malware-cnc.rules) * 1:28328 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Hupigon variant outbound connection (malware-cnc.rules) * 1:28148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mevade variant outbound connection (malware-cnc.rules) * 1:28565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sluegot variant connection (malware-cnc.rules) * 1:28405 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:28564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pkdesco variant outbound connection (malware-cnc.rules) * 1:28166 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bifrose variant connection (malware-cnc.rules) * 1:28815 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi/Neverquest variant outbound connection (malware-cnc.rules) * 1:28813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ufraie variant outbound connection (malware-cnc.rules) * 1:28560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plugx FTP keepalive outbound connection (malware-cnc.rules) * 1:28559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules) * 1:28153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - /html2/ (malware-cnc.rules) * 1:28804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector outbound connection (malware-cnc.rules) * 1:28254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perl.Shellbot variant outbound connection (malware-cnc.rules) * 1:28807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules) * 1:28366 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Venik variant outbound connection (malware-cnc.rules) * 1:28808 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Ptiger variant outbound connection (malware-cnc.rules) * 1:28802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos outbound connection (malware-cnc.rules) * 1:28143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos outbound connection (malware-cnc.rules) * 1:28484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delpbank variant outbound connection (malware-cnc.rules) * 1:28155 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - MSIE 7.2 (malware-cnc.rules) * 1:28562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sidopa variant outbound connection (malware-cnc.rules) * 1:28558 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string getURLdown (malware-cnc.rules) * 1:28538 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox/Kuluoz variant connection (malware-cnc.rules) * 1:28411 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner variant outbound connection (malware-cnc.rules) * 1:28809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil inbound connection (malware-cnc.rules) * 1:28604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kasnam variant connection (malware-cnc.rules) * 1:28362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string SUiCiDE/1.5 (malware-cnc.rules) * 1:28463 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AllAple Variant ICMP flood (malware-cnc.rules) * 1:28120 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /start.htm GET Encrypted Payload (malware-cnc.rules) * 1:28416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker outbound connection (malware-cnc.rules) * 1:28541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess Download Headers (malware-cnc.rules) * 1:28551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NXI ftp username connection (malware-cnc.rules) * 1:28147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules) * 1:28114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /default.htm GET Encrypted Payload (malware-cnc.rules) * 1:28144 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32.Wpbrutebot variant connection (malware-cnc.rules) * 1:28107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload download (malware-cnc.rules) * 1:28805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Palevo outbound connection (malware-cnc.rules) * 1:28563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pkdesco variant outbound connection (malware-cnc.rules) * 1:28116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /home.htm GET Encrypted Payload (malware-cnc.rules) * 1:28326 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zuza variant outbound connection (malware-cnc.rules) * 1:28485 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Khalog variant outbound connection (malware-cnc.rules) * 1:28858 <-> DISABLED <-> MALWARE-CNC Adwind UNRECOM connnection back to cnc server (malware-cnc.rules) * 1:26697 <-> DISABLED <-> MALWARE-CNC Cbeplay Ransomware variant outbound connection - POST Body (malware-cnc.rules) * 1:26702 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win (malware-cnc.rules) * 1:26703 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upero variant outbound connection (malware-cnc.rules) * 1:26712 <-> DISABLED <-> MALWARE-CNC Kazy Trojan check-in (malware-cnc.rules) * 1:26713 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 1 outbound traffic (malware-cnc.rules) * 1:26714 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 2 outbound traffic (malware-cnc.rules) * 1:26715 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 3 outbound traffic (malware-cnc.rules) * 1:26719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules) * 1:26720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules) * 1:26721 <-> DISABLED <-> MALWARE-CNC Pushdo Spiral Traffic (malware-cnc.rules) * 1:26722 <-> DISABLED <-> MALWARE-CNC Bancos fake JPG encrypted config file download (malware-cnc.rules) * 1:26723 <-> DISABLED <-> MALWARE-CNC Trojan Downloader7 (malware-cnc.rules) * 1:26725 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc http command (malware-cnc.rules) * 1:26726 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc stop command (malware-cnc.rules) * 1:26727 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc die command (malware-cnc.rules) * 1:26728 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc sleep command (malware-cnc.rules) * 1:26729 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc simple command (malware-cnc.rules) * 1:26730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc loginpost command (malware-cnc.rules) * 1:26731 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc datapost command (malware-cnc.rules) * 1:26732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc syn command (malware-cnc.rules) * 1:26733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udp command (malware-cnc.rules) * 1:26734 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udpdata command (malware-cnc.rules) * 1:26735 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc data command (malware-cnc.rules) * 1:26736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc icmp command (malware-cnc.rules) * 1:26737 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc tcpdata command (malware-cnc.rules) * 1:26738 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dataget command (malware-cnc.rules) * 1:26739 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc connect command (malware-cnc.rules) * 1:26118 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26740 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dns command (malware-cnc.rules) * 1:25570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medialabs variant outbound connection (malware-cnc.rules) * 1:25571 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medialabs variant outbound connection (malware-cnc.rules) * 1:25572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut variant outbound connection (malware-cnc.rules) * 1:25577 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Necurs possible URI with encrypted POST (malware-cnc.rules) * 1:25599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gupboot variant outbound connection (malware-cnc.rules) * 1:25600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dilavtor variant outbound connection (malware-cnc.rules) * 1:25609 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:25610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mofsmall variant outbound connection (malware-cnc.rules) * 1:25623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jimpime variant outbound connection (malware-cnc.rules) * 1:25625 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Daws variant outbound connection (malware-cnc.rules) * 1:25626 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:25628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant connect to cnc-server (malware-cnc.rules) * 1:25632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Golisy variant outbound connection (malware-cnc.rules) * 1:25652 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptic variant outbound connection (malware-cnc.rules) * 1:25660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules) * 1:25661 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules) * 1:25662 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chowspy variant outbound connection (malware-cnc.rules) * 1:25663 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rimod variant outbound connection (malware-cnc.rules) * 1:25665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sycomder variant outbound connection (malware-cnc.rules) * 1:25666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25667 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nflog variant outbound connection (malware-cnc.rules) * 1:25668 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nflog variant outbound connection (malware-cnc.rules) * 1:25669 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Selasloot variant outbound connection (malware-cnc.rules) * 1:25671 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25672 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound connection (malware-cnc.rules) * 1:25673 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.QQDragon variant outbound connection (malware-cnc.rules) * 1:25674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shimwoc variant outbound connection (malware-cnc.rules) * 1:25675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeavlock variant outbound connection (malware-cnc.rules) * 1:25765 <-> DISABLED <-> MALWARE-CNC Trojan Agent YEH variant outbound connection (malware-cnc.rules) * 1:25766 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:25807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Urausy Botnet variant outbound connection (malware-cnc.rules) * 1:25829 <-> DISABLED <-> MALWARE-CNC Trojan Banker FTC variant outbound connection (malware-cnc.rules) * 1:25854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection - MSIE7 No Referer No Cookie (malware-cnc.rules) * 1:25863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.QBundle variant outbound connection (malware-cnc.rules) * 1:25865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boolflot variant outbound connection (malware-cnc.rules) * 1:25974 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lukprofin variant outbound connection (malware-cnc.rules) * 1:26741 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc exec command (malware-cnc.rules) * 1:25980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pass (malware-cnc.rules) * 1:25987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upof variant outbound connection (malware-cnc.rules) * 1:25990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (malware-cnc.rules) * 1:25991 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (malware-cnc.rules) * 1:25992 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules) * 1:25993 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules) * 1:25994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reswor variant outbound connection (malware-cnc.rules) * 1:26010 <-> DISABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules) * 1:26011 <-> DISABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules) * 1:26019 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bredo variant outbound connection (malware-cnc.rules) * 1:26023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant in.php outbound connection (malware-cnc.rules) * 1:26024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wecod variant outbound connection (malware-cnc.rules) * 1:26072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locati variant outbound connection (malware-cnc.rules) * 1:26075 <-> DISABLED <-> MALWARE-CNC Bancos variant outbound connection SQL query POST data (malware-cnc.rules) * 1:26086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Exicon variant outbound connection (malware-cnc.rules) * 1:26088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Encriyoko variant outbound connection (malware-cnc.rules) * 1:26106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:26115 <-> DISABLED <-> MALWARE-CNC NSIS.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26116 <-> DISABLED <-> MALWARE-CNC NSIS.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarctox variant outbound connection (malware-cnc.rules) * 1:25979 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lukprofin variant outbound connection (malware-cnc.rules) * 1:25553 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (malware-cnc.rules) * 1:26742 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc resolve command (malware-cnc.rules) * 1:26743 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc antiddos command (malware-cnc.rules) * 1:26744 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc range command (malware-cnc.rules) * 1:26745 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc ftp command (malware-cnc.rules) * 1:26746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc download command (malware-cnc.rules) * 1:26747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc fastddos command (malware-cnc.rules) * 1:26748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc slowhttp command (malware-cnc.rules) * 1:26749 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc allhttp command (malware-cnc.rules) * 1:26750 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc full command (malware-cnc.rules) * 1:26751 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - msctls_progress32 (malware-cnc.rules) * 1:26756 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Datcaen variant outbound connection (malware-cnc.rules) * 1:26757 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Datcaen variant outbound connection (malware-cnc.rules) * 1:26758 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elefin variant outbound connection (malware-cnc.rules) * 1:26763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:26770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:26771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:26774 <-> DISABLED <-> MALWARE-CNC Win.Worm.Luder variant outbound connection (malware-cnc.rules) * 1:26775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker variant outbound connection HTTP Header Structure (malware-cnc.rules) * 1:26776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker variant outbound connection POST (malware-cnc.rules) * 1:26777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:26779 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex encrypted POST check-in (malware-cnc.rules) * 1:26780 <-> DISABLED <-> MALWARE-CNC cridex HTTP Response - default0.js (malware-cnc.rules) * 1:26785 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qrmon variant outbound connection (malware-cnc.rules) * 1:26792 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbula variant outbound connection (malware-cnc.rules) * 1:26793 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbula variant initial CNC contact (malware-cnc.rules) * 1:26809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor.Tomvode variant outbound connection (malware-cnc.rules) * 1:26811 <-> DISABLED <-> MALWARE-CNC XP Fake Antivirus Payment Page Request (malware-cnc.rules) * 1:26812 <-> DISABLED <-> MALWARE-CNC XP Fake Antivirus Check-in (malware-cnc.rules) * 1:26813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato CMS spambot check-in (malware-cnc.rules) * 1:26815 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.KitM variant outbound connection user-agent (malware-cnc.rules) * 1:26816 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.KitM variant outbound connection (malware-cnc.rules) * 1:26818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Zawat variant outbound connection (malware-cnc.rules) * 1:26819 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Datash variant outbound connection (malware-cnc.rules) * 1:26820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Datash variant outbound connection (malware-cnc.rules) * 1:26822 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules) * 1:26828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uperti variant outbound connection (malware-cnc.rules) * 1:26835 <-> DISABLED <-> MALWARE-CNC RDN Banker POST variant outbound connection (malware-cnc.rules) * 1:26836 <-> DISABLED <-> MALWARE-CNC RDN Banker Strange Google Traffic (malware-cnc.rules) * 1:26837 <-> DISABLED <-> MALWARE-CNC BitBot Idle C2 response (malware-cnc.rules) * 1:26840 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (malware-cnc.rules) * 1:26841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (malware-cnc.rules) * 1:26880 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zotob.E gc.exe download (malware-cnc.rules) * 1:26911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules) * 1:26912 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules) * 1:26923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:26924 <-> DISABLED <-> MALWARE-CNC Potential Gozi Trojan HTTP Header Structure (malware-cnc.rules) * 1:26930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules) * 1:26931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules) * 1:26932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules) * 1:26940 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TripleNine RAT beacon (malware-cnc.rules) * 1:26941 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PipCreat RAT dropper download (malware-cnc.rules) * 1:26942 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PipCreat RAT beacon (malware-cnc.rules) * 1:26943 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Post_Show RAT beacon (malware-cnc.rules) * 1:26944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Post_Show RAT beacon (malware-cnc.rules) * 1:26945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bisonal RAT beacon (malware-cnc.rules) * 1:26946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uptime RAT beacon (malware-cnc.rules) * 1:26952 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcim variant outbound connection (malware-cnc.rules) * 1:26954 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Talsab variant outbound connection (malware-cnc.rules) * 1:26955 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Talsab variant outbound connection (malware-cnc.rules) * 1:26965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Facebook Secure Cryptor C2 (malware-cnc.rules) * 1:26966 <-> DISABLED <-> MALWARE-CNC Win32/Autorun.JN variant outbound connection (malware-cnc.rules) * 1:26967 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules) * 1:26968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi Data Theft POST Data (malware-cnc.rules) * 1:26969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi Trojan Data Theft POST URL (malware-cnc.rules) * 1:26970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pirminay variant outbound connection (malware-cnc.rules) * 1:26984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector Info Stealer Trojan variant outbound connection (malware-cnc.rules) * 1:26986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xenil variant outbound connection (malware-cnc.rules) * 1:26987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyvadextr variant outbound connection (malware-cnc.rules) * 1:26995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26997 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Morcut variant outbound connection (malware-cnc.rules) * 1:26998 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Morcut file download (malware-cnc.rules) * 1:26999 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chinoxy variant outbound connection (malware-cnc.rules) * 1:27000 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chinoxy variant outbound connection (malware-cnc.rules) * 1:27002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:27003 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:27007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:27008 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:27010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot payment .scr download (malware-cnc.rules) * 1:27012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant outbound connection (malware-cnc.rules) * 1:27013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant inbound connection (malware-cnc.rules) * 1:27014 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epipenwa variant outbound connection (malware-cnc.rules) * 1:27017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato variant inbound response connection (malware-cnc.rules) * 1:27021 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Layvam variant outbound connection (malware-cnc.rules) * 1:27022 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules) * 1:27023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules) * 1:27033 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Transhell variant outbound connection user-agent (malware-cnc.rules) * 1:27039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.OnlineGameHack variant outbound connection (malware-cnc.rules) * 1:27044 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string pb - Htbot (malware-cnc.rules) * 1:27045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker Download (malware-cnc.rules) * 1:27049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dokstormac variant outbound connection (malware-cnc.rules) * 1:27054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant outbound connection (malware-cnc.rules) * 1:27058 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.HackBack variant outbound connection (malware-cnc.rules) * 1:27093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules) * 1:27120 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:27169 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atezag variant outbound connection (malware-cnc.rules) * 1:27199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meredrop variant outbound connection GET Request (malware-cnc.rules) * 1:27200 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meredrop variant outbound connection POST Request (malware-cnc.rules) * 1:27201 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neurevt variant outbound connection (malware-cnc.rules) * 1:27248 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue - Mozi1la User-Agent (malware-cnc.rules) * 1:27252 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess 111-byte URL variant outbound connection (malware-cnc.rules) * 1:26696 <-> DISABLED <-> MALWARE-CNC Cbeplay Ransomware variant outbound connection - Abnormal HTTP Headers (malware-cnc.rules) * 1:27257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptic 7-byte URI Invalid Firefox Headers - no Accept-Language (malware-cnc.rules) * 1:27256 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik Drive-by Download Malware (malware-cnc.rules) * 1:27260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Java.Agent.NFK variant connection (malware-cnc.rules) * 1:27263 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - yahoonews (malware-cnc.rules) * 1:27533 <-> DISABLED <-> MALWARE-CNC Potential Win.Trojan.Kraziomel Download - 000.jpg (malware-cnc.rules) * 1:27551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorapu variant outbound connection (malware-cnc.rules) * 1:27558 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bezigate variant outbound connection (malware-cnc.rules) * 1:27567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix malicious download request (malware-cnc.rules) * 1:27577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:27596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redyms variant outbound connection (malware-cnc.rules) * 1:27599 <-> DISABLED <-> MALWARE-CNC Fort Disco Registration variant outbound connection (malware-cnc.rules) * 1:27600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nawpers variant connection (malware-cnc.rules) * 1:27629 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules) * 1:27630 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules) * 1:27631 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules) * 1:27633 <-> DISABLED <-> MALWARE-CNC Worm.Silly variant outbound connection (malware-cnc.rules) * 1:27636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Likseput variant connection (malware-cnc.rules) * 1:27637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syhcmd variant connection (malware-cnc.rules) * 1:27639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epipenwa variant connection (malware-cnc.rules) * 1:27640 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chekafe variant connection (malware-cnc.rules) * 1:27641 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meilat variant connection (malware-cnc.rules) * 1:27642 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downbot variant connection (malware-cnc.rules) * 1:27643 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Betabot variant connection (malware-cnc.rules) * 1:27644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Merong variant connection (malware-cnc.rules) * 1:27645 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Binjo variant outbound connection (malware-cnc.rules) * 1:27647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nelaja variant outbound connection (malware-cnc.rules) * 1:27648 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker.ZSL variant outbound connection (malware-cnc.rules) * 1:27649 <-> DISABLED <-> MALWARE-CNC Brazilian Banking Trojan data theft (malware-cnc.rules) * 1:27655 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Enchanim variant connection (malware-cnc.rules) * 1:27659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gapz variant connection (malware-cnc.rules) * 1:27660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reabfrus variant connection (malware-cnc.rules) * 1:27661 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reabfrus variant connection (malware-cnc.rules) * 1:27662 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Galfun variant outbound connection (malware-cnc.rules) * 1:27664 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules) * 1:27665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules) * 1:27670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.evf variant connection (malware-cnc.rules) * 1:27678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Goolelo variant connection (malware-cnc.rules) * 1:27679 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules) * 1:27680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess variant outbound connection (malware-cnc.rules) * 1:27699 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tartober variant connection (malware-cnc.rules) * 1:27709 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string umbra (malware-cnc.rules) * 1:27710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string IExplore (malware-cnc.rules) * 1:27711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant outbound connection (malware-cnc.rules) * 1:27720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kolok variant connection (malware-cnc.rules) * 1:27726 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules) * 1:27727 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules) * 1:27728 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules) * 1:27737 <-> DISABLED <-> MALWARE-CNC DNS suspicious .c0m.li dns query (malware-cnc.rules) * 1:27746 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Hanthie variant outbound connection (malware-cnc.rules) * 1:27747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banechant outbound variant connection (malware-cnc.rules) * 1:27759 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Treizt variant connection (malware-cnc.rules) * 1:27774 <-> DISABLED <-> MALWARE-CNC RDN Banker Data Exfiltration (malware-cnc.rules) * 1:27775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:27802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PRISM variant outbound connection (malware-cnc.rules) * 1:27803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PRISM variant outbound connection (malware-cnc.rules) * 1:27805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bisonha variant outbound connection (malware-cnc.rules) * 1:27806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retruse variant connection (malware-cnc.rules) * 1:27811 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mindweq variant connection (malware-cnc.rules) * 1:27817 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenavt connection (malware-cnc.rules) * 1:27864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinowal variant connection (malware-cnc.rules) * 1:27867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper outbound connection (malware-cnc.rules) * 1:27868 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - dt12012 (malware-cnc.rules) * 1:27905 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helauto variant connection (malware-cnc.rules) * 1:27918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:27919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus encrypted POST Data exfiltration (malware-cnc.rules) * 1:27939 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Galock variant connection (malware-cnc.rules) * 1:27955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mevade variant outbound connection (malware-cnc.rules) * 1:27963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lolbot variant outbound connection (malware-cnc.rules) * 1:27964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules) * 1:27965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eupuds variant connection (malware-cnc.rules) * 1:27966 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:27968 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:27969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Updays variant connection (malware-cnc.rules) * 1:27970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus dropper variant connection (malware-cnc.rules) * 1:27980 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /botnet/adduser.php?uid= (malware-cnc.rules) * 1:27981 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /botnet/tasks.php?uid= (malware-cnc.rules) * 1:28005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz outbound command (malware-cnc.rules) * 1:28007 <-> DISABLED <-> MALWARE-CNC BLYPT installer startupkey outbound traffic (malware-cnc.rules) * 1:28008 <-> DISABLED <-> MALWARE-CNC BLYPT installer reuse outbound traffic (malware-cnc.rules) * 1:28009 <-> DISABLED <-> MALWARE-CNC BLYPT installer configkey outbound traffic (malware-cnc.rules) * 1:28010 <-> DISABLED <-> MALWARE-CNC BLYPT installer tserror outbound traffic (malware-cnc.rules) * 1:28011 <-> DISABLED <-> MALWARE-CNC BLYPT installer createproc outbound traffic (malware-cnc.rules) * 1:28012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:28033 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Urausy variant outbound connection (malware-cnc.rules) * 1:28040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules) * 1:28042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Caphaw variant outbound connection (malware-cnc.rules) * 1:28044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker variant connection (malware-cnc.rules) * 1:28045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBKrypt variant connection (malware-cnc.rules) * 1:28072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Omexo outbound connection (malware-cnc.rules) * 1:28073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32.Kimsuky variant file stealing (malware-cnc.rules) * 1:28074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ADKR connection (malware-cnc.rules) * 1:28075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.gzfw connection (malware-cnc.rules) * 1:28079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar variant outbound connection (malware-cnc.rules) * 1:28080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar data theft (malware-cnc.rules) * 1:28084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant connection (malware-cnc.rules) * 1:28094 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Liteol variant connection (malware-cnc.rules) * 1:28095 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Liteol variant connection (malware-cnc.rules) * 1:28096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spynet variant connection (malware-cnc.rules) * 1:26201 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lobparck variant outbound connection (malware-cnc.rules) * 1:26202 <-> DISABLED <-> MALWARE-CNC VBS.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gupd variant outbound connection (malware-cnc.rules) * 1:26204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malex variant outbound connection (malware-cnc.rules) * 1:26211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eldorado variant outbound connection (malware-cnc.rules) * 1:26238 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Snopexy variant outbound connection (malware-cnc.rules) * 1:26239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stehlox variant outbound connection (malware-cnc.rules) * 1:26240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vkeikooc variant outbound connection (malware-cnc.rules) * 1:26244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Troll variant outbound connection (malware-cnc.rules) * 1:26245 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:26248 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent cibabam (malware-cnc.rules) * 1:26249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Sonide variant outbound connection (malware-cnc.rules) * 1:26260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Vectmp variant outbound connection (malware-cnc.rules) * 1:26266 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26267 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Surok variant outbound connection (malware-cnc.rules) * 1:25551 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dipasik variant outbound connection (malware-cnc.rules) * 1:26285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Garveep variant outbound connection (malware-cnc.rules) * 1:26288 <-> DISABLED <-> MALWARE-CNC Brontok Worm variant outbound connection (malware-cnc.rules) * 1:26289 <-> DISABLED <-> MALWARE-CNC Daws Trojan Outbound Plaintext over SSL Port (malware-cnc.rules) * 1:26319 <-> DISABLED <-> MALWARE-CNC file path used as User-Agent - potential Trojan (malware-cnc.rules) * 1:26325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:26327 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Flashfake variant outbound connection (malware-cnc.rules) * 1:26331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qhost variant outbound connection (malware-cnc.rules) * 1:26335 <-> DISABLED <-> MALWARE-CNC FBI Ransom Trojan variant outbound connection (malware-cnc.rules) * 1:26370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - ksa.txt (malware-cnc.rules) * 1:26371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - op POST (malware-cnc.rules) * 1:26398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue variant outbound connection (malware-cnc.rules) * 1:26428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:26444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26445 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler variant outbound connection (malware-cnc.rules) * 1:26448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakesig variant outbound connection (malware-cnc.rules) * 1:26449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules) * 1:26463 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linog.A variant outbound connection (malware-cnc.rules) * 1:26464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linog.A variant outbound connection (malware-cnc.rules) * 1:26467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Magic variant inbound connection (malware-cnc.rules) * 1:26480 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot fake PNG config file download without User-Agent (malware-cnc.rules) * 1:26482 <-> DISABLED <-> MALWARE-CNC Unknown Thinner Encrypted POST botnet C&C (malware-cnc.rules) * 1:26522 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent NOKIAN95/WEB (malware-cnc.rules) * 1:26533 <-> DISABLED <-> MALWARE-CNC Unknown malware - Incorrect headers - Referer HTTP/1.0 (malware-cnc.rules) * 1:26558 <-> DISABLED <-> MALWARE-CNC User-Agent known Malicious user agent Brutus AET (malware-cnc.rules) * 1:26560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - getcomando POST data (malware-cnc.rules) * 1:26561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:26563 <-> DISABLED <-> MALWARE-CNC Harakit botnet traffic (malware-cnc.rules) * 1:26576 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules) * 1:26577 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent Opera 10 (malware-cnc.rules) * 1:26578 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy/FakeAV Checkin with IE6 User-Agent (malware-cnc.rules) * 1:26579 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy/FakeAV Checkin with IE6 User-Agent (malware-cnc.rules) * 1:26604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bydra variant outbound connection (malware-cnc.rules) * 1:26605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bydra variant outbound connection (malware-cnc.rules) * 1:26606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sosork variant outbound connection (malware-cnc.rules) * 1:26607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korlia variant outbound connection (malware-cnc.rules) * 1:26608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rocra variant outbound connection (malware-cnc.rules) * 1:26609 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Dockster variant outbound connection (malware-cnc.rules) * 1:26613 <-> DISABLED <-> MALWARE-CNC Medfos Trojan variant outbound connection (malware-cnc.rules) * 1:26656 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Travnet Botnet data upload (malware-cnc.rules) * 1:26657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz variant outbound connection (malware-cnc.rules) * 1:26677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:26678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:26679 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:26680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:26681 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:26683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shyape variant outbound connection (malware-cnc.rules) * 1:26684 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neshax variant outbound connection (malware-cnc.rules) * 1:26685 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string J13A (malware-cnc.rules) * 1:26686 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alina (malware-cnc.rules) * 1:26690 <-> DISABLED <-> MALWARE-CNC Miniduke server contact (malware-cnc.rules) * 1:26691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UFRStealer variant outbound connection (malware-cnc.rules) * 1:26692 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyremoav variant outbound connection (malware-cnc.rules) * 1:26695 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Namihno variant outbound request (malware-cnc.rules) * 1:28097 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ohlat variant connection (malware-cnc.rules) * 1:28859 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent z00sAgent - Win.Trojan.Zbot (malware-cnc.rules) * 1:28860 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Nitedrem (malware-cnc.rules) * 1:28861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Roxfora variant outbound connection (malware-cnc.rules) * 1:28864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tofsee variant outbound connection (malware-cnc.rules) * 1:28886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:28914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Anony variant connection (malware-cnc.rules) * 1:28918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant network connectivity check (malware-cnc.rules) * 1:28919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant network connectivity check (malware-cnc.rules) * 1:28930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeav variant outbound data connection (malware-cnc.rules) * 1:28940 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix malicious download (malware-cnc.rules) * 1:28947 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tapaoux variant connection (malware-cnc.rules) * 1:28948 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishlog variant outbound connection (malware-cnc.rules) * 1:28949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishlog variant outbound connection (malware-cnc.rules) * 1:28958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jussuc variant outbound connection (malware-cnc.rules) * 1:28960 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alurewo outbound connection (malware-cnc.rules) * 1:48157 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:55930 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9774504-0 download attempt (malware-other.rules) * 1:55929 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9774504-0 download attempt (malware-other.rules) * 1:55931 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant outbound connection attempt (malware-cnc.rules) * 1:55932 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic malicious RemoteConstructor deserialization attempt (server-other.rules) * 1:55933 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic malicious RemoteConstructor deserialization attempt (server-other.rules)
* 1:28405 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:28418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Dtcontx outbound connection (malware-cnc.rules) * 1:28816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Siluhdur variant outbound connection (malware-cnc.rules) * 1:28606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Surtr variant connection (malware-cnc.rules) * 1:28565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sluegot variant connection (malware-cnc.rules) * 1:28815 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi/Neverquest variant outbound connection (malware-cnc.rules) * 1:28559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules) * 1:28463 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AllAple Variant ICMP flood (malware-cnc.rules) * 1:28323 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:28805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Palevo outbound connection (malware-cnc.rules) * 1:28528 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (malware-cnc.rules) * 1:28724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent outbound connection (malware-cnc.rules) * 1:28143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos outbound connection (malware-cnc.rules) * 1:28560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plugx FTP keepalive outbound connection (malware-cnc.rules) * 1:28807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules) * 1:28211 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules) * 1:28123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /setup.htm GET Encrypted Payload (malware-cnc.rules) * 1:28328 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Hupigon variant outbound connection (malware-cnc.rules) * 1:28599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Lesirt variant outbound connection (malware-cnc.rules) * 1:28411 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner variant outbound connection (malware-cnc.rules) * 1:28554 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /online.htm GET Encrypted Payload (malware-cnc.rules) * 1:28166 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bifrose variant connection (malware-cnc.rules) * 1:28153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - /html2/ (malware-cnc.rules) * 1:28122 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /index.htm GET Encrypted Payload (malware-cnc.rules) * 1:28146 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Salgorea variant connection (malware-cnc.rules) * 1:28803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector inbound connection (malware-cnc.rules) * 1:28607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:28125 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant connection (malware-cnc.rules) * 1:28118 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /login.htm GET Encrypted Payload (malware-cnc.rules) * 1:28134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant connection (malware-cnc.rules) * 1:28553 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /main.htm GET Encrypted Payload (malware-cnc.rules) * 1:28239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tuxido outbound connection (malware-cnc.rules) * 1:28529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (malware-cnc.rules) * 1:28604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kasnam variant connection (malware-cnc.rules) * 1:28809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil inbound connection (malware-cnc.rules) * 1:28538 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox/Kuluoz variant connection (malware-cnc.rules) * 1:28562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sidopa variant outbound connection (malware-cnc.rules) * 1:28250 <-> DISABLED <-> MALWARE-CNC Security Cleaner Pro Install Confirmation (malware-cnc.rules) * 1:28212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bitsto variant connection (malware-cnc.rules) * 1:28810 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection - MSIE7 No Referer No Cookie (malware-cnc.rules) * 1:28542 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules) * 1:28155 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - MSIE 7.2 (malware-cnc.rules) * 1:28417 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Molgomsg variant outbound connection (malware-cnc.rules) * 1:28558 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string getURLdown (malware-cnc.rules) * 1:28285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.hdog connectivity check-in version 2 (malware-cnc.rules) * 1:28107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload download (malware-cnc.rules) * 1:28563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pkdesco variant outbound connection (malware-cnc.rules) * 1:28033 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Urausy variant outbound connection (malware-cnc.rules) * 1:28254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perl.Shellbot variant outbound connection (malware-cnc.rules) * 1:28148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mevade variant outbound connection (malware-cnc.rules) * 1:28116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /home.htm GET Encrypted Payload (malware-cnc.rules) * 1:28119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /search.htm GET Encrypted Payload (malware-cnc.rules) * 1:28410 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner variant outbound connection (malware-cnc.rules) * 1:28121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /welcome.htm GET Encrypted Payload (malware-cnc.rules) * 1:28547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:28486 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Codiltak variant outbound connection (malware-cnc.rules) * 1:28192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz Potential Phishing URL (malware-cnc.rules) * 1:28326 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zuza variant outbound connection (malware-cnc.rules) * 1:28485 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Khalog variant outbound connection (malware-cnc.rules) * 1:28446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant SQL check-in (malware-cnc.rules) * 1:28415 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:28858 <-> DISABLED <-> MALWARE-CNC Adwind UNRECOM connnection back to cnc server (malware-cnc.rules) * 1:28860 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Nitedrem (malware-cnc.rules) * 1:28799 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mxtcycle variant outbound connection (malware-cnc.rules) * 1:28373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mutopy variant outbound connection (malware-cnc.rules) * 1:25628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant connect to cnc-server (malware-cnc.rules) * 1:28856 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yowdab variant connection (malware-cnc.rules) * 1:28853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dipverdle variant outbound connection (malware-cnc.rules) * 1:28852 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules) * 1:28605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kasnam variant connection (malware-cnc.rules) * 1:28115 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /file.htm GET Encrypted Payload (malware-cnc.rules) * 1:28040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules) * 1:28042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Caphaw variant outbound connection (malware-cnc.rules) * 1:28044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker variant connection (malware-cnc.rules) * 1:28045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBKrypt variant connection (malware-cnc.rules) * 1:28072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Omexo outbound connection (malware-cnc.rules) * 1:28073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32.Kimsuky variant file stealing (malware-cnc.rules) * 1:28074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ADKR connection (malware-cnc.rules) * 1:28075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.gzfw connection (malware-cnc.rules) * 1:28079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar variant outbound connection (malware-cnc.rules) * 1:28080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar data theft (malware-cnc.rules) * 1:28084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant connection (malware-cnc.rules) * 1:28094 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Liteol variant connection (malware-cnc.rules) * 1:28095 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Liteol variant connection (malware-cnc.rules) * 1:28096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spynet variant connection (malware-cnc.rules) * 1:28859 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent z00sAgent - Win.Trojan.Zbot (malware-cnc.rules) * 1:28209 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules) * 1:28362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string SUiCiDE/1.5 (malware-cnc.rules) * 1:28234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hdslogger outbound connection (malware-cnc.rules) * 1:28814 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi/Neverquest variant outbound connection (malware-cnc.rules) * 1:28548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.chfx variant outbound connection (malware-cnc.rules) * 1:28216 <-> DISABLED <-> MALWARE-CNC known malware FTP login (malware-cnc.rules) * 1:28813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ufraie variant outbound connection (malware-cnc.rules) * 1:28541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess Download Headers (malware-cnc.rules) * 1:28366 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Venik variant outbound connection (malware-cnc.rules) * 1:28561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plugx outbound connection (malware-cnc.rules) * 1:28105 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:28564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pkdesco variant outbound connection (malware-cnc.rules) * 1:28325 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zuza variant outbound connection (malware-cnc.rules) * 1:28444 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CBgate variant outbound connection (malware-cnc.rules) * 1:28864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tofsee variant outbound connection (malware-cnc.rules) * 1:28886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:28914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Anony variant connection (malware-cnc.rules) * 1:28918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant network connectivity check (malware-cnc.rules) * 1:28919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant network connectivity check (malware-cnc.rules) * 1:28930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeav variant outbound data connection (malware-cnc.rules) * 1:28940 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix malicious download (malware-cnc.rules) * 1:28947 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tapaoux variant connection (malware-cnc.rules) * 1:28948 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishlog variant outbound connection (malware-cnc.rules) * 1:28949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishlog variant outbound connection (malware-cnc.rules) * 1:28958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jussuc variant outbound connection (malware-cnc.rules) * 1:28960 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alurewo outbound connection (malware-cnc.rules) * 1:48157 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:25547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules) * 1:25551 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dipasik variant outbound connection (malware-cnc.rules) * 1:25553 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (malware-cnc.rules) * 1:25570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medialabs variant outbound connection (malware-cnc.rules) * 1:25571 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medialabs variant outbound connection (malware-cnc.rules) * 1:25572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut variant outbound connection (malware-cnc.rules) * 1:25577 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Necurs possible URI with encrypted POST (malware-cnc.rules) * 1:25599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gupboot variant outbound connection (malware-cnc.rules) * 1:25600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dilavtor variant outbound connection (malware-cnc.rules) * 1:25609 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:25610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mofsmall variant outbound connection (malware-cnc.rules) * 1:25623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jimpime variant outbound connection (malware-cnc.rules) * 1:25625 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Daws variant outbound connection (malware-cnc.rules) * 1:25626 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:26260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Vectmp variant outbound connection (malware-cnc.rules) * 1:25652 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptic variant outbound connection (malware-cnc.rules) * 1:25660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules) * 1:25661 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules) * 1:25662 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chowspy variant outbound connection (malware-cnc.rules) * 1:25663 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rimod variant outbound connection (malware-cnc.rules) * 1:25665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sycomder variant outbound connection (malware-cnc.rules) * 1:25666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25667 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nflog variant outbound connection (malware-cnc.rules) * 1:25668 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nflog variant outbound connection (malware-cnc.rules) * 1:25669 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Selasloot variant outbound connection (malware-cnc.rules) * 1:25671 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25672 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound connection (malware-cnc.rules) * 1:25673 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.QQDragon variant outbound connection (malware-cnc.rules) * 1:25674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shimwoc variant outbound connection (malware-cnc.rules) * 1:25675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeavlock variant outbound connection (malware-cnc.rules) * 1:25765 <-> DISABLED <-> MALWARE-CNC Trojan Agent YEH variant outbound connection (malware-cnc.rules) * 1:25766 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:25807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Urausy Botnet variant outbound connection (malware-cnc.rules) * 1:25829 <-> DISABLED <-> MALWARE-CNC Trojan Banker FTC variant outbound connection (malware-cnc.rules) * 1:25854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection - MSIE7 No Referer No Cookie (malware-cnc.rules) * 1:25863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.QBundle variant outbound connection (malware-cnc.rules) * 1:25865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boolflot variant outbound connection (malware-cnc.rules) * 1:25974 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lukprofin variant outbound connection (malware-cnc.rules) * 1:25979 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lukprofin variant outbound connection (malware-cnc.rules) * 1:25980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pass (malware-cnc.rules) * 1:25987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upof variant outbound connection (malware-cnc.rules) * 1:25990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (malware-cnc.rules) * 1:25991 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (malware-cnc.rules) * 1:25992 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules) * 1:25993 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules) * 1:25994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reswor variant outbound connection (malware-cnc.rules) * 1:26010 <-> DISABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules) * 1:26011 <-> DISABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules) * 1:26019 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bredo variant outbound connection (malware-cnc.rules) * 1:26023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant in.php outbound connection (malware-cnc.rules) * 1:28230 <-> DISABLED <-> MALWARE-CNC Boot.Bootroot Variant data upload (malware-cnc.rules) * 1:28800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (malware-cnc.rules) * 1:28419 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tesch variant outbound connection (malware-cnc.rules) * 1:25632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Golisy variant outbound connection (malware-cnc.rules) * 1:26249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Sonide variant outbound connection (malware-cnc.rules) * 1:26072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locati variant outbound connection (malware-cnc.rules) * 1:26075 <-> DISABLED <-> MALWARE-CNC Bancos variant outbound connection SQL query POST data (malware-cnc.rules) * 1:26086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Exicon variant outbound connection (malware-cnc.rules) * 1:26088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Encriyoko variant outbound connection (malware-cnc.rules) * 1:26106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:26115 <-> DISABLED <-> MALWARE-CNC NSIS.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26116 <-> DISABLED <-> MALWARE-CNC NSIS.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarctox variant outbound connection (malware-cnc.rules) * 1:26118 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26201 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lobparck variant outbound connection (malware-cnc.rules) * 1:26202 <-> DISABLED <-> MALWARE-CNC VBS.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gupd variant outbound connection (malware-cnc.rules) * 1:26204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malex variant outbound connection (malware-cnc.rules) * 1:26211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eldorado variant outbound connection (malware-cnc.rules) * 1:26238 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Snopexy variant outbound connection (malware-cnc.rules) * 1:26239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stehlox variant outbound connection (malware-cnc.rules) * 1:26240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vkeikooc variant outbound connection (malware-cnc.rules) * 1:26244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Troll variant outbound connection (malware-cnc.rules) * 1:26245 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:26248 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent cibabam (malware-cnc.rules) * 1:27647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nelaja variant outbound connection (malware-cnc.rules) * 1:26024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wecod variant outbound connection (malware-cnc.rules) * 1:26266 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26267 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Surok variant outbound connection (malware-cnc.rules) * 1:26285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Garveep variant outbound connection (malware-cnc.rules) * 1:26288 <-> DISABLED <-> MALWARE-CNC Brontok Worm variant outbound connection (malware-cnc.rules) * 1:26289 <-> DISABLED <-> MALWARE-CNC Daws Trojan Outbound Plaintext over SSL Port (malware-cnc.rules) * 1:26319 <-> DISABLED <-> MALWARE-CNC file path used as User-Agent - potential Trojan (malware-cnc.rules) * 1:26325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:26327 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Flashfake variant outbound connection (malware-cnc.rules) * 1:26331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qhost variant outbound connection (malware-cnc.rules) * 1:26335 <-> DISABLED <-> MALWARE-CNC FBI Ransom Trojan variant outbound connection (malware-cnc.rules) * 1:26370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - ksa.txt (malware-cnc.rules) * 1:26371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - op POST (malware-cnc.rules) * 1:26398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue variant outbound connection (malware-cnc.rules) * 1:26428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:26444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26445 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler variant outbound connection (malware-cnc.rules) * 1:26448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakesig variant outbound connection (malware-cnc.rules) * 1:26449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules) * 1:26463 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linog.A variant outbound connection (malware-cnc.rules) * 1:26464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linog.A variant outbound connection (malware-cnc.rules) * 1:26467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Magic variant inbound connection (malware-cnc.rules) * 1:26480 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot fake PNG config file download without User-Agent (malware-cnc.rules) * 1:26482 <-> DISABLED <-> MALWARE-CNC Unknown Thinner Encrypted POST botnet C&C (malware-cnc.rules) * 1:26522 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent NOKIAN95/WEB (malware-cnc.rules) * 1:26533 <-> DISABLED <-> MALWARE-CNC Unknown malware - Incorrect headers - Referer HTTP/1.0 (malware-cnc.rules) * 1:26558 <-> DISABLED <-> MALWARE-CNC User-Agent known Malicious user agent Brutus AET (malware-cnc.rules) * 1:26560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - getcomando POST data (malware-cnc.rules) * 1:26561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:26563 <-> DISABLED <-> MALWARE-CNC Harakit botnet traffic (malware-cnc.rules) * 1:26576 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules) * 1:26577 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent Opera 10 (malware-cnc.rules) * 1:26578 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy/FakeAV Checkin with IE6 User-Agent (malware-cnc.rules) * 1:26579 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy/FakeAV Checkin with IE6 User-Agent (malware-cnc.rules) * 1:26604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bydra variant outbound connection (malware-cnc.rules) * 1:26605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bydra variant outbound connection (malware-cnc.rules) * 1:26606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sosork variant outbound connection (malware-cnc.rules) * 1:26607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korlia variant outbound connection (malware-cnc.rules) * 1:26608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rocra variant outbound connection (malware-cnc.rules) * 1:26609 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Dockster variant outbound connection (malware-cnc.rules) * 1:26613 <-> DISABLED <-> MALWARE-CNC Medfos Trojan variant outbound connection (malware-cnc.rules) * 1:26656 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Travnet Botnet data upload (malware-cnc.rules) * 1:26657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz variant outbound connection (malware-cnc.rules) * 1:26677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:26678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:26679 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:26680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:26681 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:26683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shyape variant outbound connection (malware-cnc.rules) * 1:26684 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neshax variant outbound connection (malware-cnc.rules) * 1:26685 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string J13A (malware-cnc.rules) * 1:26686 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alina (malware-cnc.rules) * 1:26690 <-> DISABLED <-> MALWARE-CNC Miniduke server contact (malware-cnc.rules) * 1:26691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UFRStealer variant outbound connection (malware-cnc.rules) * 1:26692 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyremoav variant outbound connection (malware-cnc.rules) * 1:26695 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Namihno variant outbound request (malware-cnc.rules) * 1:26696 <-> DISABLED <-> MALWARE-CNC Cbeplay Ransomware variant outbound connection - Abnormal HTTP Headers (malware-cnc.rules) * 1:26697 <-> DISABLED <-> MALWARE-CNC Cbeplay Ransomware variant outbound connection - POST Body (malware-cnc.rules) * 1:26702 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win (malware-cnc.rules) * 1:26703 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upero variant outbound connection (malware-cnc.rules) * 1:26712 <-> DISABLED <-> MALWARE-CNC Kazy Trojan check-in (malware-cnc.rules) * 1:26713 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 1 outbound traffic (malware-cnc.rules) * 1:26714 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 2 outbound traffic (malware-cnc.rules) * 1:26715 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 3 outbound traffic (malware-cnc.rules) * 1:26719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules) * 1:26720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules) * 1:26721 <-> DISABLED <-> MALWARE-CNC Pushdo Spiral Traffic (malware-cnc.rules) * 1:26722 <-> DISABLED <-> MALWARE-CNC Bancos fake JPG encrypted config file download (malware-cnc.rules) * 1:26723 <-> DISABLED <-> MALWARE-CNC Trojan Downloader7 (malware-cnc.rules) * 1:26725 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc http command (malware-cnc.rules) * 1:26726 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc stop command (malware-cnc.rules) * 1:26727 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc die command (malware-cnc.rules) * 1:26728 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc sleep command (malware-cnc.rules) * 1:26729 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc simple command (malware-cnc.rules) * 1:26730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc loginpost command (malware-cnc.rules) * 1:26731 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc datapost command (malware-cnc.rules) * 1:26732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc syn command (malware-cnc.rules) * 1:26733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udp command (malware-cnc.rules) * 1:26734 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udpdata command (malware-cnc.rules) * 1:26735 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc data command (malware-cnc.rules) * 1:26736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc icmp command (malware-cnc.rules) * 1:26737 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc tcpdata command (malware-cnc.rules) * 1:26738 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dataget command (malware-cnc.rules) * 1:26739 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc connect command (malware-cnc.rules) * 1:26740 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dns command (malware-cnc.rules) * 1:26741 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc exec command (malware-cnc.rules) * 1:26742 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc resolve command (malware-cnc.rules) * 1:26743 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc antiddos command (malware-cnc.rules) * 1:26744 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc range command (malware-cnc.rules) * 1:26745 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc ftp command (malware-cnc.rules) * 1:26746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc download command (malware-cnc.rules) * 1:26747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc fastddos command (malware-cnc.rules) * 1:26751 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - msctls_progress32 (malware-cnc.rules) * 1:28012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:28861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Roxfora variant outbound connection (malware-cnc.rules) * 1:26748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc slowhttp command (malware-cnc.rules) * 1:26750 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc full command (malware-cnc.rules) * 1:26756 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Datcaen variant outbound connection (malware-cnc.rules) * 1:26757 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Datcaen variant outbound connection (malware-cnc.rules) * 1:26758 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elefin variant outbound connection (malware-cnc.rules) * 1:26763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:26770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:26771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:26774 <-> DISABLED <-> MALWARE-CNC Win.Worm.Luder variant outbound connection (malware-cnc.rules) * 1:26775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker variant outbound connection HTTP Header Structure (malware-cnc.rules) * 1:26776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker variant outbound connection POST (malware-cnc.rules) * 1:26777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:26779 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex encrypted POST check-in (malware-cnc.rules) * 1:26780 <-> DISABLED <-> MALWARE-CNC cridex HTTP Response - default0.js (malware-cnc.rules) * 1:26785 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qrmon variant outbound connection (malware-cnc.rules) * 1:26792 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbula variant outbound connection (malware-cnc.rules) * 1:26793 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbula variant initial CNC contact (malware-cnc.rules) * 1:26809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor.Tomvode variant outbound connection (malware-cnc.rules) * 1:26811 <-> DISABLED <-> MALWARE-CNC XP Fake Antivirus Payment Page Request (malware-cnc.rules) * 1:26812 <-> DISABLED <-> MALWARE-CNC XP Fake Antivirus Check-in (malware-cnc.rules) * 1:26813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato CMS spambot check-in (malware-cnc.rules) * 1:26815 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.KitM variant outbound connection user-agent (malware-cnc.rules) * 1:26816 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.KitM variant outbound connection (malware-cnc.rules) * 1:26818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Zawat variant outbound connection (malware-cnc.rules) * 1:26819 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Datash variant outbound connection (malware-cnc.rules) * 1:26820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Datash variant outbound connection (malware-cnc.rules) * 1:26822 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules) * 1:26828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uperti variant outbound connection (malware-cnc.rules) * 1:26835 <-> DISABLED <-> MALWARE-CNC RDN Banker POST variant outbound connection (malware-cnc.rules) * 1:26836 <-> DISABLED <-> MALWARE-CNC RDN Banker Strange Google Traffic (malware-cnc.rules) * 1:26837 <-> DISABLED <-> MALWARE-CNC BitBot Idle C2 response (malware-cnc.rules) * 1:26840 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (malware-cnc.rules) * 1:26841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (malware-cnc.rules) * 1:26880 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zotob.E gc.exe download (malware-cnc.rules) * 1:26911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules) * 1:26912 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules) * 1:26923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:26924 <-> DISABLED <-> MALWARE-CNC Potential Gozi Trojan HTTP Header Structure (malware-cnc.rules) * 1:26930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules) * 1:26931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules) * 1:26932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules) * 1:26940 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TripleNine RAT beacon (malware-cnc.rules) * 1:26941 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PipCreat RAT dropper download (malware-cnc.rules) * 1:26942 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PipCreat RAT beacon (malware-cnc.rules) * 1:26943 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Post_Show RAT beacon (malware-cnc.rules) * 1:26944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Post_Show RAT beacon (malware-cnc.rules) * 1:26945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bisonal RAT beacon (malware-cnc.rules) * 1:26946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uptime RAT beacon (malware-cnc.rules) * 1:26952 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcim variant outbound connection (malware-cnc.rules) * 1:26954 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Talsab variant outbound connection (malware-cnc.rules) * 1:26955 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Talsab variant outbound connection (malware-cnc.rules) * 1:26965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Facebook Secure Cryptor C2 (malware-cnc.rules) * 1:26966 <-> DISABLED <-> MALWARE-CNC Win32/Autorun.JN variant outbound connection (malware-cnc.rules) * 1:26967 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules) * 1:26968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi Data Theft POST Data (malware-cnc.rules) * 1:26969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi Trojan Data Theft POST URL (malware-cnc.rules) * 1:26970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pirminay variant outbound connection (malware-cnc.rules) * 1:26984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector Info Stealer Trojan variant outbound connection (malware-cnc.rules) * 1:26986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xenil variant outbound connection (malware-cnc.rules) * 1:26987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyvadextr variant outbound connection (malware-cnc.rules) * 1:26995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26997 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Morcut variant outbound connection (malware-cnc.rules) * 1:26998 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Morcut file download (malware-cnc.rules) * 1:26999 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chinoxy variant outbound connection (malware-cnc.rules) * 1:27000 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chinoxy variant outbound connection (malware-cnc.rules) * 1:27002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:27003 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:27007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:27008 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:27010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot payment .scr download (malware-cnc.rules) * 1:27012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant outbound connection (malware-cnc.rules) * 1:27013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant inbound connection (malware-cnc.rules) * 1:27014 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epipenwa variant outbound connection (malware-cnc.rules) * 1:27017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato variant inbound response connection (malware-cnc.rules) * 1:27021 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Layvam variant outbound connection (malware-cnc.rules) * 1:27022 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules) * 1:27023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules) * 1:27033 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Transhell variant outbound connection user-agent (malware-cnc.rules) * 1:27039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.OnlineGameHack variant outbound connection (malware-cnc.rules) * 1:27044 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string pb - Htbot (malware-cnc.rules) * 1:27045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker Download (malware-cnc.rules) * 1:27049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dokstormac variant outbound connection (malware-cnc.rules) * 1:27054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant outbound connection (malware-cnc.rules) * 1:27058 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.HackBack variant outbound connection (malware-cnc.rules) * 1:27093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules) * 1:27120 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:27169 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atezag variant outbound connection (malware-cnc.rules) * 1:27199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meredrop variant outbound connection GET Request (malware-cnc.rules) * 1:27200 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meredrop variant outbound connection POST Request (malware-cnc.rules) * 1:27201 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neurevt variant outbound connection (malware-cnc.rules) * 1:27248 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue - Mozi1la User-Agent (malware-cnc.rules) * 1:27252 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess 111-byte URL variant outbound connection (malware-cnc.rules) * 1:27256 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik Drive-by Download Malware (malware-cnc.rules) * 1:27257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptic 7-byte URI Invalid Firefox Headers - no Accept-Language (malware-cnc.rules) * 1:27260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Java.Agent.NFK variant connection (malware-cnc.rules) * 1:27263 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - yahoonews (malware-cnc.rules) * 1:28406 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:26749 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc allhttp command (malware-cnc.rules) * 1:27551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorapu variant outbound connection (malware-cnc.rules) * 1:27558 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bezigate variant outbound connection (malware-cnc.rules) * 1:27567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix malicious download request (malware-cnc.rules) * 1:27577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:27596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redyms variant outbound connection (malware-cnc.rules) * 1:27599 <-> DISABLED <-> MALWARE-CNC Fort Disco Registration variant outbound connection (malware-cnc.rules) * 1:27600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nawpers variant connection (malware-cnc.rules) * 1:27629 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules) * 1:27630 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules) * 1:27631 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules) * 1:27633 <-> DISABLED <-> MALWARE-CNC Worm.Silly variant outbound connection (malware-cnc.rules) * 1:27636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Likseput variant connection (malware-cnc.rules) * 1:27637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syhcmd variant connection (malware-cnc.rules) * 1:27639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epipenwa variant connection (malware-cnc.rules) * 1:27640 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chekafe variant connection (malware-cnc.rules) * 1:27641 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meilat variant connection (malware-cnc.rules) * 1:27642 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downbot variant connection (malware-cnc.rules) * 1:27643 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Betabot variant connection (malware-cnc.rules) * 1:27644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Merong variant connection (malware-cnc.rules) * 1:27645 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Binjo variant outbound connection (malware-cnc.rules) * 1:27648 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker.ZSL variant outbound connection (malware-cnc.rules) * 1:27649 <-> DISABLED <-> MALWARE-CNC Brazilian Banking Trojan data theft (malware-cnc.rules) * 1:27655 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Enchanim variant connection (malware-cnc.rules) * 1:27659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gapz variant connection (malware-cnc.rules) * 1:27660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reabfrus variant connection (malware-cnc.rules) * 1:27661 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reabfrus variant connection (malware-cnc.rules) * 1:27662 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Galfun variant outbound connection (malware-cnc.rules) * 1:27664 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules) * 1:27665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules) * 1:27670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.evf variant connection (malware-cnc.rules) * 1:27678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Goolelo variant connection (malware-cnc.rules) * 1:27679 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules) * 1:27680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess variant outbound connection (malware-cnc.rules) * 1:27699 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tartober variant connection (malware-cnc.rules) * 1:27709 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string umbra (malware-cnc.rules) * 1:27710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string IExplore (malware-cnc.rules) * 1:27711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant outbound connection (malware-cnc.rules) * 1:27720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kolok variant connection (malware-cnc.rules) * 1:27726 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules) * 1:27727 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules) * 1:27728 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules) * 1:27737 <-> DISABLED <-> MALWARE-CNC DNS suspicious .c0m.li dns query (malware-cnc.rules) * 1:27746 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Hanthie variant outbound connection (malware-cnc.rules) * 1:27747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banechant outbound variant connection (malware-cnc.rules) * 1:27759 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Treizt variant connection (malware-cnc.rules) * 1:27774 <-> DISABLED <-> MALWARE-CNC RDN Banker Data Exfiltration (malware-cnc.rules) * 1:27775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:27802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PRISM variant outbound connection (malware-cnc.rules) * 1:27803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PRISM variant outbound connection (malware-cnc.rules) * 1:27805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bisonha variant outbound connection (malware-cnc.rules) * 1:27806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retruse variant connection (malware-cnc.rules) * 1:27811 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mindweq variant connection (malware-cnc.rules) * 1:27817 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenavt connection (malware-cnc.rules) * 1:27864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinowal variant connection (malware-cnc.rules) * 1:27867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper outbound connection (malware-cnc.rules) * 1:27868 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - dt12012 (malware-cnc.rules) * 1:27905 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helauto variant connection (malware-cnc.rules) * 1:27918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:27919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus encrypted POST Data exfiltration (malware-cnc.rules) * 1:27939 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Galock variant connection (malware-cnc.rules) * 1:27955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mevade variant outbound connection (malware-cnc.rules) * 1:27963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lolbot variant outbound connection (malware-cnc.rules) * 1:27964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules) * 1:27965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eupuds variant connection (malware-cnc.rules) * 1:27966 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:27968 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:27969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Updays variant connection (malware-cnc.rules) * 1:27970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus dropper variant connection (malware-cnc.rules) * 1:27980 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /botnet/adduser.php?uid= (malware-cnc.rules) * 1:27981 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /botnet/tasks.php?uid= (malware-cnc.rules) * 1:28005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz outbound command (malware-cnc.rules) * 1:28007 <-> DISABLED <-> MALWARE-CNC BLYPT installer startupkey outbound traffic (malware-cnc.rules) * 1:28008 <-> DISABLED <-> MALWARE-CNC BLYPT installer reuse outbound traffic (malware-cnc.rules) * 1:28009 <-> DISABLED <-> MALWARE-CNC BLYPT installer configkey outbound traffic (malware-cnc.rules) * 1:28010 <-> DISABLED <-> MALWARE-CNC BLYPT installer tserror outbound traffic (malware-cnc.rules) * 1:27533 <-> DISABLED <-> MALWARE-CNC Potential Win.Trojan.Kraziomel Download - 000.jpg (malware-cnc.rules) * 1:28011 <-> DISABLED <-> MALWARE-CNC BLYPT installer createproc outbound traffic (malware-cnc.rules) * 1:28097 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ohlat variant connection (malware-cnc.rules) * 1:28117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /install.htm GET Encrypted Payload (malware-cnc.rules) * 1:28857 <-> DISABLED <-> MALWARE-CNC Adwind UNRECOM connnection back to cnc server (malware-cnc.rules) * 1:28106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload information upload (malware-cnc.rules) * 1:28804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector outbound connection (malware-cnc.rules) * 1:28147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules) * 1:28802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos outbound connection (malware-cnc.rules) * 1:28543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules) * 1:28114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /default.htm GET Encrypted Payload (malware-cnc.rules) * 1:28808 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Ptiger variant outbound connection (malware-cnc.rules) * 1:28120 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /start.htm GET Encrypted Payload (malware-cnc.rules) * 1:28210 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules) * 1:28399 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Tsunami outbound connection (malware-cnc.rules) * 1:28820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:28300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant connection (malware-cnc.rules) * 1:28242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KanKan variant connection (malware-cnc.rules) * 1:28244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phrovon outbound connection (malware-cnc.rules) * 1:28255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz Potential phishing URL (malware-cnc.rules) * 1:28247 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules) * 1:28484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delpbank variant outbound connection (malware-cnc.rules) * 1:28144 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32.Wpbrutebot variant connection (malware-cnc.rules) * 1:28416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker outbound connection (malware-cnc.rules) * 1:28551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NXI ftp username connection (malware-cnc.rules) * 1:28154 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - MSIE 7.1 (malware-cnc.rules) * 1:28141 <-> DISABLED <-> MALWARE-CNC Win.Trojan.banker outbound connection (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:55931 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant outbound connection attempt (malware-cnc.rules) * 1:55933 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic malicious RemoteConstructor deserialization attempt (server-other.rules) * 1:55929 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9774504-0 download attempt (malware-other.rules) * 1:55930 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9774504-0 download attempt (malware-other.rules) * 1:55932 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic malicious RemoteConstructor deserialization attempt (server-other.rules)
* 1:28094 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Liteol variant connection (malware-cnc.rules) * 1:28084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant connection (malware-cnc.rules) * 1:28074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ADKR connection (malware-cnc.rules) * 1:28853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dipverdle variant outbound connection (malware-cnc.rules) * 1:25979 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lukprofin variant outbound connection (malware-cnc.rules) * 1:28073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32.Kimsuky variant file stealing (malware-cnc.rules) * 1:28075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.gzfw connection (malware-cnc.rules) * 1:28042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Caphaw variant outbound connection (malware-cnc.rules) * 1:28010 <-> DISABLED <-> MALWARE-CNC BLYPT installer tserror outbound traffic (malware-cnc.rules) * 1:28011 <-> DISABLED <-> MALWARE-CNC BLYPT installer createproc outbound traffic (malware-cnc.rules) * 1:28033 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Urausy variant outbound connection (malware-cnc.rules) * 1:28080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar data theft (malware-cnc.rules) * 1:28096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spynet variant connection (malware-cnc.rules) * 1:28009 <-> DISABLED <-> MALWARE-CNC BLYPT installer configkey outbound traffic (malware-cnc.rules) * 1:28005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz outbound command (malware-cnc.rules) * 1:25980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pass (malware-cnc.rules) * 1:28820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:28856 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yowdab variant connection (malware-cnc.rules) * 1:28463 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AllAple Variant ICMP flood (malware-cnc.rules) * 1:28114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /default.htm GET Encrypted Payload (malware-cnc.rules) * 1:48157 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:28886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:28958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jussuc variant outbound connection (malware-cnc.rules) * 1:28362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string SUiCiDE/1.5 (malware-cnc.rules) * 1:28366 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Venik variant outbound connection (malware-cnc.rules) * 1:28807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules) * 1:28563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pkdesco variant outbound connection (malware-cnc.rules) * 1:28326 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zuza variant outbound connection (malware-cnc.rules) * 1:28947 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tapaoux variant connection (malware-cnc.rules) * 1:28551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NXI ftp username connection (malware-cnc.rules) * 1:28141 <-> DISABLED <-> MALWARE-CNC Win.Trojan.banker outbound connection (malware-cnc.rules) * 1:28254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perl.Shellbot variant outbound connection (malware-cnc.rules) * 1:28864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tofsee variant outbound connection (malware-cnc.rules) * 1:28919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant network connectivity check (malware-cnc.rules) * 1:28558 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string getURLdown (malware-cnc.rules) * 1:28116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /home.htm GET Encrypted Payload (malware-cnc.rules) * 1:28007 <-> DISABLED <-> MALWARE-CNC BLYPT installer startupkey outbound traffic (malware-cnc.rules) * 1:28040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules) * 1:28115 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /file.htm GET Encrypted Payload (malware-cnc.rules) * 1:28852 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules) * 1:28120 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /start.htm GET Encrypted Payload (malware-cnc.rules) * 1:28072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Omexo outbound connection (malware-cnc.rules) * 1:26740 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dns command (malware-cnc.rules) * 1:28117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /install.htm GET Encrypted Payload (malware-cnc.rules) * 1:28541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess Download Headers (malware-cnc.rules) * 1:28802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos outbound connection (malware-cnc.rules) * 1:28808 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Ptiger variant outbound connection (malware-cnc.rules) * 1:28604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kasnam variant connection (malware-cnc.rules) * 1:28244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phrovon outbound connection (malware-cnc.rules) * 1:28809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil inbound connection (malware-cnc.rules) * 1:28800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (malware-cnc.rules) * 1:28411 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner variant outbound connection (malware-cnc.rules) * 1:28328 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Hupigon variant outbound connection (malware-cnc.rules) * 1:28373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mutopy variant outbound connection (malware-cnc.rules) * 1:28212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bitsto variant connection (malware-cnc.rules) * 1:28564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pkdesco variant outbound connection (malware-cnc.rules) * 1:28813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ufraie variant outbound connection (malware-cnc.rules) * 1:28565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sluegot variant connection (malware-cnc.rules) * 1:28148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mevade variant outbound connection (malware-cnc.rules) * 1:28405 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:28559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules) * 1:28325 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zuza variant outbound connection (malware-cnc.rules) * 1:28814 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi/Neverquest variant outbound connection (malware-cnc.rules) * 1:28300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant connection (malware-cnc.rules) * 1:28724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent outbound connection (malware-cnc.rules) * 1:28542 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules) * 1:28166 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bifrose variant connection (malware-cnc.rules) * 1:28211 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules) * 1:28529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (malware-cnc.rules) * 1:28118 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /login.htm GET Encrypted Payload (malware-cnc.rules) * 1:28154 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - MSIE 7.1 (malware-cnc.rules) * 1:28547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:28418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Dtcontx outbound connection (malware-cnc.rules) * 1:28239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tuxido outbound connection (malware-cnc.rules) * 1:28399 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Tsunami outbound connection (malware-cnc.rules) * 1:28121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /welcome.htm GET Encrypted Payload (malware-cnc.rules) * 1:28486 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Codiltak variant outbound connection (malware-cnc.rules) * 1:28548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.chfx variant outbound connection (malware-cnc.rules) * 1:28553 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /main.htm GET Encrypted Payload (malware-cnc.rules) * 1:28606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Surtr variant connection (malware-cnc.rules) * 1:28444 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CBgate variant outbound connection (malware-cnc.rules) * 1:28543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules) * 1:28209 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules) * 1:28105 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:28561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plugx outbound connection (malware-cnc.rules) * 1:28799 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mxtcycle variant outbound connection (malware-cnc.rules) * 1:28406 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:28134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant connection (malware-cnc.rules) * 1:28860 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Nitedrem (malware-cnc.rules) * 1:28079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar variant outbound connection (malware-cnc.rules) * 1:27200 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meredrop variant outbound connection POST Request (malware-cnc.rules) * 1:28147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules) * 1:28095 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Liteol variant connection (malware-cnc.rules) * 1:28816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Siluhdur variant outbound connection (malware-cnc.rules) * 1:28805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Palevo outbound connection (malware-cnc.rules) * 1:28416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker outbound connection (malware-cnc.rules) * 1:28861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Roxfora variant outbound connection (malware-cnc.rules) * 1:28949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishlog variant outbound connection (malware-cnc.rules) * 1:28960 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alurewo outbound connection (malware-cnc.rules) * 1:28918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant network connectivity check (malware-cnc.rules) * 1:28562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sidopa variant outbound connection (malware-cnc.rules) * 1:28144 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32.Wpbrutebot variant connection (malware-cnc.rules) * 1:28948 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishlog variant outbound connection (malware-cnc.rules) * 1:28940 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix malicious download (malware-cnc.rules) * 1:28859 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent z00sAgent - Win.Trojan.Zbot (malware-cnc.rules) * 1:28914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Anony variant connection (malware-cnc.rules) * 1:28930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeav variant outbound data connection (malware-cnc.rules) * 1:28485 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Khalog variant outbound connection (malware-cnc.rules) * 1:26741 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc exec command (malware-cnc.rules) * 1:27637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syhcmd variant connection (malware-cnc.rules) * 1:25991 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (malware-cnc.rules) * 1:25990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (malware-cnc.rules) * 1:25570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medialabs variant outbound connection (malware-cnc.rules) * 1:25571 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medialabs variant outbound connection (malware-cnc.rules) * 1:25572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut variant outbound connection (malware-cnc.rules) * 1:25577 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Necurs possible URI with encrypted POST (malware-cnc.rules) * 1:25599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gupboot variant outbound connection (malware-cnc.rules) * 1:25600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dilavtor variant outbound connection (malware-cnc.rules) * 1:25609 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:25610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mofsmall variant outbound connection (malware-cnc.rules) * 1:25623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jimpime variant outbound connection (malware-cnc.rules) * 1:25625 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Daws variant outbound connection (malware-cnc.rules) * 1:25626 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:25628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant connect to cnc-server (malware-cnc.rules) * 1:25632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Golisy variant outbound connection (malware-cnc.rules) * 1:25652 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptic variant outbound connection (malware-cnc.rules) * 1:25660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules) * 1:25661 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules) * 1:25662 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chowspy variant outbound connection (malware-cnc.rules) * 1:25663 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rimod variant outbound connection (malware-cnc.rules) * 1:25665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sycomder variant outbound connection (malware-cnc.rules) * 1:25666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25667 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nflog variant outbound connection (malware-cnc.rules) * 1:25668 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nflog variant outbound connection (malware-cnc.rules) * 1:25669 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Selasloot variant outbound connection (malware-cnc.rules) * 1:25671 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25672 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound connection (malware-cnc.rules) * 1:25673 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.QQDragon variant outbound connection (malware-cnc.rules) * 1:25674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shimwoc variant outbound connection (malware-cnc.rules) * 1:25675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeavlock variant outbound connection (malware-cnc.rules) * 1:25765 <-> DISABLED <-> MALWARE-CNC Trojan Agent YEH variant outbound connection (malware-cnc.rules) * 1:25766 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:25807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Urausy Botnet variant outbound connection (malware-cnc.rules) * 1:25829 <-> DISABLED <-> MALWARE-CNC Trojan Banker FTC variant outbound connection (malware-cnc.rules) * 1:25854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection - MSIE7 No Referer No Cookie (malware-cnc.rules) * 1:25863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.QBundle variant outbound connection (malware-cnc.rules) * 1:25865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boolflot variant outbound connection (malware-cnc.rules) * 1:25974 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26202 <-> DISABLED <-> MALWARE-CNC VBS.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malex variant outbound connection (malware-cnc.rules) * 1:25992 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules) * 1:25993 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules) * 1:25994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reswor variant outbound connection (malware-cnc.rules) * 1:26010 <-> DISABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules) * 1:26011 <-> DISABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules) * 1:26019 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bredo variant outbound connection (malware-cnc.rules) * 1:26023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant in.php outbound connection (malware-cnc.rules) * 1:26024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wecod variant outbound connection (malware-cnc.rules) * 1:26072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locati variant outbound connection (malware-cnc.rules) * 1:26075 <-> DISABLED <-> MALWARE-CNC Bancos variant outbound connection SQL query POST data (malware-cnc.rules) * 1:26086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Exicon variant outbound connection (malware-cnc.rules) * 1:26088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Encriyoko variant outbound connection (malware-cnc.rules) * 1:26106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:26115 <-> DISABLED <-> MALWARE-CNC NSIS.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26116 <-> DISABLED <-> MALWARE-CNC NSIS.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarctox variant outbound connection (malware-cnc.rules) * 1:26118 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26201 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lobparck variant outbound connection (malware-cnc.rules) * 1:25551 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dipasik variant outbound connection (malware-cnc.rules) * 1:27970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus dropper variant connection (malware-cnc.rules) * 1:27248 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue - Mozi1la User-Agent (malware-cnc.rules) * 1:27252 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess 111-byte URL variant outbound connection (malware-cnc.rules) * 1:27256 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik Drive-by Download Malware (malware-cnc.rules) * 1:27257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptic 7-byte URI Invalid Firefox Headers - no Accept-Language (malware-cnc.rules) * 1:27260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Java.Agent.NFK variant connection (malware-cnc.rules) * 1:27263 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - yahoonews (malware-cnc.rules) * 1:27533 <-> DISABLED <-> MALWARE-CNC Potential Win.Trojan.Kraziomel Download - 000.jpg (malware-cnc.rules) * 1:27551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorapu variant outbound connection (malware-cnc.rules) * 1:27558 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bezigate variant outbound connection (malware-cnc.rules) * 1:27567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix malicious download request (malware-cnc.rules) * 1:27577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:27596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redyms variant outbound connection (malware-cnc.rules) * 1:27599 <-> DISABLED <-> MALWARE-CNC Fort Disco Registration variant outbound connection (malware-cnc.rules) * 1:27600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nawpers variant connection (malware-cnc.rules) * 1:27629 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules) * 1:27630 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules) * 1:27631 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules) * 1:27633 <-> DISABLED <-> MALWARE-CNC Worm.Silly variant outbound connection (malware-cnc.rules) * 1:27636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Likseput variant connection (malware-cnc.rules) * 1:26203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gupd variant outbound connection (malware-cnc.rules) * 1:27639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epipenwa variant connection (malware-cnc.rules) * 1:27640 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chekafe variant connection (malware-cnc.rules) * 1:27641 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meilat variant connection (malware-cnc.rules) * 1:27642 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downbot variant connection (malware-cnc.rules) * 1:27643 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Betabot variant connection (malware-cnc.rules) * 1:27644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Merong variant connection (malware-cnc.rules) * 1:27645 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Binjo variant outbound connection (malware-cnc.rules) * 1:27647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nelaja variant outbound connection (malware-cnc.rules) * 1:27648 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker.ZSL variant outbound connection (malware-cnc.rules) * 1:27649 <-> DISABLED <-> MALWARE-CNC Brazilian Banking Trojan data theft (malware-cnc.rules) * 1:27655 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Enchanim variant connection (malware-cnc.rules) * 1:27659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gapz variant connection (malware-cnc.rules) * 1:27660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reabfrus variant connection (malware-cnc.rules) * 1:27661 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reabfrus variant connection (malware-cnc.rules) * 1:27662 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Galfun variant outbound connection (malware-cnc.rules) * 1:27664 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules) * 1:27665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules) * 1:27670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.evf variant connection (malware-cnc.rules) * 1:27678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Goolelo variant connection (malware-cnc.rules) * 1:27679 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules) * 1:27680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess variant outbound connection (malware-cnc.rules) * 1:27699 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tartober variant connection (malware-cnc.rules) * 1:27709 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string umbra (malware-cnc.rules) * 1:27710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string IExplore (malware-cnc.rules) * 1:27711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant outbound connection (malware-cnc.rules) * 1:27720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kolok variant connection (malware-cnc.rules) * 1:27726 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules) * 1:27727 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules) * 1:27728 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules) * 1:27737 <-> DISABLED <-> MALWARE-CNC DNS suspicious .c0m.li dns query (malware-cnc.rules) * 1:27746 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Hanthie variant outbound connection (malware-cnc.rules) * 1:27747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banechant outbound variant connection (malware-cnc.rules) * 1:27759 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Treizt variant connection (malware-cnc.rules) * 1:27774 <-> DISABLED <-> MALWARE-CNC RDN Banker Data Exfiltration (malware-cnc.rules) * 1:27775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:27802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PRISM variant outbound connection (malware-cnc.rules) * 1:27803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PRISM variant outbound connection (malware-cnc.rules) * 1:27805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bisonha variant outbound connection (malware-cnc.rules) * 1:27806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retruse variant connection (malware-cnc.rules) * 1:27811 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mindweq variant connection (malware-cnc.rules) * 1:27817 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenavt connection (malware-cnc.rules) * 1:27864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinowal variant connection (malware-cnc.rules) * 1:27867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper outbound connection (malware-cnc.rules) * 1:27868 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - dt12012 (malware-cnc.rules) * 1:27905 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helauto variant connection (malware-cnc.rules) * 1:27918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:27919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus encrypted POST Data exfiltration (malware-cnc.rules) * 1:27939 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Galock variant connection (malware-cnc.rules) * 1:27955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mevade variant outbound connection (malware-cnc.rules) * 1:27963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lolbot variant outbound connection (malware-cnc.rules) * 1:27964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules) * 1:27965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eupuds variant connection (malware-cnc.rules) * 1:27966 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:27968 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:27969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Updays variant connection (malware-cnc.rules) * 1:28143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos outbound connection (malware-cnc.rules) * 1:27199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meredrop variant outbound connection GET Request (malware-cnc.rules) * 1:28097 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ohlat variant connection (malware-cnc.rules) * 1:28857 <-> DISABLED <-> MALWARE-CNC Adwind UNRECOM connnection back to cnc server (malware-cnc.rules) * 1:28106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload information upload (malware-cnc.rules) * 1:28484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delpbank variant outbound connection (malware-cnc.rules) * 1:28538 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox/Kuluoz variant connection (malware-cnc.rules) * 1:28528 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (malware-cnc.rules) * 1:28242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KanKan variant connection (malware-cnc.rules) * 1:28125 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant connection (malware-cnc.rules) * 1:28417 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Molgomsg variant outbound connection (malware-cnc.rules) * 1:28250 <-> DISABLED <-> MALWARE-CNC Security Cleaner Pro Install Confirmation (malware-cnc.rules) * 1:28323 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:28554 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /online.htm GET Encrypted Payload (malware-cnc.rules) * 1:28119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /search.htm GET Encrypted Payload (malware-cnc.rules) * 1:28234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hdslogger outbound connection (malware-cnc.rules) * 1:28560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plugx FTP keepalive outbound connection (malware-cnc.rules) * 1:28122 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /index.htm GET Encrypted Payload (malware-cnc.rules) * 1:28446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant SQL check-in (malware-cnc.rules) * 1:28247 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules) * 1:28858 <-> DISABLED <-> MALWARE-CNC Adwind UNRECOM connnection back to cnc server (malware-cnc.rules) * 1:28012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:28045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBKrypt variant connection (malware-cnc.rules) * 1:28044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker variant connection (malware-cnc.rules) * 1:25987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upof variant outbound connection (malware-cnc.rules) * 1:28155 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - MSIE 7.2 (malware-cnc.rules) * 1:28008 <-> DISABLED <-> MALWARE-CNC BLYPT installer reuse outbound traffic (malware-cnc.rules) * 1:28815 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi/Neverquest variant outbound connection (malware-cnc.rules) * 1:28153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - /html2/ (malware-cnc.rules) * 1:28255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz Potential phishing URL (malware-cnc.rules) * 1:28192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz Potential Phishing URL (malware-cnc.rules) * 1:28419 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tesch variant outbound connection (malware-cnc.rules) * 1:28146 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Salgorea variant connection (malware-cnc.rules) * 1:28210 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules) * 1:28230 <-> DISABLED <-> MALWARE-CNC Boot.Bootroot Variant data upload (malware-cnc.rules) * 1:28605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kasnam variant connection (malware-cnc.rules) * 1:28123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /setup.htm GET Encrypted Payload (malware-cnc.rules) * 1:28810 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection - MSIE7 No Referer No Cookie (malware-cnc.rules) * 1:28607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:28804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector outbound connection (malware-cnc.rules) * 1:28415 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:27981 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /botnet/tasks.php?uid= (malware-cnc.rules) * 1:28216 <-> DISABLED <-> MALWARE-CNC known malware FTP login (malware-cnc.rules) * 1:28107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload download (malware-cnc.rules) * 1:28803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector inbound connection (malware-cnc.rules) * 1:28599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Lesirt variant outbound connection (malware-cnc.rules) * 1:28285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.hdog connectivity check-in version 2 (malware-cnc.rules) * 1:28410 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner variant outbound connection (malware-cnc.rules) * 1:27980 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /botnet/adduser.php?uid= (malware-cnc.rules) * 1:26742 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc resolve command (malware-cnc.rules) * 1:25547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules) * 1:25978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lukprofin variant outbound connection (malware-cnc.rules) * 1:25553 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (malware-cnc.rules) * 1:26211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eldorado variant outbound connection (malware-cnc.rules) * 1:26238 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Snopexy variant outbound connection (malware-cnc.rules) * 1:26239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stehlox variant outbound connection (malware-cnc.rules) * 1:26240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vkeikooc variant outbound connection (malware-cnc.rules) * 1:26244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Troll variant outbound connection (malware-cnc.rules) * 1:26245 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:26248 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent cibabam (malware-cnc.rules) * 1:26249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Sonide variant outbound connection (malware-cnc.rules) * 1:26260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Vectmp variant outbound connection (malware-cnc.rules) * 1:26266 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26267 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Surok variant outbound connection (malware-cnc.rules) * 1:26285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Garveep variant outbound connection (malware-cnc.rules) * 1:26288 <-> DISABLED <-> MALWARE-CNC Brontok Worm variant outbound connection (malware-cnc.rules) * 1:26289 <-> DISABLED <-> MALWARE-CNC Daws Trojan Outbound Plaintext over SSL Port (malware-cnc.rules) * 1:26319 <-> DISABLED <-> MALWARE-CNC file path used as User-Agent - potential Trojan (malware-cnc.rules) * 1:26325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:26327 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Flashfake variant outbound connection (malware-cnc.rules) * 1:26331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qhost variant outbound connection (malware-cnc.rules) * 1:26335 <-> DISABLED <-> MALWARE-CNC FBI Ransom Trojan variant outbound connection (malware-cnc.rules) * 1:26370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - ksa.txt (malware-cnc.rules) * 1:26371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - op POST (malware-cnc.rules) * 1:26398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue variant outbound connection (malware-cnc.rules) * 1:26428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:26444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26445 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler variant outbound connection (malware-cnc.rules) * 1:26448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakesig variant outbound connection (malware-cnc.rules) * 1:26449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules) * 1:26463 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linog.A variant outbound connection (malware-cnc.rules) * 1:26464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linog.A variant outbound connection (malware-cnc.rules) * 1:26467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Magic variant inbound connection (malware-cnc.rules) * 1:26480 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot fake PNG config file download without User-Agent (malware-cnc.rules) * 1:26482 <-> DISABLED <-> MALWARE-CNC Unknown Thinner Encrypted POST botnet C&C (malware-cnc.rules) * 1:26522 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent NOKIAN95/WEB (malware-cnc.rules) * 1:26533 <-> DISABLED <-> MALWARE-CNC Unknown malware - Incorrect headers - Referer HTTP/1.0 (malware-cnc.rules) * 1:26558 <-> DISABLED <-> MALWARE-CNC User-Agent known Malicious user agent Brutus AET (malware-cnc.rules) * 1:26560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - getcomando POST data (malware-cnc.rules) * 1:26561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:26563 <-> DISABLED <-> MALWARE-CNC Harakit botnet traffic (malware-cnc.rules) * 1:26576 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules) * 1:26577 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent Opera 10 (malware-cnc.rules) * 1:26578 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy/FakeAV Checkin with IE6 User-Agent (malware-cnc.rules) * 1:26579 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy/FakeAV Checkin with IE6 User-Agent (malware-cnc.rules) * 1:26604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bydra variant outbound connection (malware-cnc.rules) * 1:26605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bydra variant outbound connection (malware-cnc.rules) * 1:26606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sosork variant outbound connection (malware-cnc.rules) * 1:26607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korlia variant outbound connection (malware-cnc.rules) * 1:26608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rocra variant outbound connection (malware-cnc.rules) * 1:26609 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Dockster variant outbound connection (malware-cnc.rules) * 1:26613 <-> DISABLED <-> MALWARE-CNC Medfos Trojan variant outbound connection (malware-cnc.rules) * 1:26656 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Travnet Botnet data upload (malware-cnc.rules) * 1:26657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz variant outbound connection (malware-cnc.rules) * 1:26677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:26678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:26679 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:26680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:26681 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:26683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shyape variant outbound connection (malware-cnc.rules) * 1:26684 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neshax variant outbound connection (malware-cnc.rules) * 1:26685 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string J13A (malware-cnc.rules) * 1:26686 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alina (malware-cnc.rules) * 1:26690 <-> DISABLED <-> MALWARE-CNC Miniduke server contact (malware-cnc.rules) * 1:26691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UFRStealer variant outbound connection (malware-cnc.rules) * 1:26692 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyremoav variant outbound connection (malware-cnc.rules) * 1:26695 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Namihno variant outbound request (malware-cnc.rules) * 1:26696 <-> DISABLED <-> MALWARE-CNC Cbeplay Ransomware variant outbound connection - Abnormal HTTP Headers (malware-cnc.rules) * 1:26697 <-> DISABLED <-> MALWARE-CNC Cbeplay Ransomware variant outbound connection - POST Body (malware-cnc.rules) * 1:26702 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win (malware-cnc.rules) * 1:26703 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upero variant outbound connection (malware-cnc.rules) * 1:26712 <-> DISABLED <-> MALWARE-CNC Kazy Trojan check-in (malware-cnc.rules) * 1:26713 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 1 outbound traffic (malware-cnc.rules) * 1:26714 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 2 outbound traffic (malware-cnc.rules) * 1:26715 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 3 outbound traffic (malware-cnc.rules) * 1:26719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules) * 1:26720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules) * 1:26721 <-> DISABLED <-> MALWARE-CNC Pushdo Spiral Traffic (malware-cnc.rules) * 1:26722 <-> DISABLED <-> MALWARE-CNC Bancos fake JPG encrypted config file download (malware-cnc.rules) * 1:26723 <-> DISABLED <-> MALWARE-CNC Trojan Downloader7 (malware-cnc.rules) * 1:26725 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc http command (malware-cnc.rules) * 1:26726 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc stop command (malware-cnc.rules) * 1:26727 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc die command (malware-cnc.rules) * 1:26728 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc sleep command (malware-cnc.rules) * 1:26729 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc simple command (malware-cnc.rules) * 1:26730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc loginpost command (malware-cnc.rules) * 1:26731 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc datapost command (malware-cnc.rules) * 1:26732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc syn command (malware-cnc.rules) * 1:26733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udp command (malware-cnc.rules) * 1:26734 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udpdata command (malware-cnc.rules) * 1:26735 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc data command (malware-cnc.rules) * 1:26736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc icmp command (malware-cnc.rules) * 1:26737 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc tcpdata command (malware-cnc.rules) * 1:26738 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dataget command (malware-cnc.rules) * 1:26743 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc antiddos command (malware-cnc.rules) * 1:27201 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neurevt variant outbound connection (malware-cnc.rules) * 1:26739 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc connect command (malware-cnc.rules) * 1:26744 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc range command (malware-cnc.rules) * 1:26745 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc ftp command (malware-cnc.rules) * 1:26746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc download command (malware-cnc.rules) * 1:26747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc fastddos command (malware-cnc.rules) * 1:26748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc slowhttp command (malware-cnc.rules) * 1:26749 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc allhttp command (malware-cnc.rules) * 1:26750 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc full command (malware-cnc.rules) * 1:26751 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - msctls_progress32 (malware-cnc.rules) * 1:26756 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Datcaen variant outbound connection (malware-cnc.rules) * 1:26757 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Datcaen variant outbound connection (malware-cnc.rules) * 1:26758 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elefin variant outbound connection (malware-cnc.rules) * 1:26763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:26770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:26771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:26774 <-> DISABLED <-> MALWARE-CNC Win.Worm.Luder variant outbound connection (malware-cnc.rules) * 1:26775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker variant outbound connection HTTP Header Structure (malware-cnc.rules) * 1:26776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker variant outbound connection POST (malware-cnc.rules) * 1:26777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:26779 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex encrypted POST check-in (malware-cnc.rules) * 1:26780 <-> DISABLED <-> MALWARE-CNC cridex HTTP Response - default0.js (malware-cnc.rules) * 1:26785 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qrmon variant outbound connection (malware-cnc.rules) * 1:26792 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbula variant outbound connection (malware-cnc.rules) * 1:26793 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbula variant initial CNC contact (malware-cnc.rules) * 1:26809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor.Tomvode variant outbound connection (malware-cnc.rules) * 1:26811 <-> DISABLED <-> MALWARE-CNC XP Fake Antivirus Payment Page Request (malware-cnc.rules) * 1:26812 <-> DISABLED <-> MALWARE-CNC XP Fake Antivirus Check-in (malware-cnc.rules) * 1:26813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato CMS spambot check-in (malware-cnc.rules) * 1:26815 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.KitM variant outbound connection user-agent (malware-cnc.rules) * 1:26816 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.KitM variant outbound connection (malware-cnc.rules) * 1:26818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Zawat variant outbound connection (malware-cnc.rules) * 1:26819 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Datash variant outbound connection (malware-cnc.rules) * 1:26820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Datash variant outbound connection (malware-cnc.rules) * 1:26822 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules) * 1:26828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uperti variant outbound connection (malware-cnc.rules) * 1:26835 <-> DISABLED <-> MALWARE-CNC RDN Banker POST variant outbound connection (malware-cnc.rules) * 1:26836 <-> DISABLED <-> MALWARE-CNC RDN Banker Strange Google Traffic (malware-cnc.rules) * 1:26837 <-> DISABLED <-> MALWARE-CNC BitBot Idle C2 response (malware-cnc.rules) * 1:26840 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (malware-cnc.rules) * 1:26841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (malware-cnc.rules) * 1:26880 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zotob.E gc.exe download (malware-cnc.rules) * 1:26911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules) * 1:26912 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules) * 1:26923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:26924 <-> DISABLED <-> MALWARE-CNC Potential Gozi Trojan HTTP Header Structure (malware-cnc.rules) * 1:26930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules) * 1:26931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules) * 1:26932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules) * 1:26940 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TripleNine RAT beacon (malware-cnc.rules) * 1:26941 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PipCreat RAT dropper download (malware-cnc.rules) * 1:26942 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PipCreat RAT beacon (malware-cnc.rules) * 1:26943 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Post_Show RAT beacon (malware-cnc.rules) * 1:26944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Post_Show RAT beacon (malware-cnc.rules) * 1:26945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bisonal RAT beacon (malware-cnc.rules) * 1:26946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uptime RAT beacon (malware-cnc.rules) * 1:26952 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcim variant outbound connection (malware-cnc.rules) * 1:26954 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Talsab variant outbound connection (malware-cnc.rules) * 1:26955 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Talsab variant outbound connection (malware-cnc.rules) * 1:26965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Facebook Secure Cryptor C2 (malware-cnc.rules) * 1:26966 <-> DISABLED <-> MALWARE-CNC Win32/Autorun.JN variant outbound connection (malware-cnc.rules) * 1:26967 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules) * 1:26968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi Data Theft POST Data (malware-cnc.rules) * 1:26969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi Trojan Data Theft POST URL (malware-cnc.rules) * 1:26970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pirminay variant outbound connection (malware-cnc.rules) * 1:26984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector Info Stealer Trojan variant outbound connection (malware-cnc.rules) * 1:26986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xenil variant outbound connection (malware-cnc.rules) * 1:26987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyvadextr variant outbound connection (malware-cnc.rules) * 1:26995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26997 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Morcut variant outbound connection (malware-cnc.rules) * 1:26998 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Morcut file download (malware-cnc.rules) * 1:26999 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chinoxy variant outbound connection (malware-cnc.rules) * 1:27000 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chinoxy variant outbound connection (malware-cnc.rules) * 1:27002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:27003 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:27007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:27008 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:27010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot payment .scr download (malware-cnc.rules) * 1:27012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant outbound connection (malware-cnc.rules) * 1:27013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant inbound connection (malware-cnc.rules) * 1:27014 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epipenwa variant outbound connection (malware-cnc.rules) * 1:27017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato variant inbound response connection (malware-cnc.rules) * 1:27021 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Layvam variant outbound connection (malware-cnc.rules) * 1:27022 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules) * 1:27023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules) * 1:27033 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Transhell variant outbound connection user-agent (malware-cnc.rules) * 1:27039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.OnlineGameHack variant outbound connection (malware-cnc.rules) * 1:27044 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string pb - Htbot (malware-cnc.rules) * 1:27045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker Download (malware-cnc.rules) * 1:27049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dokstormac variant outbound connection (malware-cnc.rules) * 1:27054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant outbound connection (malware-cnc.rules) * 1:27058 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.HackBack variant outbound connection (malware-cnc.rules) * 1:27093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules) * 1:27120 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:27169 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atezag variant outbound connection (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:55931 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant outbound connection attempt (snort3-malware-cnc.rules) * 1:55933 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic malicious RemoteConstructor deserialization attempt (snort3-server-other.rules) * 1:55929 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9774504-0 download attempt (snort3-malware-other.rules) * 1:55932 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic malicious RemoteConstructor deserialization attempt (snort3-server-other.rules) * 1:55930 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9774504-0 download attempt (snort3-malware-other.rules)
* 1:28115 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /file.htm GET Encrypted Payload (snort3-malware-cnc.rules) * 1:26733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udp command (snort3-malware-cnc.rules) * 1:26607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korlia variant outbound connection (snort3-malware-cnc.rules) * 1:26703 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upero variant outbound connection (snort3-malware-cnc.rules) * 1:26744 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc range command (snort3-malware-cnc.rules) * 1:26613 <-> DISABLED <-> MALWARE-CNC Medfos Trojan variant outbound connection (snort3-malware-cnc.rules) * 1:28211 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (snort3-malware-cnc.rules) * 1:28117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /install.htm GET Encrypted Payload (snort3-malware-cnc.rules) * 1:26737 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc tcpdata command (snort3-malware-cnc.rules) * 1:26720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (snort3-malware-cnc.rules) * 1:26723 <-> DISABLED <-> MALWARE-CNC Trojan Downloader7 (snort3-malware-cnc.rules) * 1:28097 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ohlat variant connection (snort3-malware-cnc.rules) * 1:26738 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dataget command (snort3-malware-cnc.rules) * 1:28123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /setup.htm GET Encrypted Payload (snort3-malware-cnc.rules) * 1:26609 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Dockster variant outbound connection (snort3-malware-cnc.rules) * 1:26730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc loginpost command (snort3-malware-cnc.rules) * 1:28417 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Molgomsg variant outbound connection (snort3-malware-cnc.rules) * 1:28125 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant connection (snort3-malware-cnc.rules) * 1:28230 <-> DISABLED <-> MALWARE-CNC Boot.Bootroot Variant data upload (snort3-malware-cnc.rules) * 1:28856 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yowdab variant connection (snort3-malware-cnc.rules) * 1:28859 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent z00sAgent - Win.Trojan.Zbot (snort3-malware-cnc.rules) * 1:28323 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (snort3-malware-cnc.rules) * 1:28860 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Nitedrem (snort3-malware-cnc.rules) * 1:26702 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win (snort3-malware-cnc.rules) * 1:28529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (snort3-malware-cnc.rules) * 1:28810 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection - MSIE7 No Referer No Cookie (snort3-malware-cnc.rules) * 1:28864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tofsee variant outbound connection (snort3-malware-cnc.rules) * 1:28861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Roxfora variant outbound connection (snort3-malware-cnc.rules) * 1:28547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (snort3-malware-cnc.rules) * 1:28554 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /online.htm GET Encrypted Payload (snort3-malware-cnc.rules) * 1:28399 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Tsunami outbound connection (snort3-malware-cnc.rules) * 1:28121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /welcome.htm GET Encrypted Payload (snort3-malware-cnc.rules) * 1:28415 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:28239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tuxido outbound connection (snort3-malware-cnc.rules) * 1:28486 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Codiltak variant outbound connection (snort3-malware-cnc.rules) * 1:28141 <-> DISABLED <-> MALWARE-CNC Win.Trojan.banker outbound connection (snort3-malware-cnc.rules) * 1:28724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent outbound connection (snort3-malware-cnc.rules) * 1:28606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Surtr variant connection (snort3-malware-cnc.rules) * 1:28250 <-> DISABLED <-> MALWARE-CNC Security Cleaner Pro Install Confirmation (snort3-malware-cnc.rules) * 1:28146 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Salgorea variant connection (snort3-malware-cnc.rules) * 1:28209 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (snort3-malware-cnc.rules) * 1:28444 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CBgate variant outbound connection (snort3-malware-cnc.rules) * 1:28418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Dtcontx outbound connection (snort3-malware-cnc.rules) * 1:28599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Lesirt variant outbound connection (snort3-malware-cnc.rules) * 1:28119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /search.htm GET Encrypted Payload (snort3-malware-cnc.rules) * 1:28799 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mxtcycle variant outbound connection (snort3-malware-cnc.rules) * 1:28561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plugx outbound connection (snort3-malware-cnc.rules) * 1:28410 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner variant outbound connection (snort3-malware-cnc.rules) * 1:28406 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (snort3-malware-cnc.rules) * 1:28247 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (snort3-malware-cnc.rules) * 1:28134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant connection (snort3-malware-cnc.rules) * 1:28362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string SUiCiDE/1.5 (snort3-malware-cnc.rules) * 1:28463 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AllAple Variant ICMP flood (snort3-malware-cnc.rules) * 1:28551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NXI ftp username connection (snort3-malware-cnc.rules) * 1:28528 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (snort3-malware-cnc.rules) * 1:28192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz Potential Phishing URL (snort3-malware-cnc.rules) * 1:28805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Palevo outbound connection (snort3-malware-cnc.rules) * 1:28144 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32.Wpbrutebot variant connection (snort3-malware-cnc.rules) * 1:28326 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zuza variant outbound connection (snort3-malware-cnc.rules) * 1:28116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /home.htm GET Encrypted Payload (snort3-malware-cnc.rules) * 1:28804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector outbound connection (snort3-malware-cnc.rules) * 1:28807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (snort3-malware-cnc.rules) * 1:28366 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Venik variant outbound connection (snort3-malware-cnc.rules) * 1:28802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos outbound connection (snort3-malware-cnc.rules) * 1:28808 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Ptiger variant outbound connection (snort3-malware-cnc.rules) * 1:28562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sidopa variant outbound connection (snort3-malware-cnc.rules) * 1:28558 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string getURLdown (snort3-malware-cnc.rules) * 1:28484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delpbank variant outbound connection (snort3-malware-cnc.rules) * 1:28815 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi/Neverquest variant outbound connection (snort3-malware-cnc.rules) * 1:28538 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox/Kuluoz variant connection (snort3-malware-cnc.rules) * 1:28604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kasnam variant connection (snort3-malware-cnc.rules) * 1:28166 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bifrose variant connection (snort3-malware-cnc.rules) * 1:28212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bitsto variant connection (snort3-malware-cnc.rules) * 1:28328 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Hupigon variant outbound connection (snort3-malware-cnc.rules) * 1:26692 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyremoav variant outbound connection (snort3-malware-cnc.rules) * 1:26691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UFRStealer variant outbound connection (snort3-malware-cnc.rules) * 1:26679 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (snort3-malware-cnc.rules) * 1:26734 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udpdata command (snort3-malware-cnc.rules) * 1:26681 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (snort3-malware-cnc.rules) * 1:26719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (snort3-malware-cnc.rules) * 1:26727 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc die command (snort3-malware-cnc.rules) * 1:26678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (snort3-malware-cnc.rules) * 1:28820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (snort3-malware-cnc.rules) * 1:26690 <-> DISABLED <-> MALWARE-CNC Miniduke server contact (snort3-malware-cnc.rules) * 1:26715 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 3 outbound traffic (snort3-malware-cnc.rules) * 1:26725 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc http command (snort3-malware-cnc.rules) * 1:26736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc icmp command (snort3-malware-cnc.rules) * 1:26680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (snort3-malware-cnc.rules) * 1:26695 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Namihno variant outbound request (snort3-malware-cnc.rules) * 1:26684 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neshax variant outbound connection (snort3-malware-cnc.rules) * 1:28853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dipverdle variant outbound connection (snort3-malware-cnc.rules) * 1:28886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (snort3-malware-cnc.rules) * 1:28405 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (snort3-malware-cnc.rules) * 1:28564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pkdesco variant outbound connection (snort3-malware-cnc.rules) * 1:28153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - /html2/ (snort3-malware-cnc.rules) * 1:26686 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alina (snort3-malware-cnc.rules) * 1:28852 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (snort3-malware-cnc.rules) * 1:28255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz Potential phishing URL (snort3-malware-cnc.rules) * 1:28560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plugx FTP keepalive outbound connection (snort3-malware-cnc.rules) * 1:28559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (snort3-malware-cnc.rules) * 1:28813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ufraie variant outbound connection (snort3-malware-cnc.rules) * 1:28154 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - MSIE 7.1 (snort3-malware-cnc.rules) * 1:28242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KanKan variant connection (snort3-malware-cnc.rules) * 1:28148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mevade variant outbound connection (snort3-malware-cnc.rules) * 1:28416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker outbound connection (snort3-malware-cnc.rules) * 1:28300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant connection (snort3-malware-cnc.rules) * 1:28605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kasnam variant connection (snort3-malware-cnc.rules) * 1:26696 <-> DISABLED <-> MALWARE-CNC Cbeplay Ransomware variant outbound connection - Abnormal HTTP Headers (snort3-malware-cnc.rules) * 1:26742 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc resolve command (snort3-malware-cnc.rules) * 1:26743 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc antiddos command (snort3-malware-cnc.rules) * 1:26712 <-> DISABLED <-> MALWARE-CNC Kazy Trojan check-in (snort3-malware-cnc.rules) * 1:26745 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc ftp command (snort3-malware-cnc.rules) * 1:25547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:25548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (snort3-malware-cnc.rules) * 1:25551 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dipasik variant outbound connection (snort3-malware-cnc.rules) * 1:25553 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (snort3-malware-cnc.rules) * 1:25570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medialabs variant outbound connection (snort3-malware-cnc.rules) * 1:25571 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medialabs variant outbound connection (snort3-malware-cnc.rules) * 1:25572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut variant outbound connection (snort3-malware-cnc.rules) * 1:25577 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Necurs possible URI with encrypted POST (snort3-malware-cnc.rules) * 1:25599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gupboot variant outbound connection (snort3-malware-cnc.rules) * 1:25600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dilavtor variant outbound connection (snort3-malware-cnc.rules) * 1:25609 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (snort3-malware-cnc.rules) * 1:25610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mofsmall variant outbound connection (snort3-malware-cnc.rules) * 1:25623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jimpime variant outbound connection (snort3-malware-cnc.rules) * 1:25625 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Daws variant outbound connection (snort3-malware-cnc.rules) * 1:25626 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (snort3-malware-cnc.rules) * 1:25628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant connect to cnc-server (snort3-malware-cnc.rules) * 1:25632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Golisy variant outbound connection (snort3-malware-cnc.rules) * 1:25652 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptic variant outbound connection (snort3-malware-cnc.rules) * 1:25660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (snort3-malware-cnc.rules) * 1:25661 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (snort3-malware-cnc.rules) * 1:25662 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chowspy variant outbound connection (snort3-malware-cnc.rules) * 1:25663 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rimod variant outbound connection (snort3-malware-cnc.rules) * 1:25665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sycomder variant outbound connection (snort3-malware-cnc.rules) * 1:25666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (snort3-malware-cnc.rules) * 1:25667 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nflog variant outbound connection (snort3-malware-cnc.rules) * 1:28565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sluegot variant connection (snort3-malware-cnc.rules) * 1:25668 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nflog variant outbound connection (snort3-malware-cnc.rules) * 1:26202 <-> DISABLED <-> MALWARE-CNC VBS.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:25672 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound connection (snort3-malware-cnc.rules) * 1:25673 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.QQDragon variant outbound connection (snort3-malware-cnc.rules) * 1:25674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shimwoc variant outbound connection (snort3-malware-cnc.rules) * 1:25675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeavlock variant outbound connection (snort3-malware-cnc.rules) * 1:25765 <-> DISABLED <-> MALWARE-CNC Trojan Agent YEH variant outbound connection (snort3-malware-cnc.rules) * 1:25766 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (snort3-malware-cnc.rules) * 1:25807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Urausy Botnet variant outbound connection (snort3-malware-cnc.rules) * 1:25829 <-> DISABLED <-> MALWARE-CNC Trojan Banker FTC variant outbound connection (snort3-malware-cnc.rules) * 1:25854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection - MSIE7 No Referer No Cookie (snort3-malware-cnc.rules) * 1:25863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.QBundle variant outbound connection (snort3-malware-cnc.rules) * 1:25865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:25866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:25867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:25973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boolflot variant outbound connection (snort3-malware-cnc.rules) * 1:25974 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:25978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lukprofin variant outbound connection (snort3-malware-cnc.rules) * 1:25979 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lukprofin variant outbound connection (snort3-malware-cnc.rules) * 1:25980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pass (snort3-malware-cnc.rules) * 1:25987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upof variant outbound connection (snort3-malware-cnc.rules) * 1:25990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (snort3-malware-cnc.rules) * 1:25991 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (snort3-malware-cnc.rules) * 1:25671 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (snort3-malware-cnc.rules) * 1:26746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc download command (snort3-malware-cnc.rules) * 1:26747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc fastddos command (snort3-malware-cnc.rules) * 1:26748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc slowhttp command (snort3-malware-cnc.rules) * 1:26749 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc allhttp command (snort3-malware-cnc.rules) * 1:26750 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc full command (snort3-malware-cnc.rules) * 1:26751 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - msctls_progress32 (snort3-malware-cnc.rules) * 1:26756 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Datcaen variant outbound connection (snort3-malware-cnc.rules) * 1:26757 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Datcaen variant outbound connection (snort3-malware-cnc.rules) * 1:26758 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elefin variant outbound connection (snort3-malware-cnc.rules) * 1:26763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (snort3-malware-cnc.rules) * 1:26770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (snort3-malware-cnc.rules) * 1:26771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (snort3-malware-cnc.rules) * 1:26774 <-> DISABLED <-> MALWARE-CNC Win.Worm.Luder variant outbound connection (snort3-malware-cnc.rules) * 1:26775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker variant outbound connection HTTP Header Structure (snort3-malware-cnc.rules) * 1:26776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker variant outbound connection POST (snort3-malware-cnc.rules) * 1:26777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (snort3-malware-cnc.rules) * 1:26779 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex encrypted POST check-in (snort3-malware-cnc.rules) * 1:26780 <-> DISABLED <-> MALWARE-CNC cridex HTTP Response - default0.js (snort3-malware-cnc.rules) * 1:26785 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qrmon variant outbound connection (snort3-malware-cnc.rules) * 1:26792 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbula variant outbound connection (snort3-malware-cnc.rules) * 1:26793 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbula variant initial CNC contact (snort3-malware-cnc.rules) * 1:26809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor.Tomvode variant outbound connection (snort3-malware-cnc.rules) * 1:26811 <-> DISABLED <-> MALWARE-CNC XP Fake Antivirus Payment Page Request (snort3-malware-cnc.rules) * 1:26812 <-> DISABLED <-> MALWARE-CNC XP Fake Antivirus Check-in (snort3-malware-cnc.rules) * 1:26813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato CMS spambot check-in (snort3-malware-cnc.rules) * 1:26815 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.KitM variant outbound connection user-agent (snort3-malware-cnc.rules) * 1:26816 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.KitM variant outbound connection (snort3-malware-cnc.rules) * 1:26818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Zawat variant outbound connection (snort3-malware-cnc.rules) * 1:26819 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Datash variant outbound connection (snort3-malware-cnc.rules) * 1:26820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Datash variant outbound connection (snort3-malware-cnc.rules) * 1:26822 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (snort3-malware-cnc.rules) * 1:26828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uperti variant outbound connection (snort3-malware-cnc.rules) * 1:26835 <-> DISABLED <-> MALWARE-CNC RDN Banker POST variant outbound connection (snort3-malware-cnc.rules) * 1:26836 <-> DISABLED <-> MALWARE-CNC RDN Banker Strange Google Traffic (snort3-malware-cnc.rules) * 1:26837 <-> DISABLED <-> MALWARE-CNC BitBot Idle C2 response (snort3-malware-cnc.rules) * 1:26840 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:26841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:26880 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zotob.E gc.exe download (snort3-malware-cnc.rules) * 1:26911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (snort3-malware-cnc.rules) * 1:26912 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (snort3-malware-cnc.rules) * 1:26923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (snort3-malware-cnc.rules) * 1:26924 <-> DISABLED <-> MALWARE-CNC Potential Gozi Trojan HTTP Header Structure (snort3-malware-cnc.rules) * 1:26930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (snort3-malware-cnc.rules) * 1:26931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (snort3-malware-cnc.rules) * 1:26932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (snort3-malware-cnc.rules) * 1:26940 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TripleNine RAT beacon (snort3-malware-cnc.rules) * 1:26941 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PipCreat RAT dropper download (snort3-malware-cnc.rules) * 1:26942 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PipCreat RAT beacon (snort3-malware-cnc.rules) * 1:26943 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Post_Show RAT beacon (snort3-malware-cnc.rules) * 1:26944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Post_Show RAT beacon (snort3-malware-cnc.rules) * 1:26945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bisonal RAT beacon (snort3-malware-cnc.rules) * 1:26946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uptime RAT beacon (snort3-malware-cnc.rules) * 1:26952 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcim variant outbound connection (snort3-malware-cnc.rules) * 1:26954 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Talsab variant outbound connection (snort3-malware-cnc.rules) * 1:26955 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Talsab variant outbound connection (snort3-malware-cnc.rules) * 1:26965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Facebook Secure Cryptor C2 (snort3-malware-cnc.rules) * 1:26966 <-> DISABLED <-> MALWARE-CNC Win32/Autorun.JN variant outbound connection (snort3-malware-cnc.rules) * 1:26967 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (snort3-malware-cnc.rules) * 1:26968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi Data Theft POST Data (snort3-malware-cnc.rules) * 1:26969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi Trojan Data Theft POST URL (snort3-malware-cnc.rules) * 1:26970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pirminay variant outbound connection (snort3-malware-cnc.rules) * 1:26984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector Info Stealer Trojan variant outbound connection (snort3-malware-cnc.rules) * 1:26986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xenil variant outbound connection (snort3-malware-cnc.rules) * 1:26987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyvadextr variant outbound connection (snort3-malware-cnc.rules) * 1:26995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:26996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:26997 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Morcut variant outbound connection (snort3-malware-cnc.rules) * 1:26998 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Morcut file download (snort3-malware-cnc.rules) * 1:26999 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chinoxy variant outbound connection (snort3-malware-cnc.rules) * 1:27000 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chinoxy variant outbound connection (snort3-malware-cnc.rules) * 1:27002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:27003 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:27007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (snort3-malware-cnc.rules) * 1:27008 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (snort3-malware-cnc.rules) * 1:27010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot payment .scr download (snort3-malware-cnc.rules) * 1:27012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant outbound connection (snort3-malware-cnc.rules) * 1:27013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant inbound connection (snort3-malware-cnc.rules) * 1:27014 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epipenwa variant outbound connection (snort3-malware-cnc.rules) * 1:27017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato variant inbound response connection (snort3-malware-cnc.rules) * 1:27021 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Layvam variant outbound connection (snort3-malware-cnc.rules) * 1:27022 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (snort3-malware-cnc.rules) * 1:27023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (snort3-malware-cnc.rules) * 1:27033 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Transhell variant outbound connection user-agent (snort3-malware-cnc.rules) * 1:27039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.OnlineGameHack variant outbound connection (snort3-malware-cnc.rules) * 1:27044 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string pb - Htbot (snort3-malware-cnc.rules) * 1:27045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker Download (snort3-malware-cnc.rules) * 1:27049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dokstormac variant outbound connection (snort3-malware-cnc.rules) * 1:27054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant outbound connection (snort3-malware-cnc.rules) * 1:27058 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.HackBack variant outbound connection (snort3-malware-cnc.rules) * 1:27093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (snort3-malware-cnc.rules) * 1:27120 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:27169 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atezag variant outbound connection (snort3-malware-cnc.rules) * 1:27199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meredrop variant outbound connection GET Request (snort3-malware-cnc.rules) * 1:27200 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meredrop variant outbound connection POST Request (snort3-malware-cnc.rules) * 1:27201 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neurevt variant outbound connection (snort3-malware-cnc.rules) * 1:27248 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue - Mozi1la User-Agent (snort3-malware-cnc.rules) * 1:27252 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess 111-byte URL variant outbound connection (snort3-malware-cnc.rules) * 1:27256 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik Drive-by Download Malware (snort3-malware-cnc.rules) * 1:27257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptic 7-byte URI Invalid Firefox Headers - no Accept-Language (snort3-malware-cnc.rules) * 1:26741 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc exec command (snort3-malware-cnc.rules) * 1:27260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Java.Agent.NFK variant connection (snort3-malware-cnc.rules) * 1:27263 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - yahoonews (snort3-malware-cnc.rules) * 1:27558 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bezigate variant outbound connection (snort3-malware-cnc.rules) * 1:27567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix malicious download request (snort3-malware-cnc.rules) * 1:27577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:27596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redyms variant outbound connection (snort3-malware-cnc.rules) * 1:27599 <-> DISABLED <-> MALWARE-CNC Fort Disco Registration variant outbound connection (snort3-malware-cnc.rules) * 1:27600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nawpers variant connection (snort3-malware-cnc.rules) * 1:27629 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (snort3-malware-cnc.rules) * 1:27630 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (snort3-malware-cnc.rules) * 1:27631 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (snort3-malware-cnc.rules) * 1:27633 <-> DISABLED <-> MALWARE-CNC Worm.Silly variant outbound connection (snort3-malware-cnc.rules) * 1:27636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Likseput variant connection (snort3-malware-cnc.rules) * 1:27637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syhcmd variant connection (snort3-malware-cnc.rules) * 1:27639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epipenwa variant connection (snort3-malware-cnc.rules) * 1:27640 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chekafe variant connection (snort3-malware-cnc.rules) * 1:27641 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meilat variant connection (snort3-malware-cnc.rules) * 1:27642 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downbot variant connection (snort3-malware-cnc.rules) * 1:27643 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Betabot variant connection (snort3-malware-cnc.rules) * 1:27644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Merong variant connection (snort3-malware-cnc.rules) * 1:27645 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Binjo variant outbound connection (snort3-malware-cnc.rules) * 1:27647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nelaja variant outbound connection (snort3-malware-cnc.rules) * 1:27648 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker.ZSL variant outbound connection (snort3-malware-cnc.rules) * 1:27649 <-> DISABLED <-> MALWARE-CNC Brazilian Banking Trojan data theft (snort3-malware-cnc.rules) * 1:27655 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Enchanim variant connection (snort3-malware-cnc.rules) * 1:27659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gapz variant connection (snort3-malware-cnc.rules) * 1:27660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reabfrus variant connection (snort3-malware-cnc.rules) * 1:27661 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reabfrus variant connection (snort3-malware-cnc.rules) * 1:27662 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Galfun variant outbound connection (snort3-malware-cnc.rules) * 1:27664 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (snort3-malware-cnc.rules) * 1:27665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (snort3-malware-cnc.rules) * 1:27670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.evf variant connection (snort3-malware-cnc.rules) * 1:27678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Goolelo variant connection (snort3-malware-cnc.rules) * 1:27679 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (snort3-malware-cnc.rules) * 1:27680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess variant outbound connection (snort3-malware-cnc.rules) * 1:27699 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tartober variant connection (snort3-malware-cnc.rules) * 1:27709 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string umbra (snort3-malware-cnc.rules) * 1:27710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string IExplore (snort3-malware-cnc.rules) * 1:27711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant outbound connection (snort3-malware-cnc.rules) * 1:27720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kolok variant connection (snort3-malware-cnc.rules) * 1:27726 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (snort3-malware-cnc.rules) * 1:27727 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (snort3-malware-cnc.rules) * 1:27728 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (snort3-malware-cnc.rules) * 1:27737 <-> DISABLED <-> MALWARE-CNC DNS suspicious .c0m.li dns query (snort3-malware-cnc.rules) * 1:27746 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Hanthie variant outbound connection (snort3-malware-cnc.rules) * 1:27747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banechant outbound variant connection (snort3-malware-cnc.rules) * 1:27759 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Treizt variant connection (snort3-malware-cnc.rules) * 1:27774 <-> DISABLED <-> MALWARE-CNC RDN Banker Data Exfiltration (snort3-malware-cnc.rules) * 1:27775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (snort3-malware-cnc.rules) * 1:27802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PRISM variant outbound connection (snort3-malware-cnc.rules) * 1:27803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PRISM variant outbound connection (snort3-malware-cnc.rules) * 1:27805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bisonha variant outbound connection (snort3-malware-cnc.rules) * 1:27806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retruse variant connection (snort3-malware-cnc.rules) * 1:27811 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mindweq variant connection (snort3-malware-cnc.rules) * 1:27817 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenavt connection (snort3-malware-cnc.rules) * 1:27864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinowal variant connection (snort3-malware-cnc.rules) * 1:27867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper outbound connection (snort3-malware-cnc.rules) * 1:27868 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - dt12012 (snort3-malware-cnc.rules) * 1:27905 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helauto variant connection (snort3-malware-cnc.rules) * 1:27918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (snort3-malware-cnc.rules) * 1:27919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus encrypted POST Data exfiltration (snort3-malware-cnc.rules) * 1:27939 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Galock variant connection (snort3-malware-cnc.rules) * 1:27955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mevade variant outbound connection (snort3-malware-cnc.rules) * 1:27963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lolbot variant outbound connection (snort3-malware-cnc.rules) * 1:27964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (snort3-malware-cnc.rules) * 1:27965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eupuds variant connection (snort3-malware-cnc.rules) * 1:27966 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (snort3-malware-cnc.rules) * 1:27968 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (snort3-malware-cnc.rules) * 1:27969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Updays variant connection (snort3-malware-cnc.rules) * 1:27970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus dropper variant connection (snort3-malware-cnc.rules) * 1:27980 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /botnet/adduser.php?uid= (snort3-malware-cnc.rules) * 1:27981 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /botnet/tasks.php?uid= (snort3-malware-cnc.rules) * 1:28005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz outbound command (snort3-malware-cnc.rules) * 1:28007 <-> DISABLED <-> MALWARE-CNC BLYPT installer startupkey outbound traffic (snort3-malware-cnc.rules) * 1:28008 <-> DISABLED <-> MALWARE-CNC BLYPT installer reuse outbound traffic (snort3-malware-cnc.rules) * 1:28009 <-> DISABLED <-> MALWARE-CNC BLYPT installer configkey outbound traffic (snort3-malware-cnc.rules) * 1:28010 <-> DISABLED <-> MALWARE-CNC BLYPT installer tserror outbound traffic (snort3-malware-cnc.rules) * 1:28011 <-> DISABLED <-> MALWARE-CNC BLYPT installer createproc outbound traffic (snort3-malware-cnc.rules) * 1:28012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (snort3-malware-cnc.rules) * 1:28033 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Urausy variant outbound connection (snort3-malware-cnc.rules) * 1:28040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (snort3-malware-cnc.rules) * 1:28042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Caphaw variant outbound connection (snort3-malware-cnc.rules) * 1:28044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker variant connection (snort3-malware-cnc.rules) * 1:28045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBKrypt variant connection (snort3-malware-cnc.rules) * 1:28072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Omexo outbound connection (snort3-malware-cnc.rules) * 1:28073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32.Kimsuky variant file stealing (snort3-malware-cnc.rules) * 1:28074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ADKR connection (snort3-malware-cnc.rules) * 1:28075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.gzfw connection (snort3-malware-cnc.rules) * 1:28079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar variant outbound connection (snort3-malware-cnc.rules) * 1:28080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar data theft (snort3-malware-cnc.rules) * 1:28084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant connection (snort3-malware-cnc.rules) * 1:28094 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Liteol variant connection (snort3-malware-cnc.rules) * 1:28095 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Liteol variant connection (snort3-malware-cnc.rules) * 1:28096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spynet variant connection (snort3-malware-cnc.rules) * 1:28373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mutopy variant outbound connection (snort3-malware-cnc.rules) * 1:26605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bydra variant outbound connection (snort3-malware-cnc.rules) * 1:27533 <-> DISABLED <-> MALWARE-CNC Potential Win.Trojan.Kraziomel Download - 000.jpg (snort3-malware-cnc.rules) * 1:25993 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (snort3-malware-cnc.rules) * 1:25994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:25996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reswor variant outbound connection (snort3-malware-cnc.rules) * 1:26010 <-> DISABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (snort3-malware-cnc.rules) * 1:26011 <-> DISABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (snort3-malware-cnc.rules) * 1:26019 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bredo variant outbound connection (snort3-malware-cnc.rules) * 1:26023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant in.php outbound connection (snort3-malware-cnc.rules) * 1:26024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wecod variant outbound connection (snort3-malware-cnc.rules) * 1:26072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locati variant outbound connection (snort3-malware-cnc.rules) * 1:26075 <-> DISABLED <-> MALWARE-CNC Bancos variant outbound connection SQL query POST data (snort3-malware-cnc.rules) * 1:26086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Exicon variant outbound connection (snort3-malware-cnc.rules) * 1:26088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Encriyoko variant outbound connection (snort3-malware-cnc.rules) * 1:26106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (snort3-malware-cnc.rules) * 1:26115 <-> DISABLED <-> MALWARE-CNC NSIS.Downloader.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:26116 <-> DISABLED <-> MALWARE-CNC NSIS.Downloader.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:26117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarctox variant outbound connection (snort3-malware-cnc.rules) * 1:26118 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:26119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:26201 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lobparck variant outbound connection (snort3-malware-cnc.rules) * 1:25669 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Selasloot variant outbound connection (snort3-malware-cnc.rules) * 1:26203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gupd variant outbound connection (snort3-malware-cnc.rules) * 1:26204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malex variant outbound connection (snort3-malware-cnc.rules) * 1:26211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eldorado variant outbound connection (snort3-malware-cnc.rules) * 1:26238 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Snopexy variant outbound connection (snort3-malware-cnc.rules) * 1:26239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stehlox variant outbound connection (snort3-malware-cnc.rules) * 1:26240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vkeikooc variant outbound connection (snort3-malware-cnc.rules) * 1:26244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Troll variant outbound connection (snort3-malware-cnc.rules) * 1:26245 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (snort3-malware-cnc.rules) * 1:26248 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent cibabam (snort3-malware-cnc.rules) * 1:26249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Sonide variant outbound connection (snort3-malware-cnc.rules) * 1:26260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Vectmp variant outbound connection (snort3-malware-cnc.rules) * 1:26266 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (snort3-malware-cnc.rules) * 1:26267 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (snort3-malware-cnc.rules) * 1:26268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (snort3-malware-cnc.rules) * 1:26269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (snort3-malware-cnc.rules) * 1:26270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (snort3-malware-cnc.rules) * 1:26271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (snort3-malware-cnc.rules) * 1:26284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Surok variant outbound connection (snort3-malware-cnc.rules) * 1:26285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Garveep variant outbound connection (snort3-malware-cnc.rules) * 1:26288 <-> DISABLED <-> MALWARE-CNC Brontok Worm variant outbound connection (snort3-malware-cnc.rules) * 1:26289 <-> DISABLED <-> MALWARE-CNC Daws Trojan Outbound Plaintext over SSL Port (snort3-malware-cnc.rules) * 1:26319 <-> DISABLED <-> MALWARE-CNC file path used as User-Agent - potential Trojan (snort3-malware-cnc.rules) * 1:26325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (snort3-malware-cnc.rules) * 1:26327 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Flashfake variant outbound connection (snort3-malware-cnc.rules) * 1:26331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qhost variant outbound connection (snort3-malware-cnc.rules) * 1:26335 <-> DISABLED <-> MALWARE-CNC FBI Ransom Trojan variant outbound connection (snort3-malware-cnc.rules) * 1:26370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - ksa.txt (snort3-malware-cnc.rules) * 1:26371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - op POST (snort3-malware-cnc.rules) * 1:26398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue variant outbound connection (snort3-malware-cnc.rules) * 1:26428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (snort3-malware-cnc.rules) * 1:26444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:26445 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:26446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:26447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler variant outbound connection (snort3-malware-cnc.rules) * 1:26448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakesig variant outbound connection (snort3-malware-cnc.rules) * 1:26449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:26450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:26452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (snort3-malware-cnc.rules) * 1:26463 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linog.A variant outbound connection (snort3-malware-cnc.rules) * 1:26464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linog.A variant outbound connection (snort3-malware-cnc.rules) * 1:26467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Magic variant inbound connection (snort3-malware-cnc.rules) * 1:26480 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot fake PNG config file download without User-Agent (snort3-malware-cnc.rules) * 1:26482 <-> DISABLED <-> MALWARE-CNC Unknown Thinner Encrypted POST botnet C&C (snort3-malware-cnc.rules) * 1:26522 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent NOKIAN95/WEB (snort3-malware-cnc.rules) * 1:26533 <-> DISABLED <-> MALWARE-CNC Unknown malware - Incorrect headers - Referer HTTP/1.0 (snort3-malware-cnc.rules) * 1:26558 <-> DISABLED <-> MALWARE-CNC User-Agent known Malicious user agent Brutus AET (snort3-malware-cnc.rules) * 1:26560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - getcomando POST data (snort3-malware-cnc.rules) * 1:26561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (snort3-malware-cnc.rules) * 1:26563 <-> DISABLED <-> MALWARE-CNC Harakit botnet traffic (snort3-malware-cnc.rules) * 1:26576 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (snort3-malware-cnc.rules) * 1:26577 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent Opera 10 (snort3-malware-cnc.rules) * 1:26578 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy/FakeAV Checkin with IE6 User-Agent (snort3-malware-cnc.rules) * 1:26579 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy/FakeAV Checkin with IE6 User-Agent (snort3-malware-cnc.rules) * 1:26604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bydra variant outbound connection (snort3-malware-cnc.rules) * 1:28857 <-> DISABLED <-> MALWARE-CNC Adwind UNRECOM connnection back to cnc server (snort3-malware-cnc.rules) * 1:28106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload information upload (snort3-malware-cnc.rules) * 1:26608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rocra variant outbound connection (snort3-malware-cnc.rules) * 1:28216 <-> DISABLED <-> MALWARE-CNC known malware FTP login (snort3-malware-cnc.rules) * 1:28234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hdslogger outbound connection (snort3-malware-cnc.rules) * 1:28543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (snort3-malware-cnc.rules) * 1:28285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.hdog connectivity check-in version 2 (snort3-malware-cnc.rules) * 1:28446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant SQL check-in (snort3-malware-cnc.rules) * 1:28210 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (snort3-malware-cnc.rules) * 1:28120 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /start.htm GET Encrypted Payload (snort3-malware-cnc.rules) * 1:28419 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tesch variant outbound connection (snort3-malware-cnc.rules) * 1:28809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil inbound connection (snort3-malware-cnc.rules) * 1:28541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess Download Headers (snort3-malware-cnc.rules) * 1:28485 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Khalog variant outbound connection (snort3-malware-cnc.rules) * 1:28553 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /main.htm GET Encrypted Payload (snort3-malware-cnc.rules) * 1:28114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /default.htm GET Encrypted Payload (snort3-malware-cnc.rules) * 1:28143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos outbound connection (snort3-malware-cnc.rules) * 1:28155 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - MSIE 7.2 (snort3-malware-cnc.rules) * 1:28244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phrovon outbound connection (snort3-malware-cnc.rules) * 1:28107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload download (snort3-malware-cnc.rules) * 1:28800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (snort3-malware-cnc.rules) * 1:28563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pkdesco variant outbound connection (snort3-malware-cnc.rules) * 1:28411 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner variant outbound connection (snort3-malware-cnc.rules) * 1:28325 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zuza variant outbound connection (snort3-malware-cnc.rules) * 1:28814 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi/Neverquest variant outbound connection (snort3-malware-cnc.rules) * 1:28548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.chfx variant outbound connection (snort3-malware-cnc.rules) * 1:28803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector inbound connection (snort3-malware-cnc.rules) * 1:28122 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /index.htm GET Encrypted Payload (snort3-malware-cnc.rules) * 1:28542 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (snort3-malware-cnc.rules) * 1:28858 <-> DISABLED <-> MALWARE-CNC Adwind UNRECOM connnection back to cnc server (snort3-malware-cnc.rules) * 1:25992 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (snort3-malware-cnc.rules) * 1:26677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (snort3-malware-cnc.rules) * 1:26739 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc connect command (snort3-malware-cnc.rules) * 1:26683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shyape variant outbound connection (snort3-malware-cnc.rules) * 1:26685 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string J13A (snort3-malware-cnc.rules) * 1:26713 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 1 outbound traffic (snort3-malware-cnc.rules) * 1:26606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sosork variant outbound connection (snort3-malware-cnc.rules) * 1:26740 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dns command (snort3-malware-cnc.rules) * 1:26726 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc stop command (snort3-malware-cnc.rules) * 1:28147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (snort3-malware-cnc.rules) * 1:26722 <-> DISABLED <-> MALWARE-CNC Bancos fake JPG encrypted config file download (snort3-malware-cnc.rules) * 1:26732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc syn command (snort3-malware-cnc.rules) * 1:26735 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc data command (snort3-malware-cnc.rules) * 1:26714 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 2 outbound traffic (snort3-malware-cnc.rules) * 1:27551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorapu variant outbound connection (snort3-malware-cnc.rules) * 1:28105 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (snort3-malware-cnc.rules) * 1:28118 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /login.htm GET Encrypted Payload (snort3-malware-cnc.rules) * 1:26656 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Travnet Botnet data upload (snort3-malware-cnc.rules) * 1:26697 <-> DISABLED <-> MALWARE-CNC Cbeplay Ransomware variant outbound connection - POST Body (snort3-malware-cnc.rules) * 1:26729 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc simple command (snort3-malware-cnc.rules) * 1:28816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Siluhdur variant outbound connection (snort3-malware-cnc.rules) * 1:26721 <-> DISABLED <-> MALWARE-CNC Pushdo Spiral Traffic (snort3-malware-cnc.rules) * 1:26657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz variant outbound connection (snort3-malware-cnc.rules) * 1:26728 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc sleep command (snort3-malware-cnc.rules) * 1:26731 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc datapost command (snort3-malware-cnc.rules) * 1:28254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perl.Shellbot variant outbound connection (snort3-malware-cnc.rules) * 1:28914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Anony variant connection (snort3-malware-cnc.rules) * 1:28918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant network connectivity check (snort3-malware-cnc.rules) * 1:28919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant network connectivity check (snort3-malware-cnc.rules) * 1:28930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeav variant outbound data connection (snort3-malware-cnc.rules) * 1:28940 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix malicious download (snort3-malware-cnc.rules) * 1:28947 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tapaoux variant connection (snort3-malware-cnc.rules) * 1:28948 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishlog variant outbound connection (snort3-malware-cnc.rules) * 1:28949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishlog variant outbound connection (snort3-malware-cnc.rules) * 1:28958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jussuc variant outbound connection (snort3-malware-cnc.rules) * 1:28960 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alurewo outbound connection (snort3-malware-cnc.rules) * 1:48157 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (snort3-malware-cnc.rules) * 1:28607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (snort3-malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:55929 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9774504-0 download attempt (malware-other.rules) * 1:55930 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9774504-0 download attempt (malware-other.rules) * 1:55931 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant outbound connection attempt (malware-cnc.rules) * 1:55932 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic malicious RemoteConstructor deserialization attempt (server-other.rules) * 1:55933 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic malicious RemoteConstructor deserialization attempt (server-other.rules)
* 1:28042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Caphaw variant outbound connection (malware-cnc.rules) * 1:28323 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:28230 <-> DISABLED <-> MALWARE-CNC Boot.Bootroot Variant data upload (malware-cnc.rules) * 1:28234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hdslogger outbound connection (malware-cnc.rules) * 1:28154 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - MSIE 7.1 (malware-cnc.rules) * 1:27662 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Galfun variant outbound connection (malware-cnc.rules) * 1:27665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules) * 1:28011 <-> DISABLED <-> MALWARE-CNC BLYPT installer createproc outbound traffic (malware-cnc.rules) * 1:28607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:28547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:28415 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:28216 <-> DISABLED <-> MALWARE-CNC known malware FTP login (malware-cnc.rules) * 1:28486 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Codiltak variant outbound connection (malware-cnc.rules) * 1:28560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plugx FTP keepalive outbound connection (malware-cnc.rules) * 1:28192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz Potential Phishing URL (malware-cnc.rules) * 1:27709 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string umbra (malware-cnc.rules) * 1:28007 <-> DISABLED <-> MALWARE-CNC BLYPT installer startupkey outbound traffic (malware-cnc.rules) * 1:28325 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zuza variant outbound connection (malware-cnc.rules) * 1:28804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector outbound connection (malware-cnc.rules) * 1:28419 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tesch variant outbound connection (malware-cnc.rules) * 1:28565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sluegot variant connection (malware-cnc.rules) * 1:28209 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules) * 1:28146 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Salgorea variant connection (malware-cnc.rules) * 1:28815 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi/Neverquest variant outbound connection (malware-cnc.rules) * 1:28418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Dtcontx outbound connection (malware-cnc.rules) * 1:28599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Lesirt variant outbound connection (malware-cnc.rules) * 1:28107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload download (malware-cnc.rules) * 1:28805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Palevo outbound connection (malware-cnc.rules) * 1:28446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant SQL check-in (malware-cnc.rules) * 1:28724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent outbound connection (malware-cnc.rules) * 1:28604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kasnam variant connection (malware-cnc.rules) * 1:28410 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner variant outbound connection (malware-cnc.rules) * 1:28802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos outbound connection (malware-cnc.rules) * 1:28210 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules) * 1:28366 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Venik variant outbound connection (malware-cnc.rules) * 1:28247 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules) * 1:28328 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Hupigon variant outbound connection (malware-cnc.rules) * 1:28538 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox/Kuluoz variant connection (malware-cnc.rules) * 1:28144 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32.Wpbrutebot variant connection (malware-cnc.rules) * 1:28211 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules) * 1:28326 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zuza variant outbound connection (malware-cnc.rules) * 1:28254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perl.Shellbot variant outbound connection (malware-cnc.rules) * 1:28558 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string getURLdown (malware-cnc.rules) * 1:27664 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules) * 1:28485 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Khalog variant outbound connection (malware-cnc.rules) * 1:28116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /home.htm GET Encrypted Payload (malware-cnc.rules) * 1:28563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pkdesco variant outbound connection (malware-cnc.rules) * 1:28562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sidopa variant outbound connection (malware-cnc.rules) * 1:28543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules) * 1:28362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string SUiCiDE/1.5 (malware-cnc.rules) * 1:28255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz Potential phishing URL (malware-cnc.rules) * 1:28405 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:28148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mevade variant outbound connection (malware-cnc.rules) * 1:28285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.hdog connectivity check-in version 2 (malware-cnc.rules) * 1:28564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pkdesco variant outbound connection (malware-cnc.rules) * 1:28814 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi/Neverquest variant outbound connection (malware-cnc.rules) * 1:28813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ufraie variant outbound connection (malware-cnc.rules) * 1:27726 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules) * 1:28852 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules) * 1:28212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bitsto variant connection (malware-cnc.rules) * 1:28125 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant connection (malware-cnc.rules) * 1:28559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules) * 1:27747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banechant outbound variant connection (malware-cnc.rules) * 1:28528 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (malware-cnc.rules) * 1:27817 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenavt connection (malware-cnc.rules) * 1:28120 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /start.htm GET Encrypted Payload (malware-cnc.rules) * 1:28123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /setup.htm GET Encrypted Payload (malware-cnc.rules) * 1:28153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - /html2/ (malware-cnc.rules) * 1:28810 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection - MSIE7 No Referer No Cookie (malware-cnc.rules) * 1:28117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /install.htm GET Encrypted Payload (malware-cnc.rules) * 1:27868 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - dt12012 (malware-cnc.rules) * 1:27711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant outbound connection (malware-cnc.rules) * 1:27803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PRISM variant outbound connection (malware-cnc.rules) * 1:27680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess variant outbound connection (malware-cnc.rules) * 1:27805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bisonha variant outbound connection (malware-cnc.rules) * 1:27759 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Treizt variant connection (malware-cnc.rules) * 1:28856 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yowdab variant connection (malware-cnc.rules) * 1:27737 <-> DISABLED <-> MALWARE-CNC DNS suspicious .c0m.li dns query (malware-cnc.rules) * 1:27811 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mindweq variant connection (malware-cnc.rules) * 1:27720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kolok variant connection (malware-cnc.rules) * 1:27802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PRISM variant outbound connection (malware-cnc.rules) * 1:27806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retruse variant connection (malware-cnc.rules) * 1:28045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBKrypt variant connection (malware-cnc.rules) * 1:27774 <-> DISABLED <-> MALWARE-CNC RDN Banker Data Exfiltration (malware-cnc.rules) * 1:26952 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcim variant outbound connection (malware-cnc.rules) * 1:27699 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tartober variant connection (malware-cnc.rules) * 1:27864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinowal variant connection (malware-cnc.rules) * 1:28820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:27939 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Galock variant connection (malware-cnc.rules) * 1:27981 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /botnet/tasks.php?uid= (malware-cnc.rules) * 1:27955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mevade variant outbound connection (malware-cnc.rules) * 1:28097 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ohlat variant connection (malware-cnc.rules) * 1:28044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker variant connection (malware-cnc.rules) * 1:28009 <-> DISABLED <-> MALWARE-CNC BLYPT installer configkey outbound traffic (malware-cnc.rules) * 1:27918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:28105 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:27969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Updays variant connection (malware-cnc.rules) * 1:28033 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Urausy variant outbound connection (malware-cnc.rules) * 1:27670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.evf variant connection (malware-cnc.rules) * 1:28373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mutopy variant outbound connection (malware-cnc.rules) * 1:27968 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:28853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dipverdle variant outbound connection (malware-cnc.rules) * 1:27679 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules) * 1:27710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string IExplore (malware-cnc.rules) * 1:27727 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules) * 1:27775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:28816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Siluhdur variant outbound connection (malware-cnc.rules) * 1:28115 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /file.htm GET Encrypted Payload (malware-cnc.rules) * 1:28529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (malware-cnc.rules) * 1:28799 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mxtcycle variant outbound connection (malware-cnc.rules) * 1:28134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant connection (malware-cnc.rules) * 1:28605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kasnam variant connection (malware-cnc.rules) * 1:28166 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bifrose variant connection (malware-cnc.rules) * 1:28800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (malware-cnc.rules) * 1:28143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos outbound connection (malware-cnc.rules) * 1:28808 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Ptiger variant outbound connection (malware-cnc.rules) * 1:28155 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - MSIE 7.2 (malware-cnc.rules) * 1:28122 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /index.htm GET Encrypted Payload (malware-cnc.rules) * 1:28406 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:28809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil inbound connection (malware-cnc.rules) * 1:28542 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules) * 1:28244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phrovon outbound connection (malware-cnc.rules) * 1:28072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Omexo outbound connection (malware-cnc.rules) * 1:28073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32.Kimsuky variant file stealing (malware-cnc.rules) * 1:28074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ADKR connection (malware-cnc.rules) * 1:28075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.gzfw connection (malware-cnc.rules) * 1:28079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar variant outbound connection (malware-cnc.rules) * 1:28080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar data theft (malware-cnc.rules) * 1:28084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant connection (malware-cnc.rules) * 1:28094 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Liteol variant connection (malware-cnc.rules) * 1:28095 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Liteol variant connection (malware-cnc.rules) * 1:28096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spynet variant connection (malware-cnc.rules) * 1:28914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Anony variant connection (malware-cnc.rules) * 1:28918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant network connectivity check (malware-cnc.rules) * 1:28919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant network connectivity check (malware-cnc.rules) * 1:28930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeav variant outbound data connection (malware-cnc.rules) * 1:28940 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix malicious download (malware-cnc.rules) * 1:28947 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tapaoux variant connection (malware-cnc.rules) * 1:28948 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishlog variant outbound connection (malware-cnc.rules) * 1:28949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishlog variant outbound connection (malware-cnc.rules) * 1:28958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jussuc variant outbound connection (malware-cnc.rules) * 1:28960 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alurewo outbound connection (malware-cnc.rules) * 1:48157 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:26681 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:25807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Urausy Botnet variant outbound connection (malware-cnc.rules) * 1:25547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules) * 1:25551 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dipasik variant outbound connection (malware-cnc.rules) * 1:25553 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (malware-cnc.rules) * 1:25570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medialabs variant outbound connection (malware-cnc.rules) * 1:25571 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medialabs variant outbound connection (malware-cnc.rules) * 1:25572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut variant outbound connection (malware-cnc.rules) * 1:25577 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Necurs possible URI with encrypted POST (malware-cnc.rules) * 1:25599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gupboot variant outbound connection (malware-cnc.rules) * 1:25600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dilavtor variant outbound connection (malware-cnc.rules) * 1:25609 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:25610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mofsmall variant outbound connection (malware-cnc.rules) * 1:25854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection - MSIE7 No Referer No Cookie (malware-cnc.rules) * 1:25628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant connect to cnc-server (malware-cnc.rules) * 1:25632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Golisy variant outbound connection (malware-cnc.rules) * 1:25652 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptic variant outbound connection (malware-cnc.rules) * 1:25660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules) * 1:25661 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules) * 1:25662 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chowspy variant outbound connection (malware-cnc.rules) * 1:25663 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rimod variant outbound connection (malware-cnc.rules) * 1:25665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sycomder variant outbound connection (malware-cnc.rules) * 1:25666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25667 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nflog variant outbound connection (malware-cnc.rules) * 1:25668 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nflog variant outbound connection (malware-cnc.rules) * 1:25669 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Selasloot variant outbound connection (malware-cnc.rules) * 1:25671 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25672 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound connection (malware-cnc.rules) * 1:25673 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.QQDragon variant outbound connection (malware-cnc.rules) * 1:25674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shimwoc variant outbound connection (malware-cnc.rules) * 1:25675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeavlock variant outbound connection (malware-cnc.rules) * 1:25765 <-> DISABLED <-> MALWARE-CNC Trojan Agent YEH variant outbound connection (malware-cnc.rules) * 1:25766 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:25625 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Daws variant outbound connection (malware-cnc.rules) * 1:27008 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:27010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot payment .scr download (malware-cnc.rules) * 1:25863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.QBundle variant outbound connection (malware-cnc.rules) * 1:25865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boolflot variant outbound connection (malware-cnc.rules) * 1:25974 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lukprofin variant outbound connection (malware-cnc.rules) * 1:25979 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lukprofin variant outbound connection (malware-cnc.rules) * 1:25980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pass (malware-cnc.rules) * 1:25987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upof variant outbound connection (malware-cnc.rules) * 1:25990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (malware-cnc.rules) * 1:25991 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (malware-cnc.rules) * 1:25992 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules) * 1:25993 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules) * 1:25994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reswor variant outbound connection (malware-cnc.rules) * 1:26010 <-> DISABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules) * 1:26011 <-> DISABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules) * 1:26019 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bredo variant outbound connection (malware-cnc.rules) * 1:26023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant in.php outbound connection (malware-cnc.rules) * 1:26024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wecod variant outbound connection (malware-cnc.rules) * 1:26072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locati variant outbound connection (malware-cnc.rules) * 1:26075 <-> DISABLED <-> MALWARE-CNC Bancos variant outbound connection SQL query POST data (malware-cnc.rules) * 1:26086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Exicon variant outbound connection (malware-cnc.rules) * 1:26088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Encriyoko variant outbound connection (malware-cnc.rules) * 1:26106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:26115 <-> DISABLED <-> MALWARE-CNC NSIS.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26116 <-> DISABLED <-> MALWARE-CNC NSIS.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarctox variant outbound connection (malware-cnc.rules) * 1:26118 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26201 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lobparck variant outbound connection (malware-cnc.rules) * 1:26202 <-> DISABLED <-> MALWARE-CNC VBS.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gupd variant outbound connection (malware-cnc.rules) * 1:26204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malex variant outbound connection (malware-cnc.rules) * 1:26211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eldorado variant outbound connection (malware-cnc.rules) * 1:26238 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Snopexy variant outbound connection (malware-cnc.rules) * 1:26239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stehlox variant outbound connection (malware-cnc.rules) * 1:26240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vkeikooc variant outbound connection (malware-cnc.rules) * 1:26244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Troll variant outbound connection (malware-cnc.rules) * 1:26245 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:26248 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent cibabam (malware-cnc.rules) * 1:26249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Sonide variant outbound connection (malware-cnc.rules) * 1:26260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Vectmp variant outbound connection (malware-cnc.rules) * 1:26266 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26267 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Surok variant outbound connection (malware-cnc.rules) * 1:26285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Garveep variant outbound connection (malware-cnc.rules) * 1:26288 <-> DISABLED <-> MALWARE-CNC Brontok Worm variant outbound connection (malware-cnc.rules) * 1:26289 <-> DISABLED <-> MALWARE-CNC Daws Trojan Outbound Plaintext over SSL Port (malware-cnc.rules) * 1:26319 <-> DISABLED <-> MALWARE-CNC file path used as User-Agent - potential Trojan (malware-cnc.rules) * 1:26325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:26327 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Flashfake variant outbound connection (malware-cnc.rules) * 1:26331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qhost variant outbound connection (malware-cnc.rules) * 1:26335 <-> DISABLED <-> MALWARE-CNC FBI Ransom Trojan variant outbound connection (malware-cnc.rules) * 1:26370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - ksa.txt (malware-cnc.rules) * 1:26371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - op POST (malware-cnc.rules) * 1:26398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue variant outbound connection (malware-cnc.rules) * 1:26428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:26444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26445 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler variant outbound connection (malware-cnc.rules) * 1:26448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakesig variant outbound connection (malware-cnc.rules) * 1:26449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules) * 1:26463 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linog.A variant outbound connection (malware-cnc.rules) * 1:26464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linog.A variant outbound connection (malware-cnc.rules) * 1:26467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Magic variant inbound connection (malware-cnc.rules) * 1:26480 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot fake PNG config file download without User-Agent (malware-cnc.rules) * 1:26482 <-> DISABLED <-> MALWARE-CNC Unknown Thinner Encrypted POST botnet C&C (malware-cnc.rules) * 1:26522 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent NOKIAN95/WEB (malware-cnc.rules) * 1:26533 <-> DISABLED <-> MALWARE-CNC Unknown malware - Incorrect headers - Referer HTTP/1.0 (malware-cnc.rules) * 1:26558 <-> DISABLED <-> MALWARE-CNC User-Agent known Malicious user agent Brutus AET (malware-cnc.rules) * 1:26560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - getcomando POST data (malware-cnc.rules) * 1:26561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:26563 <-> DISABLED <-> MALWARE-CNC Harakit botnet traffic (malware-cnc.rules) * 1:26576 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules) * 1:26577 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent Opera 10 (malware-cnc.rules) * 1:26578 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy/FakeAV Checkin with IE6 User-Agent (malware-cnc.rules) * 1:26579 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy/FakeAV Checkin with IE6 User-Agent (malware-cnc.rules) * 1:26604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bydra variant outbound connection (malware-cnc.rules) * 1:26605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bydra variant outbound connection (malware-cnc.rules) * 1:26606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sosork variant outbound connection (malware-cnc.rules) * 1:26607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korlia variant outbound connection (malware-cnc.rules) * 1:26608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rocra variant outbound connection (malware-cnc.rules) * 1:26609 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Dockster variant outbound connection (malware-cnc.rules) * 1:26613 <-> DISABLED <-> MALWARE-CNC Medfos Trojan variant outbound connection (malware-cnc.rules) * 1:26656 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Travnet Botnet data upload (malware-cnc.rules) * 1:26657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz variant outbound connection (malware-cnc.rules) * 1:26677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:26678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:26679 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:26680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:26955 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Talsab variant outbound connection (malware-cnc.rules) * 1:27965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eupuds variant connection (malware-cnc.rules) * 1:26683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shyape variant outbound connection (malware-cnc.rules) * 1:28005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz outbound command (malware-cnc.rules) * 1:26685 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string J13A (malware-cnc.rules) * 1:26686 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alina (malware-cnc.rules) * 1:26690 <-> DISABLED <-> MALWARE-CNC Miniduke server contact (malware-cnc.rules) * 1:26691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UFRStealer variant outbound connection (malware-cnc.rules) * 1:26692 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyremoav variant outbound connection (malware-cnc.rules) * 1:26695 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Namihno variant outbound request (malware-cnc.rules) * 1:26696 <-> DISABLED <-> MALWARE-CNC Cbeplay Ransomware variant outbound connection - Abnormal HTTP Headers (malware-cnc.rules) * 1:26697 <-> DISABLED <-> MALWARE-CNC Cbeplay Ransomware variant outbound connection - POST Body (malware-cnc.rules) * 1:26702 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win (malware-cnc.rules) * 1:26703 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upero variant outbound connection (malware-cnc.rules) * 1:26712 <-> DISABLED <-> MALWARE-CNC Kazy Trojan check-in (malware-cnc.rules) * 1:26713 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 1 outbound traffic (malware-cnc.rules) * 1:26714 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 2 outbound traffic (malware-cnc.rules) * 1:26715 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 3 outbound traffic (malware-cnc.rules) * 1:26719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules) * 1:26720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules) * 1:26721 <-> DISABLED <-> MALWARE-CNC Pushdo Spiral Traffic (malware-cnc.rules) * 1:26722 <-> DISABLED <-> MALWARE-CNC Bancos fake JPG encrypted config file download (malware-cnc.rules) * 1:26723 <-> DISABLED <-> MALWARE-CNC Trojan Downloader7 (malware-cnc.rules) * 1:26725 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc http command (malware-cnc.rules) * 1:26726 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc stop command (malware-cnc.rules) * 1:26727 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc die command (malware-cnc.rules) * 1:26728 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc sleep command (malware-cnc.rules) * 1:26729 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc simple command (malware-cnc.rules) * 1:26730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc loginpost command (malware-cnc.rules) * 1:26731 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc datapost command (malware-cnc.rules) * 1:26732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc syn command (malware-cnc.rules) * 1:26733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udp command (malware-cnc.rules) * 1:26734 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udpdata command (malware-cnc.rules) * 1:26735 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc data command (malware-cnc.rules) * 1:26736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc icmp command (malware-cnc.rules) * 1:26737 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc tcpdata command (malware-cnc.rules) * 1:26738 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dataget command (malware-cnc.rules) * 1:26739 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc connect command (malware-cnc.rules) * 1:26740 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dns command (malware-cnc.rules) * 1:26741 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc exec command (malware-cnc.rules) * 1:26742 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc resolve command (malware-cnc.rules) * 1:26743 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc antiddos command (malware-cnc.rules) * 1:26744 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc range command (malware-cnc.rules) * 1:26745 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc ftp command (malware-cnc.rules) * 1:26746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc download command (malware-cnc.rules) * 1:26747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc fastddos command (malware-cnc.rules) * 1:26748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc slowhttp command (malware-cnc.rules) * 1:26749 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc allhttp command (malware-cnc.rules) * 1:26750 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc full command (malware-cnc.rules) * 1:26751 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - msctls_progress32 (malware-cnc.rules) * 1:26756 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Datcaen variant outbound connection (malware-cnc.rules) * 1:26757 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Datcaen variant outbound connection (malware-cnc.rules) * 1:26758 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elefin variant outbound connection (malware-cnc.rules) * 1:26763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:26770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:26771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:26774 <-> DISABLED <-> MALWARE-CNC Win.Worm.Luder variant outbound connection (malware-cnc.rules) * 1:26775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker variant outbound connection HTTP Header Structure (malware-cnc.rules) * 1:26776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker variant outbound connection POST (malware-cnc.rules) * 1:26777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:26779 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex encrypted POST check-in (malware-cnc.rules) * 1:26780 <-> DISABLED <-> MALWARE-CNC cridex HTTP Response - default0.js (malware-cnc.rules) * 1:26785 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qrmon variant outbound connection (malware-cnc.rules) * 1:26792 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbula variant outbound connection (malware-cnc.rules) * 1:26793 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbula variant initial CNC contact (malware-cnc.rules) * 1:26809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor.Tomvode variant outbound connection (malware-cnc.rules) * 1:26811 <-> DISABLED <-> MALWARE-CNC XP Fake Antivirus Payment Page Request (malware-cnc.rules) * 1:26812 <-> DISABLED <-> MALWARE-CNC XP Fake Antivirus Check-in (malware-cnc.rules) * 1:26813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato CMS spambot check-in (malware-cnc.rules) * 1:26815 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.KitM variant outbound connection user-agent (malware-cnc.rules) * 1:26816 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.KitM variant outbound connection (malware-cnc.rules) * 1:26818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Zawat variant outbound connection (malware-cnc.rules) * 1:26819 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Datash variant outbound connection (malware-cnc.rules) * 1:26820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Datash variant outbound connection (malware-cnc.rules) * 1:26822 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules) * 1:26828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uperti variant outbound connection (malware-cnc.rules) * 1:26835 <-> DISABLED <-> MALWARE-CNC RDN Banker POST variant outbound connection (malware-cnc.rules) * 1:26836 <-> DISABLED <-> MALWARE-CNC RDN Banker Strange Google Traffic (malware-cnc.rules) * 1:26837 <-> DISABLED <-> MALWARE-CNC BitBot Idle C2 response (malware-cnc.rules) * 1:26840 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (malware-cnc.rules) * 1:26841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (malware-cnc.rules) * 1:26880 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zotob.E gc.exe download (malware-cnc.rules) * 1:26911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules) * 1:26912 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules) * 1:26923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:26924 <-> DISABLED <-> MALWARE-CNC Potential Gozi Trojan HTTP Header Structure (malware-cnc.rules) * 1:26930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules) * 1:26931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules) * 1:26932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules) * 1:26940 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TripleNine RAT beacon (malware-cnc.rules) * 1:26941 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PipCreat RAT dropper download (malware-cnc.rules) * 1:26942 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PipCreat RAT beacon (malware-cnc.rules) * 1:26943 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Post_Show RAT beacon (malware-cnc.rules) * 1:26944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Post_Show RAT beacon (malware-cnc.rules) * 1:26945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bisonal RAT beacon (malware-cnc.rules) * 1:28118 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /login.htm GET Encrypted Payload (malware-cnc.rules) * 1:27964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules) * 1:28012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:27746 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Hanthie variant outbound connection (malware-cnc.rules) * 1:26684 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neshax variant outbound connection (malware-cnc.rules) * 1:27905 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helauto variant connection (malware-cnc.rules) * 1:26965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Facebook Secure Cryptor C2 (malware-cnc.rules) * 1:26966 <-> DISABLED <-> MALWARE-CNC Win32/Autorun.JN variant outbound connection (malware-cnc.rules) * 1:26967 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules) * 1:26968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi Data Theft POST Data (malware-cnc.rules) * 1:26969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi Trojan Data Theft POST URL (malware-cnc.rules) * 1:26970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pirminay variant outbound connection (malware-cnc.rules) * 1:26984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector Info Stealer Trojan variant outbound connection (malware-cnc.rules) * 1:26986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xenil variant outbound connection (malware-cnc.rules) * 1:26987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyvadextr variant outbound connection (malware-cnc.rules) * 1:26995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26997 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Morcut variant outbound connection (malware-cnc.rules) * 1:26998 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Morcut file download (malware-cnc.rules) * 1:26999 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chinoxy variant outbound connection (malware-cnc.rules) * 1:27000 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chinoxy variant outbound connection (malware-cnc.rules) * 1:27002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:27003 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:27007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:25626 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:27012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant outbound connection (malware-cnc.rules) * 1:27013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant inbound connection (malware-cnc.rules) * 1:27014 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epipenwa variant outbound connection (malware-cnc.rules) * 1:27017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato variant inbound response connection (malware-cnc.rules) * 1:27021 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Layvam variant outbound connection (malware-cnc.rules) * 1:27022 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules) * 1:27023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules) * 1:27033 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Transhell variant outbound connection user-agent (malware-cnc.rules) * 1:27039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.OnlineGameHack variant outbound connection (malware-cnc.rules) * 1:27044 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string pb - Htbot (malware-cnc.rules) * 1:27045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker Download (malware-cnc.rules) * 1:27049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dokstormac variant outbound connection (malware-cnc.rules) * 1:27054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant outbound connection (malware-cnc.rules) * 1:27058 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.HackBack variant outbound connection (malware-cnc.rules) * 1:27093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules) * 1:27120 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:27169 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atezag variant outbound connection (malware-cnc.rules) * 1:27199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meredrop variant outbound connection GET Request (malware-cnc.rules) * 1:27200 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meredrop variant outbound connection POST Request (malware-cnc.rules) * 1:27201 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neurevt variant outbound connection (malware-cnc.rules) * 1:27248 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue - Mozi1la User-Agent (malware-cnc.rules) * 1:27252 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess 111-byte URL variant outbound connection (malware-cnc.rules) * 1:27256 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik Drive-by Download Malware (malware-cnc.rules) * 1:27257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptic 7-byte URI Invalid Firefox Headers - no Accept-Language (malware-cnc.rules) * 1:27260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Java.Agent.NFK variant connection (malware-cnc.rules) * 1:27263 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - yahoonews (malware-cnc.rules) * 1:27533 <-> DISABLED <-> MALWARE-CNC Potential Win.Trojan.Kraziomel Download - 000.jpg (malware-cnc.rules) * 1:27551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorapu variant outbound connection (malware-cnc.rules) * 1:27558 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bezigate variant outbound connection (malware-cnc.rules) * 1:27567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix malicious download request (malware-cnc.rules) * 1:27577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:27596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redyms variant outbound connection (malware-cnc.rules) * 1:27599 <-> DISABLED <-> MALWARE-CNC Fort Disco Registration variant outbound connection (malware-cnc.rules) * 1:27600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nawpers variant connection (malware-cnc.rules) * 1:27629 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules) * 1:27630 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules) * 1:27631 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules) * 1:27633 <-> DISABLED <-> MALWARE-CNC Worm.Silly variant outbound connection (malware-cnc.rules) * 1:27636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Likseput variant connection (malware-cnc.rules) * 1:27637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syhcmd variant connection (malware-cnc.rules) * 1:27639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epipenwa variant connection (malware-cnc.rules) * 1:27640 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chekafe variant connection (malware-cnc.rules) * 1:27641 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meilat variant connection (malware-cnc.rules) * 1:26946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uptime RAT beacon (malware-cnc.rules) * 1:27642 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downbot variant connection (malware-cnc.rules) * 1:27643 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Betabot variant connection (malware-cnc.rules) * 1:27644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Merong variant connection (malware-cnc.rules) * 1:27645 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Binjo variant outbound connection (malware-cnc.rules) * 1:27647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nelaja variant outbound connection (malware-cnc.rules) * 1:27648 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker.ZSL variant outbound connection (malware-cnc.rules) * 1:27649 <-> DISABLED <-> MALWARE-CNC Brazilian Banking Trojan data theft (malware-cnc.rules) * 1:27655 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Enchanim variant connection (malware-cnc.rules) * 1:27659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gapz variant connection (malware-cnc.rules) * 1:27660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reabfrus variant connection (malware-cnc.rules) * 1:28857 <-> DISABLED <-> MALWARE-CNC Adwind UNRECOM connnection back to cnc server (malware-cnc.rules) * 1:28106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload information upload (malware-cnc.rules) * 1:28239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tuxido outbound connection (malware-cnc.rules) * 1:28119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /search.htm GET Encrypted Payload (malware-cnc.rules) * 1:28300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant connection (malware-cnc.rules) * 1:28548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.chfx variant outbound connection (malware-cnc.rules) * 1:28250 <-> DISABLED <-> MALWARE-CNC Security Cleaner Pro Install Confirmation (malware-cnc.rules) * 1:28606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Surtr variant connection (malware-cnc.rules) * 1:28553 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /main.htm GET Encrypted Payload (malware-cnc.rules) * 1:28561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plugx outbound connection (malware-cnc.rules) * 1:28463 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AllAple Variant ICMP flood (malware-cnc.rules) * 1:28551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NXI ftp username connection (malware-cnc.rules) * 1:28541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess Download Headers (malware-cnc.rules) * 1:28807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules) * 1:28141 <-> DISABLED <-> MALWARE-CNC Win.Trojan.banker outbound connection (malware-cnc.rules) * 1:28484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delpbank variant outbound connection (malware-cnc.rules) * 1:28411 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner variant outbound connection (malware-cnc.rules) * 1:28242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KanKan variant connection (malware-cnc.rules) * 1:28416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker outbound connection (malware-cnc.rules) * 1:28858 <-> DISABLED <-> MALWARE-CNC Adwind UNRECOM connnection back to cnc server (malware-cnc.rules) * 1:27661 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reabfrus variant connection (malware-cnc.rules) * 1:28008 <-> DISABLED <-> MALWARE-CNC BLYPT installer reuse outbound traffic (malware-cnc.rules) * 1:27867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper outbound connection (malware-cnc.rules) * 1:25623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jimpime variant outbound connection (malware-cnc.rules) * 1:27678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Goolelo variant connection (malware-cnc.rules) * 1:27728 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules) * 1:28859 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent z00sAgent - Win.Trojan.Zbot (malware-cnc.rules) * 1:28861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Roxfora variant outbound connection (malware-cnc.rules) * 1:28864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tofsee variant outbound connection (malware-cnc.rules) * 1:28886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:28860 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Nitedrem (malware-cnc.rules) * 1:25829 <-> DISABLED <-> MALWARE-CNC Trojan Banker FTC variant outbound connection (malware-cnc.rules) * 1:27919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus encrypted POST Data exfiltration (malware-cnc.rules) * 1:27970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus dropper variant connection (malware-cnc.rules) * 1:27966 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:27963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lolbot variant outbound connection (malware-cnc.rules) * 1:28010 <-> DISABLED <-> MALWARE-CNC BLYPT installer tserror outbound traffic (malware-cnc.rules) * 1:28147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules) * 1:28554 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /online.htm GET Encrypted Payload (malware-cnc.rules) * 1:28399 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Tsunami outbound connection (malware-cnc.rules) * 1:28121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /welcome.htm GET Encrypted Payload (malware-cnc.rules) * 1:28444 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CBgate variant outbound connection (malware-cnc.rules) * 1:28114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /default.htm GET Encrypted Payload (malware-cnc.rules) * 1:28803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector inbound connection (malware-cnc.rules) * 1:27980 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /botnet/adduser.php?uid= (malware-cnc.rules) * 1:26954 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Talsab variant outbound connection (malware-cnc.rules) * 1:28040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules) * 1:28417 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Molgomsg variant outbound connection (malware-cnc.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
