Talos Rules 2020-10-08
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the malware-cnc and server-other rule sets to provide coverage for emerging threats from these technologies.

Change logs

2020-10-08 13:28:31 UTC

Snort Subscriber Rules Update

Date: 2020-10-08

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:55929 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9774504-0 download attempt (malware-other.rules)
 * 1:55930 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9774504-0 download attempt (malware-other.rules)
 * 1:55931 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant outbound connection attempt (malware-cnc.rules)
 * 1:55932 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic malicious RemoteConstructor deserialization attempt (server-other.rules)
 * 1:55933 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic malicious RemoteConstructor deserialization attempt (server-other.rules)

Modified Rules:


 * 1:26697 <-> DISABLED <-> MALWARE-CNC Cbeplay Ransomware variant outbound connection - POST Body (malware-cnc.rules)
 * 1:26702 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win (malware-cnc.rules)
 * 1:26703 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upero variant outbound connection (malware-cnc.rules)
 * 1:26712 <-> DISABLED <-> MALWARE-CNC Kazy Trojan check-in (malware-cnc.rules)
 * 1:26713 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 1 outbound traffic (malware-cnc.rules)
 * 1:26714 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 2 outbound traffic (malware-cnc.rules)
 * 1:26715 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 3 outbound traffic (malware-cnc.rules)
 * 1:26719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules)
 * 1:26720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules)
 * 1:26721 <-> DISABLED <-> MALWARE-CNC Pushdo Spiral Traffic (malware-cnc.rules)
 * 1:26722 <-> DISABLED <-> MALWARE-CNC Bancos fake JPG encrypted config file download (malware-cnc.rules)
 * 1:26723 <-> DISABLED <-> MALWARE-CNC Trojan Downloader7 (malware-cnc.rules)
 * 1:26725 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc http command (malware-cnc.rules)
 * 1:26726 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc stop command (malware-cnc.rules)
 * 1:26727 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc die command (malware-cnc.rules)
 * 1:26728 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc sleep command (malware-cnc.rules)
 * 1:26729 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc simple command (malware-cnc.rules)
 * 1:26730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc loginpost command (malware-cnc.rules)
 * 1:26731 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc datapost command (malware-cnc.rules)
 * 1:26732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc syn command (malware-cnc.rules)
 * 1:26733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udp command (malware-cnc.rules)
 * 1:26734 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udpdata command (malware-cnc.rules)
 * 1:26735 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc data command (malware-cnc.rules)
 * 1:26736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc icmp command (malware-cnc.rules)
 * 1:26737 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc tcpdata command (malware-cnc.rules)
 * 1:26738 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dataget command (malware-cnc.rules)
 * 1:26739 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc connect command (malware-cnc.rules)
 * 1:26740 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dns command (malware-cnc.rules)
 * 1:26741 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc exec command (malware-cnc.rules)
 * 1:26742 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc resolve command (malware-cnc.rules)
 * 1:26743 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc antiddos command (malware-cnc.rules)
 * 1:26744 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc range command (malware-cnc.rules)
 * 1:26745 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc ftp command (malware-cnc.rules)
 * 1:26746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc download command (malware-cnc.rules)
 * 1:26747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc fastddos command (malware-cnc.rules)
 * 1:26748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc slowhttp command (malware-cnc.rules)
 * 1:26749 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc allhttp command (malware-cnc.rules)
 * 1:26750 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc full command (malware-cnc.rules)
 * 1:26751 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - msctls_progress32 (malware-cnc.rules)
 * 1:26756 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Datcaen variant outbound connection (malware-cnc.rules)
 * 1:26757 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Datcaen variant outbound connection (malware-cnc.rules)
 * 1:26758 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elefin variant outbound connection (malware-cnc.rules)
 * 1:26763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:26770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:26771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:26774 <-> DISABLED <-> MALWARE-CNC Win.Worm.Luder variant outbound connection (malware-cnc.rules)
 * 1:26775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker variant outbound connection HTTP Header Structure (malware-cnc.rules)
 * 1:26776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker variant outbound connection POST (malware-cnc.rules)
 * 1:26777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:26779 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex encrypted POST check-in (malware-cnc.rules)
 * 1:26780 <-> DISABLED <-> MALWARE-CNC cridex HTTP Response - default0.js (malware-cnc.rules)
 * 1:26785 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qrmon variant outbound connection (malware-cnc.rules)
 * 1:26792 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbula variant outbound connection (malware-cnc.rules)
 * 1:26793 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbula variant initial CNC contact (malware-cnc.rules)
 * 1:26809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor.Tomvode variant outbound connection (malware-cnc.rules)
 * 1:26811 <-> DISABLED <-> MALWARE-CNC XP Fake Antivirus Payment Page Request (malware-cnc.rules)
 * 1:26812 <-> DISABLED <-> MALWARE-CNC XP Fake Antivirus Check-in (malware-cnc.rules)
 * 1:26813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato CMS spambot check-in (malware-cnc.rules)
 * 1:26815 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.KitM variant outbound connection user-agent (malware-cnc.rules)
 * 1:26816 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.KitM variant outbound connection (malware-cnc.rules)
 * 1:26818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Zawat variant outbound connection (malware-cnc.rules)
 * 1:26819 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Datash variant outbound connection (malware-cnc.rules)
 * 1:26820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Datash variant outbound connection (malware-cnc.rules)
 * 1:26822 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules)
 * 1:26828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uperti variant outbound connection (malware-cnc.rules)
 * 1:26835 <-> DISABLED <-> MALWARE-CNC RDN Banker POST variant outbound connection (malware-cnc.rules)
 * 1:26836 <-> DISABLED <-> MALWARE-CNC RDN Banker Strange Google Traffic (malware-cnc.rules)
 * 1:26837 <-> DISABLED <-> MALWARE-CNC BitBot Idle C2 response (malware-cnc.rules)
 * 1:26840 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (malware-cnc.rules)
 * 1:26841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (malware-cnc.rules)
 * 1:26880 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zotob.E gc.exe download (malware-cnc.rules)
 * 1:26911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules)
 * 1:26912 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules)
 * 1:26923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:26924 <-> DISABLED <-> MALWARE-CNC Potential Gozi Trojan HTTP Header Structure (malware-cnc.rules)
 * 1:26930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules)
 * 1:26931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules)
 * 1:26932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules)
 * 1:26940 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TripleNine RAT beacon (malware-cnc.rules)
 * 1:26941 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PipCreat RAT dropper download (malware-cnc.rules)
 * 1:26942 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PipCreat RAT beacon (malware-cnc.rules)
 * 1:26943 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Post_Show RAT beacon (malware-cnc.rules)
 * 1:26944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Post_Show RAT beacon (malware-cnc.rules)
 * 1:26945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bisonal RAT beacon (malware-cnc.rules)
 * 1:26946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uptime RAT beacon (malware-cnc.rules)
 * 1:26952 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcim variant outbound connection (malware-cnc.rules)
 * 1:26954 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Talsab variant outbound connection (malware-cnc.rules)
 * 1:26955 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Talsab variant outbound connection (malware-cnc.rules)
 * 1:26965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Facebook Secure Cryptor C2 (malware-cnc.rules)
 * 1:26966 <-> DISABLED <-> MALWARE-CNC Win32/Autorun.JN variant outbound connection (malware-cnc.rules)
 * 1:26967 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:26968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi Data Theft POST Data (malware-cnc.rules)
 * 1:26969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi Trojan Data Theft POST URL (malware-cnc.rules)
 * 1:26970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pirminay variant outbound connection (malware-cnc.rules)
 * 1:26984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector Info Stealer Trojan variant outbound connection (malware-cnc.rules)
 * 1:26986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xenil variant outbound connection (malware-cnc.rules)
 * 1:26987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyvadextr variant outbound connection (malware-cnc.rules)
 * 1:26995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26997 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Morcut variant outbound connection (malware-cnc.rules)
 * 1:26998 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Morcut file download (malware-cnc.rules)
 * 1:26999 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chinoxy variant outbound connection (malware-cnc.rules)
 * 1:27000 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chinoxy variant outbound connection (malware-cnc.rules)
 * 1:27002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:27003 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:27007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:27008 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:27010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot payment .scr download (malware-cnc.rules)
 * 1:27012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant outbound connection (malware-cnc.rules)
 * 1:27013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant inbound connection (malware-cnc.rules)
 * 1:27014 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epipenwa variant outbound connection (malware-cnc.rules)
 * 1:27017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato variant inbound response connection (malware-cnc.rules)
 * 1:27021 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Layvam variant outbound connection (malware-cnc.rules)
 * 1:27022 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules)
 * 1:27023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules)
 * 1:27033 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Transhell variant outbound connection user-agent (malware-cnc.rules)
 * 1:27039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.OnlineGameHack variant outbound connection (malware-cnc.rules)
 * 1:27044 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string pb - Htbot (malware-cnc.rules)
 * 1:27045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker Download (malware-cnc.rules)
 * 1:27049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dokstormac variant outbound connection (malware-cnc.rules)
 * 1:27054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant outbound connection (malware-cnc.rules)
 * 1:27058 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.HackBack variant outbound connection (malware-cnc.rules)
 * 1:27093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules)
 * 1:27120 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:27169 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atezag variant outbound connection (malware-cnc.rules)
 * 1:27199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meredrop variant outbound connection GET Request (malware-cnc.rules)
 * 1:27200 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meredrop variant outbound connection POST Request (malware-cnc.rules)
 * 1:27201 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neurevt variant outbound connection (malware-cnc.rules)
 * 1:27248 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue - Mozi1la User-Agent (malware-cnc.rules)
 * 1:27252 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess 111-byte URL variant outbound connection (malware-cnc.rules)
 * 1:27256 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik Drive-by Download Malware (malware-cnc.rules)
 * 1:27257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptic 7-byte URI Invalid Firefox Headers - no Accept-Language (malware-cnc.rules)
 * 1:27260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Java.Agent.NFK variant connection (malware-cnc.rules)
 * 1:27263 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - yahoonews (malware-cnc.rules)
 * 1:27533 <-> DISABLED <-> MALWARE-CNC Potential Win.Trojan.Kraziomel Download - 000.jpg (malware-cnc.rules)
 * 1:27551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorapu variant outbound connection (malware-cnc.rules)
 * 1:27558 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bezigate variant outbound connection (malware-cnc.rules)
 * 1:27567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix malicious download request (malware-cnc.rules)
 * 1:27577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:27596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redyms variant outbound connection (malware-cnc.rules)
 * 1:27599 <-> DISABLED <-> MALWARE-CNC Fort Disco Registration variant outbound connection (malware-cnc.rules)
 * 1:27600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nawpers variant connection (malware-cnc.rules)
 * 1:27629 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules)
 * 1:27630 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules)
 * 1:27631 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules)
 * 1:27633 <-> DISABLED <-> MALWARE-CNC Worm.Silly variant outbound connection (malware-cnc.rules)
 * 1:27636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Likseput variant connection (malware-cnc.rules)
 * 1:27637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syhcmd variant connection (malware-cnc.rules)
 * 1:27639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epipenwa variant connection (malware-cnc.rules)
 * 1:27640 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chekafe variant connection (malware-cnc.rules)
 * 1:27641 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meilat variant connection (malware-cnc.rules)
 * 1:27642 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downbot variant connection (malware-cnc.rules)
 * 1:27643 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Betabot variant connection (malware-cnc.rules)
 * 1:27644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Merong variant connection (malware-cnc.rules)
 * 1:27645 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Binjo variant outbound connection (malware-cnc.rules)
 * 1:27647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nelaja variant outbound connection (malware-cnc.rules)
 * 1:27648 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker.ZSL variant outbound connection (malware-cnc.rules)
 * 1:27649 <-> DISABLED <-> MALWARE-CNC Brazilian Banking Trojan data theft (malware-cnc.rules)
 * 1:27655 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Enchanim variant connection (malware-cnc.rules)
 * 1:27659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gapz variant connection (malware-cnc.rules)
 * 1:27660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reabfrus variant connection (malware-cnc.rules)
 * 1:27661 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reabfrus variant connection (malware-cnc.rules)
 * 1:27662 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Galfun variant outbound connection (malware-cnc.rules)
 * 1:27664 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules)
 * 1:27665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules)
 * 1:27670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.evf variant connection (malware-cnc.rules)
 * 1:27678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Goolelo variant connection (malware-cnc.rules)
 * 1:27679 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:27680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess variant outbound connection (malware-cnc.rules)
 * 1:27699 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tartober variant connection (malware-cnc.rules)
 * 1:27709 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string umbra (malware-cnc.rules)
 * 1:27710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string IExplore (malware-cnc.rules)
 * 1:27711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant outbound connection (malware-cnc.rules)
 * 1:27720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kolok variant connection (malware-cnc.rules)
 * 1:27726 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules)
 * 1:27727 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules)
 * 1:27728 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules)
 * 1:27737 <-> DISABLED <-> MALWARE-CNC DNS suspicious .c0m.li dns query (malware-cnc.rules)
 * 1:27746 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Hanthie variant outbound connection (malware-cnc.rules)
 * 1:27747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banechant outbound variant connection (malware-cnc.rules)
 * 1:27759 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Treizt variant connection (malware-cnc.rules)
 * 1:27774 <-> DISABLED <-> MALWARE-CNC RDN Banker Data Exfiltration (malware-cnc.rules)
 * 1:27775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:27802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PRISM variant outbound connection (malware-cnc.rules)
 * 1:27803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PRISM variant outbound connection (malware-cnc.rules)
 * 1:27805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bisonha variant outbound connection (malware-cnc.rules)
 * 1:27806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retruse variant connection (malware-cnc.rules)
 * 1:27811 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mindweq variant connection (malware-cnc.rules)
 * 1:27817 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenavt connection (malware-cnc.rules)
 * 1:27864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinowal variant connection (malware-cnc.rules)
 * 1:27867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper outbound connection (malware-cnc.rules)
 * 1:27868 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - dt12012 (malware-cnc.rules)
 * 1:27905 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helauto variant connection (malware-cnc.rules)
 * 1:27918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:27919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus encrypted POST Data exfiltration (malware-cnc.rules)
 * 1:27939 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Galock variant connection (malware-cnc.rules)
 * 1:27955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mevade variant outbound connection (malware-cnc.rules)
 * 1:27963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lolbot variant outbound connection (malware-cnc.rules)
 * 1:27964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules)
 * 1:27965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eupuds variant connection (malware-cnc.rules)
 * 1:27966 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:27968 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:27969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Updays variant connection (malware-cnc.rules)
 * 1:27970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus dropper variant connection (malware-cnc.rules)
 * 1:27980 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /botnet/adduser.php?uid= (malware-cnc.rules)
 * 1:27981 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /botnet/tasks.php?uid= (malware-cnc.rules)
 * 1:28005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz outbound command (malware-cnc.rules)
 * 1:28007 <-> DISABLED <-> MALWARE-CNC BLYPT installer startupkey outbound traffic (malware-cnc.rules)
 * 1:28008 <-> DISABLED <-> MALWARE-CNC BLYPT installer reuse outbound traffic (malware-cnc.rules)
 * 1:28009 <-> DISABLED <-> MALWARE-CNC BLYPT installer configkey outbound traffic (malware-cnc.rules)
 * 1:28010 <-> DISABLED <-> MALWARE-CNC BLYPT installer tserror outbound traffic (malware-cnc.rules)
 * 1:28011 <-> DISABLED <-> MALWARE-CNC BLYPT installer createproc outbound traffic (malware-cnc.rules)
 * 1:28012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:28033 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Urausy variant outbound connection (malware-cnc.rules)
 * 1:28040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules)
 * 1:28042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Caphaw variant outbound connection (malware-cnc.rules)
 * 1:28044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker variant connection (malware-cnc.rules)
 * 1:28045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBKrypt variant connection (malware-cnc.rules)
 * 1:28072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Omexo outbound connection (malware-cnc.rules)
 * 1:28073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32.Kimsuky variant file stealing (malware-cnc.rules)
 * 1:28074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ADKR connection (malware-cnc.rules)
 * 1:28075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.gzfw connection (malware-cnc.rules)
 * 1:28079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar variant outbound connection (malware-cnc.rules)
 * 1:28080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar data theft (malware-cnc.rules)
 * 1:28084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant connection (malware-cnc.rules)
 * 1:28094 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Liteol variant connection (malware-cnc.rules)
 * 1:28095 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Liteol variant connection (malware-cnc.rules)
 * 1:28096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spynet variant connection (malware-cnc.rules)
 * 1:28097 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ohlat variant connection (malware-cnc.rules)
 * 1:28105 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:28106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload information upload (malware-cnc.rules)
 * 1:28107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload download (malware-cnc.rules)
 * 1:28114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /default.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28115 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /file.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /home.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /install.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28118 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /login.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /search.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28120 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /start.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /welcome.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28122 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /index.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /setup.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28125 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant connection (malware-cnc.rules)
 * 1:28134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant connection (malware-cnc.rules)
 * 1:28141 <-> DISABLED <-> MALWARE-CNC Win.Trojan.banker outbound connection (malware-cnc.rules)
 * 1:28143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos outbound connection (malware-cnc.rules)
 * 1:28144 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32.Wpbrutebot variant connection (malware-cnc.rules)
 * 1:28146 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Salgorea variant connection (malware-cnc.rules)
 * 1:28147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules)
 * 1:28148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mevade variant outbound connection (malware-cnc.rules)
 * 1:28153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - /html2/ (malware-cnc.rules)
 * 1:28154 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - MSIE 7.1 (malware-cnc.rules)
 * 1:28155 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - MSIE 7.2 (malware-cnc.rules)
 * 1:28166 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bifrose variant connection (malware-cnc.rules)
 * 1:26448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakesig variant outbound connection (malware-cnc.rules)
 * 1:26449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules)
 * 1:26463 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linog.A variant outbound connection (malware-cnc.rules)
 * 1:26464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linog.A variant outbound connection (malware-cnc.rules)
 * 1:26467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Magic variant inbound connection (malware-cnc.rules)
 * 1:26480 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot fake PNG config file download without User-Agent (malware-cnc.rules)
 * 1:26482 <-> DISABLED <-> MALWARE-CNC Unknown Thinner Encrypted POST botnet C&C (malware-cnc.rules)
 * 1:26522 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent NOKIAN95/WEB (malware-cnc.rules)
 * 1:26533 <-> DISABLED <-> MALWARE-CNC Unknown malware - Incorrect headers - Referer HTTP/1.0 (malware-cnc.rules)
 * 1:26558 <-> DISABLED <-> MALWARE-CNC User-Agent known Malicious user agent Brutus AET (malware-cnc.rules)
 * 1:26560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - getcomando POST data (malware-cnc.rules)
 * 1:26561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:26563 <-> DISABLED <-> MALWARE-CNC Harakit botnet traffic (malware-cnc.rules)
 * 1:26576 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules)
 * 1:26577 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent Opera 10 (malware-cnc.rules)
 * 1:26578 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy/FakeAV Checkin with IE6 User-Agent (malware-cnc.rules)
 * 1:26579 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy/FakeAV Checkin with IE6 User-Agent (malware-cnc.rules)
 * 1:26604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bydra variant outbound connection (malware-cnc.rules)
 * 1:26605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bydra variant outbound connection (malware-cnc.rules)
 * 1:26606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sosork variant outbound connection (malware-cnc.rules)
 * 1:26607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korlia variant outbound connection (malware-cnc.rules)
 * 1:26608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rocra variant outbound connection (malware-cnc.rules)
 * 1:26609 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Dockster variant outbound connection (malware-cnc.rules)
 * 1:26613 <-> DISABLED <-> MALWARE-CNC Medfos Trojan variant outbound connection (malware-cnc.rules)
 * 1:26656 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Travnet Botnet data upload (malware-cnc.rules)
 * 1:26657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz variant outbound connection (malware-cnc.rules)
 * 1:26677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules)
 * 1:26678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules)
 * 1:26679 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules)
 * 1:26680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules)
 * 1:26681 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules)
 * 1:26683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shyape variant outbound connection (malware-cnc.rules)
 * 1:26684 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neshax variant outbound connection (malware-cnc.rules)
 * 1:26685 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string J13A (malware-cnc.rules)
 * 1:26686 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alina (malware-cnc.rules)
 * 1:26690 <-> DISABLED <-> MALWARE-CNC Miniduke server contact (malware-cnc.rules)
 * 1:26691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UFRStealer variant outbound connection (malware-cnc.rules)
 * 1:26692 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyremoav variant outbound connection (malware-cnc.rules)
 * 1:26695 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Namihno variant outbound request (malware-cnc.rules)
 * 1:26696 <-> DISABLED <-> MALWARE-CNC Cbeplay Ransomware variant outbound connection - Abnormal HTTP Headers (malware-cnc.rules)
 * 1:25547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules)
 * 1:25551 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dipasik variant outbound connection (malware-cnc.rules)
 * 1:25553 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (malware-cnc.rules)
 * 1:25570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medialabs variant outbound connection (malware-cnc.rules)
 * 1:25571 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medialabs variant outbound connection (malware-cnc.rules)
 * 1:25572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut variant outbound connection (malware-cnc.rules)
 * 1:25577 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Necurs possible URI with encrypted POST (malware-cnc.rules)
 * 1:25599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gupboot variant outbound connection (malware-cnc.rules)
 * 1:25600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dilavtor variant outbound connection (malware-cnc.rules)
 * 1:25609 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:25610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mofsmall variant outbound connection (malware-cnc.rules)
 * 1:25623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jimpime variant outbound connection (malware-cnc.rules)
 * 1:25625 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Daws variant outbound connection (malware-cnc.rules)
 * 1:25626 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:25628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant connect to cnc-server (malware-cnc.rules)
 * 1:25632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Golisy variant outbound connection (malware-cnc.rules)
 * 1:25652 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptic variant outbound connection (malware-cnc.rules)
 * 1:25660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules)
 * 1:25661 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules)
 * 1:25662 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chowspy variant outbound connection (malware-cnc.rules)
 * 1:25663 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rimod variant outbound connection (malware-cnc.rules)
 * 1:25665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sycomder variant outbound connection (malware-cnc.rules)
 * 1:25666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25667 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nflog variant outbound connection (malware-cnc.rules)
 * 1:25668 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nflog variant outbound connection (malware-cnc.rules)
 * 1:25669 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Selasloot variant outbound connection (malware-cnc.rules)
 * 1:25671 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25672 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound connection (malware-cnc.rules)
 * 1:25673 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.QQDragon variant outbound connection (malware-cnc.rules)
 * 1:25674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shimwoc variant outbound connection (malware-cnc.rules)
 * 1:25675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeavlock variant outbound connection (malware-cnc.rules)
 * 1:25765 <-> DISABLED <-> MALWARE-CNC Trojan Agent YEH variant outbound connection (malware-cnc.rules)
 * 1:25766 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:25807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Urausy Botnet variant outbound connection (malware-cnc.rules)
 * 1:25829 <-> DISABLED <-> MALWARE-CNC Trojan Banker FTC variant outbound connection (malware-cnc.rules)
 * 1:25854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection - MSIE7 No Referer No Cookie (malware-cnc.rules)
 * 1:25863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.QBundle variant outbound connection (malware-cnc.rules)
 * 1:25865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boolflot variant outbound connection (malware-cnc.rules)
 * 1:25974 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lukprofin variant outbound connection (malware-cnc.rules)
 * 1:25979 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lukprofin variant outbound connection (malware-cnc.rules)
 * 1:25980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pass (malware-cnc.rules)
 * 1:25987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upof variant outbound connection (malware-cnc.rules)
 * 1:25990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (malware-cnc.rules)
 * 1:25991 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (malware-cnc.rules)
 * 1:25992 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules)
 * 1:25993 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules)
 * 1:25994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reswor variant outbound connection (malware-cnc.rules)
 * 1:26010 <-> DISABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules)
 * 1:26011 <-> DISABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules)
 * 1:26019 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bredo variant outbound connection (malware-cnc.rules)
 * 1:26023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant in.php outbound connection (malware-cnc.rules)
 * 1:26024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wecod variant outbound connection (malware-cnc.rules)
 * 1:26072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locati variant outbound connection (malware-cnc.rules)
 * 1:26075 <-> DISABLED <-> MALWARE-CNC Bancos variant outbound connection SQL query POST data (malware-cnc.rules)
 * 1:26086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Exicon variant outbound connection (malware-cnc.rules)
 * 1:26088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Encriyoko variant outbound connection (malware-cnc.rules)
 * 1:26106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:26115 <-> DISABLED <-> MALWARE-CNC NSIS.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26116 <-> DISABLED <-> MALWARE-CNC NSIS.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarctox variant outbound connection (malware-cnc.rules)
 * 1:26118 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26201 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lobparck variant outbound connection (malware-cnc.rules)
 * 1:26202 <-> DISABLED <-> MALWARE-CNC VBS.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gupd variant outbound connection (malware-cnc.rules)
 * 1:26204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malex variant outbound connection (malware-cnc.rules)
 * 1:26211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eldorado variant outbound connection (malware-cnc.rules)
 * 1:26238 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Snopexy variant outbound connection (malware-cnc.rules)
 * 1:26239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stehlox variant outbound connection (malware-cnc.rules)
 * 1:26240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vkeikooc variant outbound connection (malware-cnc.rules)
 * 1:26244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Troll variant outbound connection (malware-cnc.rules)
 * 1:26245 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:26248 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent cibabam (malware-cnc.rules)
 * 1:26249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Sonide variant outbound connection (malware-cnc.rules)
 * 1:26260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Vectmp variant outbound connection (malware-cnc.rules)
 * 1:26266 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26267 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Surok variant outbound connection (malware-cnc.rules)
 * 1:26285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Garveep variant outbound connection (malware-cnc.rules)
 * 1:26288 <-> DISABLED <-> MALWARE-CNC Brontok Worm variant outbound connection (malware-cnc.rules)
 * 1:26289 <-> DISABLED <-> MALWARE-CNC Daws Trojan Outbound Plaintext over SSL Port (malware-cnc.rules)
 * 1:26319 <-> DISABLED <-> MALWARE-CNC file path used as User-Agent - potential Trojan (malware-cnc.rules)
 * 1:26325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules)
 * 1:26327 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Flashfake variant outbound connection (malware-cnc.rules)
 * 1:26331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qhost variant outbound connection (malware-cnc.rules)
 * 1:26335 <-> DISABLED <-> MALWARE-CNC FBI Ransom Trojan variant outbound connection (malware-cnc.rules)
 * 1:26370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - ksa.txt (malware-cnc.rules)
 * 1:26371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - op POST (malware-cnc.rules)
 * 1:26398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue variant outbound connection (malware-cnc.rules)
 * 1:26428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:26444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26445 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler variant outbound connection (malware-cnc.rules)
 * 1:28192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz Potential Phishing URL (malware-cnc.rules)
 * 1:28209 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules)
 * 1:28210 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules)
 * 1:28211 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules)
 * 1:28212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bitsto variant connection (malware-cnc.rules)
 * 1:28216 <-> DISABLED <-> MALWARE-CNC known malware FTP login (malware-cnc.rules)
 * 1:28230 <-> DISABLED <-> MALWARE-CNC Boot.Bootroot Variant data upload (malware-cnc.rules)
 * 1:28234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hdslogger outbound connection (malware-cnc.rules)
 * 1:28239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tuxido outbound connection (malware-cnc.rules)
 * 1:28242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KanKan variant connection (malware-cnc.rules)
 * 1:28244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phrovon outbound connection (malware-cnc.rules)
 * 1:28247 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules)
 * 1:28250 <-> DISABLED <-> MALWARE-CNC Security Cleaner Pro Install Confirmation (malware-cnc.rules)
 * 1:28254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perl.Shellbot variant outbound connection (malware-cnc.rules)
 * 1:28255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz Potential phishing URL (malware-cnc.rules)
 * 1:28285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.hdog connectivity check-in version 2 (malware-cnc.rules)
 * 1:28300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant connection (malware-cnc.rules)
 * 1:28323 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:28325 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zuza variant outbound connection (malware-cnc.rules)
 * 1:28326 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zuza variant outbound connection (malware-cnc.rules)
 * 1:28328 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Hupigon variant outbound connection (malware-cnc.rules)
 * 1:28362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string SUiCiDE/1.5 (malware-cnc.rules)
 * 1:28366 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Venik variant outbound connection (malware-cnc.rules)
 * 1:28373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mutopy variant outbound connection (malware-cnc.rules)
 * 1:28399 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Tsunami outbound connection (malware-cnc.rules)
 * 1:28405 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:28406 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:28410 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner variant outbound connection (malware-cnc.rules)
 * 1:28411 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner variant outbound connection (malware-cnc.rules)
 * 1:28415 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:28416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker outbound connection (malware-cnc.rules)
 * 1:28417 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Molgomsg variant outbound connection (malware-cnc.rules)
 * 1:28418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Dtcontx outbound connection (malware-cnc.rules)
 * 1:28419 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tesch variant outbound connection (malware-cnc.rules)
 * 1:28444 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CBgate variant outbound connection (malware-cnc.rules)
 * 1:28446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant SQL check-in (malware-cnc.rules)
 * 1:28463 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AllAple Variant ICMP flood (malware-cnc.rules)
 * 1:28484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delpbank variant outbound connection (malware-cnc.rules)
 * 1:28485 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Khalog variant outbound connection (malware-cnc.rules)
 * 1:28486 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Codiltak variant outbound connection (malware-cnc.rules)
 * 1:28528 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (malware-cnc.rules)
 * 1:28529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (malware-cnc.rules)
 * 1:28538 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox/Kuluoz variant connection (malware-cnc.rules)
 * 1:28541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess Download Headers (malware-cnc.rules)
 * 1:28542 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules)
 * 1:28543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules)
 * 1:28547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:28548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.chfx variant outbound connection (malware-cnc.rules)
 * 1:28551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NXI ftp username connection (malware-cnc.rules)
 * 1:28553 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /main.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28554 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /online.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28558 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string getURLdown (malware-cnc.rules)
 * 1:28559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules)
 * 1:28560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plugx FTP keepalive outbound connection (malware-cnc.rules)
 * 1:28561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plugx outbound connection (malware-cnc.rules)
 * 1:28562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sidopa variant outbound connection (malware-cnc.rules)
 * 1:28563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pkdesco variant outbound connection (malware-cnc.rules)
 * 1:28564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pkdesco variant outbound connection (malware-cnc.rules)
 * 1:28565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sluegot variant connection (malware-cnc.rules)
 * 1:28599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Lesirt variant outbound connection (malware-cnc.rules)
 * 1:28604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kasnam variant connection (malware-cnc.rules)
 * 1:28605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kasnam variant connection (malware-cnc.rules)
 * 1:28606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Surtr variant connection (malware-cnc.rules)
 * 1:28607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:28724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent outbound connection (malware-cnc.rules)
 * 1:28799 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mxtcycle variant outbound connection (malware-cnc.rules)
 * 1:28800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (malware-cnc.rules)
 * 1:28802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos outbound connection (malware-cnc.rules)
 * 1:28803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector inbound connection (malware-cnc.rules)
 * 1:28804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector outbound connection (malware-cnc.rules)
 * 1:28805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Palevo outbound connection (malware-cnc.rules)
 * 1:28807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules)
 * 1:28808 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Ptiger variant outbound connection (malware-cnc.rules)
 * 1:28809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil inbound connection (malware-cnc.rules)
 * 1:28810 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection - MSIE7 No Referer No Cookie (malware-cnc.rules)
 * 1:28813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ufraie variant outbound connection (malware-cnc.rules)
 * 1:28814 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi/Neverquest variant outbound connection (malware-cnc.rules)
 * 1:28815 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi/Neverquest variant outbound connection (malware-cnc.rules)
 * 1:28816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Siluhdur variant outbound connection (malware-cnc.rules)
 * 1:28820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:28852 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules)
 * 1:28853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dipverdle variant outbound connection (malware-cnc.rules)
 * 1:28856 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yowdab variant connection (malware-cnc.rules)
 * 1:28857 <-> DISABLED <-> MALWARE-CNC Adwind UNRECOM connnection back to cnc server (malware-cnc.rules)
 * 1:28858 <-> DISABLED <-> MALWARE-CNC Adwind UNRECOM connnection back to cnc server (malware-cnc.rules)
 * 1:28859 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent z00sAgent - Win.Trojan.Zbot (malware-cnc.rules)
 * 1:28860 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Nitedrem (malware-cnc.rules)
 * 1:28861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Roxfora variant outbound connection (malware-cnc.rules)
 * 1:28864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tofsee variant outbound connection (malware-cnc.rules)
 * 1:28886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules)
 * 1:28914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Anony variant connection (malware-cnc.rules)
 * 1:28918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant network connectivity check (malware-cnc.rules)
 * 1:28919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant network connectivity check (malware-cnc.rules)
 * 1:28930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeav variant outbound data connection (malware-cnc.rules)
 * 1:28940 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix malicious download (malware-cnc.rules)
 * 1:28947 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tapaoux variant connection (malware-cnc.rules)
 * 1:28948 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishlog variant outbound connection (malware-cnc.rules)
 * 1:28949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishlog variant outbound connection (malware-cnc.rules)
 * 1:28958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jussuc variant outbound connection (malware-cnc.rules)
 * 1:28960 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alurewo outbound connection (malware-cnc.rules)
 * 1:48157 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules)

2020-10-08 13:28:31 UTC

Snort Subscriber Rules Update

Date: 2020-10-08

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:55929 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9774504-0 download attempt (malware-other.rules)
 * 1:55931 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant outbound connection attempt (malware-cnc.rules)
 * 1:55932 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic malicious RemoteConstructor deserialization attempt (server-other.rules)
 * 1:55930 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9774504-0 download attempt (malware-other.rules)
 * 1:55933 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic malicious RemoteConstructor deserialization attempt (server-other.rules)

Modified Rules:


 * 1:25547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules)
 * 1:25551 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dipasik variant outbound connection (malware-cnc.rules)
 * 1:25553 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (malware-cnc.rules)
 * 1:25570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medialabs variant outbound connection (malware-cnc.rules)
 * 1:25571 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medialabs variant outbound connection (malware-cnc.rules)
 * 1:25572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut variant outbound connection (malware-cnc.rules)
 * 1:25577 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Necurs possible URI with encrypted POST (malware-cnc.rules)
 * 1:25599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gupboot variant outbound connection (malware-cnc.rules)
 * 1:25600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dilavtor variant outbound connection (malware-cnc.rules)
 * 1:25609 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:25610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mofsmall variant outbound connection (malware-cnc.rules)
 * 1:25623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jimpime variant outbound connection (malware-cnc.rules)
 * 1:25625 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Daws variant outbound connection (malware-cnc.rules)
 * 1:25626 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:25628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant connect to cnc-server (malware-cnc.rules)
 * 1:25632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Golisy variant outbound connection (malware-cnc.rules)
 * 1:25652 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptic variant outbound connection (malware-cnc.rules)
 * 1:25660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules)
 * 1:25661 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules)
 * 1:25662 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chowspy variant outbound connection (malware-cnc.rules)
 * 1:25663 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rimod variant outbound connection (malware-cnc.rules)
 * 1:25665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sycomder variant outbound connection (malware-cnc.rules)
 * 1:25666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25667 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nflog variant outbound connection (malware-cnc.rules)
 * 1:25668 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nflog variant outbound connection (malware-cnc.rules)
 * 1:25669 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Selasloot variant outbound connection (malware-cnc.rules)
 * 1:25671 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25672 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound connection (malware-cnc.rules)
 * 1:25673 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.QQDragon variant outbound connection (malware-cnc.rules)
 * 1:25674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shimwoc variant outbound connection (malware-cnc.rules)
 * 1:25675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeavlock variant outbound connection (malware-cnc.rules)
 * 1:25765 <-> DISABLED <-> MALWARE-CNC Trojan Agent YEH variant outbound connection (malware-cnc.rules)
 * 1:25766 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:25807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Urausy Botnet variant outbound connection (malware-cnc.rules)
 * 1:25829 <-> DISABLED <-> MALWARE-CNC Trojan Banker FTC variant outbound connection (malware-cnc.rules)
 * 1:25854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection - MSIE7 No Referer No Cookie (malware-cnc.rules)
 * 1:25863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.QBundle variant outbound connection (malware-cnc.rules)
 * 1:25865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boolflot variant outbound connection (malware-cnc.rules)
 * 1:25974 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lukprofin variant outbound connection (malware-cnc.rules)
 * 1:25979 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lukprofin variant outbound connection (malware-cnc.rules)
 * 1:25980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pass (malware-cnc.rules)
 * 1:25987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upof variant outbound connection (malware-cnc.rules)
 * 1:25990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (malware-cnc.rules)
 * 1:25991 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (malware-cnc.rules)
 * 1:25992 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules)
 * 1:25993 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules)
 * 1:25994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reswor variant outbound connection (malware-cnc.rules)
 * 1:26010 <-> DISABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules)
 * 1:26011 <-> DISABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules)
 * 1:26019 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bredo variant outbound connection (malware-cnc.rules)
 * 1:26023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant in.php outbound connection (malware-cnc.rules)
 * 1:26024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wecod variant outbound connection (malware-cnc.rules)
 * 1:26072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locati variant outbound connection (malware-cnc.rules)
 * 1:26075 <-> DISABLED <-> MALWARE-CNC Bancos variant outbound connection SQL query POST data (malware-cnc.rules)
 * 1:26086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Exicon variant outbound connection (malware-cnc.rules)
 * 1:26088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Encriyoko variant outbound connection (malware-cnc.rules)
 * 1:26106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:26115 <-> DISABLED <-> MALWARE-CNC NSIS.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26116 <-> DISABLED <-> MALWARE-CNC NSIS.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarctox variant outbound connection (malware-cnc.rules)
 * 1:26118 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26201 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lobparck variant outbound connection (malware-cnc.rules)
 * 1:26202 <-> DISABLED <-> MALWARE-CNC VBS.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gupd variant outbound connection (malware-cnc.rules)
 * 1:26204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malex variant outbound connection (malware-cnc.rules)
 * 1:26211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eldorado variant outbound connection (malware-cnc.rules)
 * 1:26238 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Snopexy variant outbound connection (malware-cnc.rules)
 * 1:26239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stehlox variant outbound connection (malware-cnc.rules)
 * 1:26240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vkeikooc variant outbound connection (malware-cnc.rules)
 * 1:26244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Troll variant outbound connection (malware-cnc.rules)
 * 1:26245 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:26248 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent cibabam (malware-cnc.rules)
 * 1:26249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Sonide variant outbound connection (malware-cnc.rules)
 * 1:26260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Vectmp variant outbound connection (malware-cnc.rules)
 * 1:26266 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26267 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Surok variant outbound connection (malware-cnc.rules)
 * 1:26285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Garveep variant outbound connection (malware-cnc.rules)
 * 1:26288 <-> DISABLED <-> MALWARE-CNC Brontok Worm variant outbound connection (malware-cnc.rules)
 * 1:26289 <-> DISABLED <-> MALWARE-CNC Daws Trojan Outbound Plaintext over SSL Port (malware-cnc.rules)
 * 1:26319 <-> DISABLED <-> MALWARE-CNC file path used as User-Agent - potential Trojan (malware-cnc.rules)
 * 1:26325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules)
 * 1:26327 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Flashfake variant outbound connection (malware-cnc.rules)
 * 1:26331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qhost variant outbound connection (malware-cnc.rules)
 * 1:26335 <-> DISABLED <-> MALWARE-CNC FBI Ransom Trojan variant outbound connection (malware-cnc.rules)
 * 1:26370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - ksa.txt (malware-cnc.rules)
 * 1:26371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - op POST (malware-cnc.rules)
 * 1:26398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue variant outbound connection (malware-cnc.rules)
 * 1:26428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:26444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26445 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler variant outbound connection (malware-cnc.rules)
 * 1:26448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakesig variant outbound connection (malware-cnc.rules)
 * 1:26449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules)
 * 1:26463 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linog.A variant outbound connection (malware-cnc.rules)
 * 1:26464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linog.A variant outbound connection (malware-cnc.rules)
 * 1:26467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Magic variant inbound connection (malware-cnc.rules)
 * 1:26480 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot fake PNG config file download without User-Agent (malware-cnc.rules)
 * 1:26482 <-> DISABLED <-> MALWARE-CNC Unknown Thinner Encrypted POST botnet C&C (malware-cnc.rules)
 * 1:26522 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent NOKIAN95/WEB (malware-cnc.rules)
 * 1:26533 <-> DISABLED <-> MALWARE-CNC Unknown malware - Incorrect headers - Referer HTTP/1.0 (malware-cnc.rules)
 * 1:26558 <-> DISABLED <-> MALWARE-CNC User-Agent known Malicious user agent Brutus AET (malware-cnc.rules)
 * 1:26560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - getcomando POST data (malware-cnc.rules)
 * 1:26561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:26563 <-> DISABLED <-> MALWARE-CNC Harakit botnet traffic (malware-cnc.rules)
 * 1:26576 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules)
 * 1:26577 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent Opera 10 (malware-cnc.rules)
 * 1:26578 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy/FakeAV Checkin with IE6 User-Agent (malware-cnc.rules)
 * 1:26579 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy/FakeAV Checkin with IE6 User-Agent (malware-cnc.rules)
 * 1:26604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bydra variant outbound connection (malware-cnc.rules)
 * 1:26605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bydra variant outbound connection (malware-cnc.rules)
 * 1:26606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sosork variant outbound connection (malware-cnc.rules)
 * 1:26607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korlia variant outbound connection (malware-cnc.rules)
 * 1:28106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload information upload (malware-cnc.rules)
 * 1:28097 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ohlat variant connection (malware-cnc.rules)
 * 1:26609 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Dockster variant outbound connection (malware-cnc.rules)
 * 1:26613 <-> DISABLED <-> MALWARE-CNC Medfos Trojan variant outbound connection (malware-cnc.rules)
 * 1:26656 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Travnet Botnet data upload (malware-cnc.rules)
 * 1:26657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz variant outbound connection (malware-cnc.rules)
 * 1:26677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules)
 * 1:26678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules)
 * 1:26679 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules)
 * 1:26680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules)
 * 1:26681 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules)
 * 1:26683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shyape variant outbound connection (malware-cnc.rules)
 * 1:26684 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neshax variant outbound connection (malware-cnc.rules)
 * 1:26685 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string J13A (malware-cnc.rules)
 * 1:26686 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alina (malware-cnc.rules)
 * 1:26690 <-> DISABLED <-> MALWARE-CNC Miniduke server contact (malware-cnc.rules)
 * 1:26691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UFRStealer variant outbound connection (malware-cnc.rules)
 * 1:26692 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyremoav variant outbound connection (malware-cnc.rules)
 * 1:26695 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Namihno variant outbound request (malware-cnc.rules)
 * 1:26696 <-> DISABLED <-> MALWARE-CNC Cbeplay Ransomware variant outbound connection - Abnormal HTTP Headers (malware-cnc.rules)
 * 1:26697 <-> DISABLED <-> MALWARE-CNC Cbeplay Ransomware variant outbound connection - POST Body (malware-cnc.rules)
 * 1:26702 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win (malware-cnc.rules)
 * 1:26703 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upero variant outbound connection (malware-cnc.rules)
 * 1:26712 <-> DISABLED <-> MALWARE-CNC Kazy Trojan check-in (malware-cnc.rules)
 * 1:26713 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 1 outbound traffic (malware-cnc.rules)
 * 1:26714 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 2 outbound traffic (malware-cnc.rules)
 * 1:26715 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 3 outbound traffic (malware-cnc.rules)
 * 1:26719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules)
 * 1:26720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules)
 * 1:26721 <-> DISABLED <-> MALWARE-CNC Pushdo Spiral Traffic (malware-cnc.rules)
 * 1:26722 <-> DISABLED <-> MALWARE-CNC Bancos fake JPG encrypted config file download (malware-cnc.rules)
 * 1:26723 <-> DISABLED <-> MALWARE-CNC Trojan Downloader7 (malware-cnc.rules)
 * 1:26725 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc http command (malware-cnc.rules)
 * 1:26726 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc stop command (malware-cnc.rules)
 * 1:26727 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc die command (malware-cnc.rules)
 * 1:26728 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc sleep command (malware-cnc.rules)
 * 1:26729 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc simple command (malware-cnc.rules)
 * 1:26730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc loginpost command (malware-cnc.rules)
 * 1:26731 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc datapost command (malware-cnc.rules)
 * 1:26732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc syn command (malware-cnc.rules)
 * 1:26733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udp command (malware-cnc.rules)
 * 1:26734 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udpdata command (malware-cnc.rules)
 * 1:26735 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc data command (malware-cnc.rules)
 * 1:26736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc icmp command (malware-cnc.rules)
 * 1:28209 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules)
 * 1:28210 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules)
 * 1:28211 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules)
 * 1:28212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bitsto variant connection (malware-cnc.rules)
 * 1:28216 <-> DISABLED <-> MALWARE-CNC known malware FTP login (malware-cnc.rules)
 * 1:28230 <-> DISABLED <-> MALWARE-CNC Boot.Bootroot Variant data upload (malware-cnc.rules)
 * 1:28234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hdslogger outbound connection (malware-cnc.rules)
 * 1:28239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tuxido outbound connection (malware-cnc.rules)
 * 1:28242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KanKan variant connection (malware-cnc.rules)
 * 1:28244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phrovon outbound connection (malware-cnc.rules)
 * 1:28247 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules)
 * 1:28250 <-> DISABLED <-> MALWARE-CNC Security Cleaner Pro Install Confirmation (malware-cnc.rules)
 * 1:28254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perl.Shellbot variant outbound connection (malware-cnc.rules)
 * 1:28255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz Potential phishing URL (malware-cnc.rules)
 * 1:28285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.hdog connectivity check-in version 2 (malware-cnc.rules)
 * 1:28300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant connection (malware-cnc.rules)
 * 1:28323 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:28325 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zuza variant outbound connection (malware-cnc.rules)
 * 1:28326 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zuza variant outbound connection (malware-cnc.rules)
 * 1:28328 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Hupigon variant outbound connection (malware-cnc.rules)
 * 1:28362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string SUiCiDE/1.5 (malware-cnc.rules)
 * 1:28366 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Venik variant outbound connection (malware-cnc.rules)
 * 1:28373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mutopy variant outbound connection (malware-cnc.rules)
 * 1:28399 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Tsunami outbound connection (malware-cnc.rules)
 * 1:28405 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:28406 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:28410 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner variant outbound connection (malware-cnc.rules)
 * 1:28411 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner variant outbound connection (malware-cnc.rules)
 * 1:28415 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:28416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker outbound connection (malware-cnc.rules)
 * 1:28417 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Molgomsg variant outbound connection (malware-cnc.rules)
 * 1:28418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Dtcontx outbound connection (malware-cnc.rules)
 * 1:28419 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tesch variant outbound connection (malware-cnc.rules)
 * 1:28444 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CBgate variant outbound connection (malware-cnc.rules)
 * 1:28446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant SQL check-in (malware-cnc.rules)
 * 1:28463 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AllAple Variant ICMP flood (malware-cnc.rules)
 * 1:28484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delpbank variant outbound connection (malware-cnc.rules)
 * 1:28485 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Khalog variant outbound connection (malware-cnc.rules)
 * 1:28486 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Codiltak variant outbound connection (malware-cnc.rules)
 * 1:28528 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (malware-cnc.rules)
 * 1:28529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (malware-cnc.rules)
 * 1:28538 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox/Kuluoz variant connection (malware-cnc.rules)
 * 1:26737 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc tcpdata command (malware-cnc.rules)
 * 1:26738 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dataget command (malware-cnc.rules)
 * 1:26739 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc connect command (malware-cnc.rules)
 * 1:26740 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dns command (malware-cnc.rules)
 * 1:26741 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc exec command (malware-cnc.rules)
 * 1:26742 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc resolve command (malware-cnc.rules)
 * 1:26743 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc antiddos command (malware-cnc.rules)
 * 1:26744 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc range command (malware-cnc.rules)
 * 1:26745 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc ftp command (malware-cnc.rules)
 * 1:26746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc download command (malware-cnc.rules)
 * 1:26747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc fastddos command (malware-cnc.rules)
 * 1:26748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc slowhttp command (malware-cnc.rules)
 * 1:26749 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc allhttp command (malware-cnc.rules)
 * 1:26750 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc full command (malware-cnc.rules)
 * 1:26751 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - msctls_progress32 (malware-cnc.rules)
 * 1:26756 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Datcaen variant outbound connection (malware-cnc.rules)
 * 1:26757 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Datcaen variant outbound connection (malware-cnc.rules)
 * 1:26758 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elefin variant outbound connection (malware-cnc.rules)
 * 1:26763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:26770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:26771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:26774 <-> DISABLED <-> MALWARE-CNC Win.Worm.Luder variant outbound connection (malware-cnc.rules)
 * 1:26775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker variant outbound connection HTTP Header Structure (malware-cnc.rules)
 * 1:26776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker variant outbound connection POST (malware-cnc.rules)
 * 1:26777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:26779 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex encrypted POST check-in (malware-cnc.rules)
 * 1:26780 <-> DISABLED <-> MALWARE-CNC cridex HTTP Response - default0.js (malware-cnc.rules)
 * 1:26785 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qrmon variant outbound connection (malware-cnc.rules)
 * 1:26792 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbula variant outbound connection (malware-cnc.rules)
 * 1:26793 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbula variant initial CNC contact (malware-cnc.rules)
 * 1:26809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor.Tomvode variant outbound connection (malware-cnc.rules)
 * 1:26811 <-> DISABLED <-> MALWARE-CNC XP Fake Antivirus Payment Page Request (malware-cnc.rules)
 * 1:26812 <-> DISABLED <-> MALWARE-CNC XP Fake Antivirus Check-in (malware-cnc.rules)
 * 1:26813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato CMS spambot check-in (malware-cnc.rules)
 * 1:26815 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.KitM variant outbound connection user-agent (malware-cnc.rules)
 * 1:26816 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.KitM variant outbound connection (malware-cnc.rules)
 * 1:26818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Zawat variant outbound connection (malware-cnc.rules)
 * 1:26819 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Datash variant outbound connection (malware-cnc.rules)
 * 1:26820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Datash variant outbound connection (malware-cnc.rules)
 * 1:26822 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules)
 * 1:26828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uperti variant outbound connection (malware-cnc.rules)
 * 1:26835 <-> DISABLED <-> MALWARE-CNC RDN Banker POST variant outbound connection (malware-cnc.rules)
 * 1:26836 <-> DISABLED <-> MALWARE-CNC RDN Banker Strange Google Traffic (malware-cnc.rules)
 * 1:26837 <-> DISABLED <-> MALWARE-CNC BitBot Idle C2 response (malware-cnc.rules)
 * 1:26840 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (malware-cnc.rules)
 * 1:26841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (malware-cnc.rules)
 * 1:26880 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zotob.E gc.exe download (malware-cnc.rules)
 * 1:26911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules)
 * 1:26912 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules)
 * 1:26923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:26924 <-> DISABLED <-> MALWARE-CNC Potential Gozi Trojan HTTP Header Structure (malware-cnc.rules)
 * 1:26930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules)
 * 1:26931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules)
 * 1:26932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules)
 * 1:26940 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TripleNine RAT beacon (malware-cnc.rules)
 * 1:26941 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PipCreat RAT dropper download (malware-cnc.rules)
 * 1:26942 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PipCreat RAT beacon (malware-cnc.rules)
 * 1:26943 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Post_Show RAT beacon (malware-cnc.rules)
 * 1:26944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Post_Show RAT beacon (malware-cnc.rules)
 * 1:26945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bisonal RAT beacon (malware-cnc.rules)
 * 1:26946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uptime RAT beacon (malware-cnc.rules)
 * 1:26952 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcim variant outbound connection (malware-cnc.rules)
 * 1:26954 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Talsab variant outbound connection (malware-cnc.rules)
 * 1:26955 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Talsab variant outbound connection (malware-cnc.rules)
 * 1:26965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Facebook Secure Cryptor C2 (malware-cnc.rules)
 * 1:26966 <-> DISABLED <-> MALWARE-CNC Win32/Autorun.JN variant outbound connection (malware-cnc.rules)
 * 1:26967 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:26968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi Data Theft POST Data (malware-cnc.rules)
 * 1:26969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi Trojan Data Theft POST URL (malware-cnc.rules)
 * 1:26970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pirminay variant outbound connection (malware-cnc.rules)
 * 1:26984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector Info Stealer Trojan variant outbound connection (malware-cnc.rules)
 * 1:26986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xenil variant outbound connection (malware-cnc.rules)
 * 1:26987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyvadextr variant outbound connection (malware-cnc.rules)
 * 1:26995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26997 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Morcut variant outbound connection (malware-cnc.rules)
 * 1:26998 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Morcut file download (malware-cnc.rules)
 * 1:26999 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chinoxy variant outbound connection (malware-cnc.rules)
 * 1:27000 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chinoxy variant outbound connection (malware-cnc.rules)
 * 1:27002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:27003 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:27007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:27008 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:27010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot payment .scr download (malware-cnc.rules)
 * 1:27012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant outbound connection (malware-cnc.rules)
 * 1:27013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant inbound connection (malware-cnc.rules)
 * 1:27014 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epipenwa variant outbound connection (malware-cnc.rules)
 * 1:27017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato variant inbound response connection (malware-cnc.rules)
 * 1:27021 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Layvam variant outbound connection (malware-cnc.rules)
 * 1:27022 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules)
 * 1:27023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules)
 * 1:27033 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Transhell variant outbound connection user-agent (malware-cnc.rules)
 * 1:27039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.OnlineGameHack variant outbound connection (malware-cnc.rules)
 * 1:27044 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string pb - Htbot (malware-cnc.rules)
 * 1:27045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker Download (malware-cnc.rules)
 * 1:27049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dokstormac variant outbound connection (malware-cnc.rules)
 * 1:27054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant outbound connection (malware-cnc.rules)
 * 1:27058 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.HackBack variant outbound connection (malware-cnc.rules)
 * 1:27093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules)
 * 1:27120 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:27169 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atezag variant outbound connection (malware-cnc.rules)
 * 1:27199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meredrop variant outbound connection GET Request (malware-cnc.rules)
 * 1:27201 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neurevt variant outbound connection (malware-cnc.rules)
 * 1:27200 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meredrop variant outbound connection POST Request (malware-cnc.rules)
 * 1:26608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rocra variant outbound connection (malware-cnc.rules)
 * 1:27248 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue - Mozi1la User-Agent (malware-cnc.rules)
 * 1:27252 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess 111-byte URL variant outbound connection (malware-cnc.rules)
 * 1:27256 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik Drive-by Download Malware (malware-cnc.rules)
 * 1:27257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptic 7-byte URI Invalid Firefox Headers - no Accept-Language (malware-cnc.rules)
 * 1:27260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Java.Agent.NFK variant connection (malware-cnc.rules)
 * 1:27263 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - yahoonews (malware-cnc.rules)
 * 1:27533 <-> DISABLED <-> MALWARE-CNC Potential Win.Trojan.Kraziomel Download - 000.jpg (malware-cnc.rules)
 * 1:27551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorapu variant outbound connection (malware-cnc.rules)
 * 1:27558 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bezigate variant outbound connection (malware-cnc.rules)
 * 1:27567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix malicious download request (malware-cnc.rules)
 * 1:27577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:27596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redyms variant outbound connection (malware-cnc.rules)
 * 1:27599 <-> DISABLED <-> MALWARE-CNC Fort Disco Registration variant outbound connection (malware-cnc.rules)
 * 1:27600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nawpers variant connection (malware-cnc.rules)
 * 1:27629 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules)
 * 1:27630 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules)
 * 1:27631 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules)
 * 1:27633 <-> DISABLED <-> MALWARE-CNC Worm.Silly variant outbound connection (malware-cnc.rules)
 * 1:27636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Likseput variant connection (malware-cnc.rules)
 * 1:27637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syhcmd variant connection (malware-cnc.rules)
 * 1:27639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epipenwa variant connection (malware-cnc.rules)
 * 1:27640 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chekafe variant connection (malware-cnc.rules)
 * 1:27641 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meilat variant connection (malware-cnc.rules)
 * 1:27642 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downbot variant connection (malware-cnc.rules)
 * 1:27643 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Betabot variant connection (malware-cnc.rules)
 * 1:27644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Merong variant connection (malware-cnc.rules)
 * 1:27645 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Binjo variant outbound connection (malware-cnc.rules)
 * 1:27647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nelaja variant outbound connection (malware-cnc.rules)
 * 1:27648 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker.ZSL variant outbound connection (malware-cnc.rules)
 * 1:27649 <-> DISABLED <-> MALWARE-CNC Brazilian Banking Trojan data theft (malware-cnc.rules)
 * 1:27655 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Enchanim variant connection (malware-cnc.rules)
 * 1:27659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gapz variant connection (malware-cnc.rules)
 * 1:27660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reabfrus variant connection (malware-cnc.rules)
 * 1:27661 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reabfrus variant connection (malware-cnc.rules)
 * 1:27662 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Galfun variant outbound connection (malware-cnc.rules)
 * 1:27664 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules)
 * 1:27665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules)
 * 1:27670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.evf variant connection (malware-cnc.rules)
 * 1:27678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Goolelo variant connection (malware-cnc.rules)
 * 1:27679 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:27680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess variant outbound connection (malware-cnc.rules)
 * 1:27699 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tartober variant connection (malware-cnc.rules)
 * 1:27709 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string umbra (malware-cnc.rules)
 * 1:27710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string IExplore (malware-cnc.rules)
 * 1:27711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant outbound connection (malware-cnc.rules)
 * 1:27720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kolok variant connection (malware-cnc.rules)
 * 1:27726 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules)
 * 1:27727 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules)
 * 1:27728 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules)
 * 1:27737 <-> DISABLED <-> MALWARE-CNC DNS suspicious .c0m.li dns query (malware-cnc.rules)
 * 1:27746 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Hanthie variant outbound connection (malware-cnc.rules)
 * 1:27747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banechant outbound variant connection (malware-cnc.rules)
 * 1:27759 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Treizt variant connection (malware-cnc.rules)
 * 1:27774 <-> DISABLED <-> MALWARE-CNC RDN Banker Data Exfiltration (malware-cnc.rules)
 * 1:27775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:27802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PRISM variant outbound connection (malware-cnc.rules)
 * 1:27803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PRISM variant outbound connection (malware-cnc.rules)
 * 1:27805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bisonha variant outbound connection (malware-cnc.rules)
 * 1:27806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retruse variant connection (malware-cnc.rules)
 * 1:27811 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mindweq variant connection (malware-cnc.rules)
 * 1:27817 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenavt connection (malware-cnc.rules)
 * 1:27864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinowal variant connection (malware-cnc.rules)
 * 1:27867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper outbound connection (malware-cnc.rules)
 * 1:27868 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - dt12012 (malware-cnc.rules)
 * 1:27905 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helauto variant connection (malware-cnc.rules)
 * 1:27918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:27919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus encrypted POST Data exfiltration (malware-cnc.rules)
 * 1:27939 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Galock variant connection (malware-cnc.rules)
 * 1:27955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mevade variant outbound connection (malware-cnc.rules)
 * 1:27963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lolbot variant outbound connection (malware-cnc.rules)
 * 1:27964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules)
 * 1:27965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eupuds variant connection (malware-cnc.rules)
 * 1:27966 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:27968 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:27969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Updays variant connection (malware-cnc.rules)
 * 1:27970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus dropper variant connection (malware-cnc.rules)
 * 1:27980 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /botnet/adduser.php?uid= (malware-cnc.rules)
 * 1:27981 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /botnet/tasks.php?uid= (malware-cnc.rules)
 * 1:28005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz outbound command (malware-cnc.rules)
 * 1:28007 <-> DISABLED <-> MALWARE-CNC BLYPT installer startupkey outbound traffic (malware-cnc.rules)
 * 1:28008 <-> DISABLED <-> MALWARE-CNC BLYPT installer reuse outbound traffic (malware-cnc.rules)
 * 1:28009 <-> DISABLED <-> MALWARE-CNC BLYPT installer configkey outbound traffic (malware-cnc.rules)
 * 1:28010 <-> DISABLED <-> MALWARE-CNC BLYPT installer tserror outbound traffic (malware-cnc.rules)
 * 1:28011 <-> DISABLED <-> MALWARE-CNC BLYPT installer createproc outbound traffic (malware-cnc.rules)
 * 1:28012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:28033 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Urausy variant outbound connection (malware-cnc.rules)
 * 1:28040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules)
 * 1:28042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Caphaw variant outbound connection (malware-cnc.rules)
 * 1:28044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker variant connection (malware-cnc.rules)
 * 1:28045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBKrypt variant connection (malware-cnc.rules)
 * 1:28072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Omexo outbound connection (malware-cnc.rules)
 * 1:28073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32.Kimsuky variant file stealing (malware-cnc.rules)
 * 1:28074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ADKR connection (malware-cnc.rules)
 * 1:28075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.gzfw connection (malware-cnc.rules)
 * 1:28079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar variant outbound connection (malware-cnc.rules)
 * 1:28080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar data theft (malware-cnc.rules)
 * 1:28084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant connection (malware-cnc.rules)
 * 1:28094 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Liteol variant connection (malware-cnc.rules)
 * 1:28095 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Liteol variant connection (malware-cnc.rules)
 * 1:28105 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:28107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload download (malware-cnc.rules)
 * 1:28114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /default.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28115 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /file.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /home.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /install.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28118 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /login.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /search.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28120 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /start.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /welcome.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28122 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /index.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /setup.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28125 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant connection (malware-cnc.rules)
 * 1:28134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant connection (malware-cnc.rules)
 * 1:28141 <-> DISABLED <-> MALWARE-CNC Win.Trojan.banker outbound connection (malware-cnc.rules)
 * 1:28143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos outbound connection (malware-cnc.rules)
 * 1:28144 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32.Wpbrutebot variant connection (malware-cnc.rules)
 * 1:28146 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Salgorea variant connection (malware-cnc.rules)
 * 1:28147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules)
 * 1:28148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mevade variant outbound connection (malware-cnc.rules)
 * 1:28153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - /html2/ (malware-cnc.rules)
 * 1:28154 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - MSIE 7.1 (malware-cnc.rules)
 * 1:28155 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - MSIE 7.2 (malware-cnc.rules)
 * 1:28166 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bifrose variant connection (malware-cnc.rules)
 * 1:28192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz Potential Phishing URL (malware-cnc.rules)
 * 1:28541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess Download Headers (malware-cnc.rules)
 * 1:28542 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules)
 * 1:28543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules)
 * 1:28547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:28548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.chfx variant outbound connection (malware-cnc.rules)
 * 1:28551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NXI ftp username connection (malware-cnc.rules)
 * 1:28553 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /main.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28554 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /online.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28558 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string getURLdown (malware-cnc.rules)
 * 1:28559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules)
 * 1:28560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plugx FTP keepalive outbound connection (malware-cnc.rules)
 * 1:28561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plugx outbound connection (malware-cnc.rules)
 * 1:28562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sidopa variant outbound connection (malware-cnc.rules)
 * 1:28563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pkdesco variant outbound connection (malware-cnc.rules)
 * 1:28564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pkdesco variant outbound connection (malware-cnc.rules)
 * 1:28565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sluegot variant connection (malware-cnc.rules)
 * 1:28599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Lesirt variant outbound connection (malware-cnc.rules)
 * 1:28604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kasnam variant connection (malware-cnc.rules)
 * 1:28605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kasnam variant connection (malware-cnc.rules)
 * 1:28606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Surtr variant connection (malware-cnc.rules)
 * 1:28607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:28724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent outbound connection (malware-cnc.rules)
 * 1:28799 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mxtcycle variant outbound connection (malware-cnc.rules)
 * 1:28800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (malware-cnc.rules)
 * 1:28802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos outbound connection (malware-cnc.rules)
 * 1:28803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector inbound connection (malware-cnc.rules)
 * 1:28804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector outbound connection (malware-cnc.rules)
 * 1:28805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Palevo outbound connection (malware-cnc.rules)
 * 1:28807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules)
 * 1:28808 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Ptiger variant outbound connection (malware-cnc.rules)
 * 1:28809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil inbound connection (malware-cnc.rules)
 * 1:28810 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection - MSIE7 No Referer No Cookie (malware-cnc.rules)
 * 1:28813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ufraie variant outbound connection (malware-cnc.rules)
 * 1:28814 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi/Neverquest variant outbound connection (malware-cnc.rules)
 * 1:28815 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi/Neverquest variant outbound connection (malware-cnc.rules)
 * 1:28816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Siluhdur variant outbound connection (malware-cnc.rules)
 * 1:28820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:28852 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules)
 * 1:28853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dipverdle variant outbound connection (malware-cnc.rules)
 * 1:28856 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yowdab variant connection (malware-cnc.rules)
 * 1:28857 <-> DISABLED <-> MALWARE-CNC Adwind UNRECOM connnection back to cnc server (malware-cnc.rules)
 * 1:28858 <-> DISABLED <-> MALWARE-CNC Adwind UNRECOM connnection back to cnc server (malware-cnc.rules)
 * 1:28859 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent z00sAgent - Win.Trojan.Zbot (malware-cnc.rules)
 * 1:28860 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Nitedrem (malware-cnc.rules)
 * 1:28861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Roxfora variant outbound connection (malware-cnc.rules)
 * 1:28864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tofsee variant outbound connection (malware-cnc.rules)
 * 1:28886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules)
 * 1:28914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Anony variant connection (malware-cnc.rules)
 * 1:28918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant network connectivity check (malware-cnc.rules)
 * 1:28919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant network connectivity check (malware-cnc.rules)
 * 1:28930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeav variant outbound data connection (malware-cnc.rules)
 * 1:28940 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix malicious download (malware-cnc.rules)
 * 1:28947 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tapaoux variant connection (malware-cnc.rules)
 * 1:28948 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishlog variant outbound connection (malware-cnc.rules)
 * 1:28949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishlog variant outbound connection (malware-cnc.rules)
 * 1:28958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jussuc variant outbound connection (malware-cnc.rules)
 * 1:28960 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alurewo outbound connection (malware-cnc.rules)
 * 1:48157 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules)
 * 1:28096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spynet variant connection (malware-cnc.rules)

2020-10-08 13:28:31 UTC

Snort Subscriber Rules Update

Date: 2020-10-08

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:55929 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9774504-0 download attempt (malware-other.rules)
 * 1:55933 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic malicious RemoteConstructor deserialization attempt (server-other.rules)
 * 1:55931 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant outbound connection attempt (malware-cnc.rules)
 * 1:55930 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9774504-0 download attempt (malware-other.rules)
 * 1:55932 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic malicious RemoteConstructor deserialization attempt (server-other.rules)

Modified Rules:


 * 1:28097 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ohlat variant connection (malware-cnc.rules)
 * 1:28154 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - MSIE 7.1 (malware-cnc.rules)
 * 1:28155 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - MSIE 7.2 (malware-cnc.rules)
 * 1:28166 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bifrose variant connection (malware-cnc.rules)
 * 1:28192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz Potential Phishing URL (malware-cnc.rules)
 * 1:28209 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules)
 * 1:28210 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules)
 * 1:28211 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules)
 * 1:28212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bitsto variant connection (malware-cnc.rules)
 * 1:28216 <-> DISABLED <-> MALWARE-CNC known malware FTP login (malware-cnc.rules)
 * 1:28230 <-> DISABLED <-> MALWARE-CNC Boot.Bootroot Variant data upload (malware-cnc.rules)
 * 1:28234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hdslogger outbound connection (malware-cnc.rules)
 * 1:28239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tuxido outbound connection (malware-cnc.rules)
 * 1:28242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KanKan variant connection (malware-cnc.rules)
 * 1:28244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phrovon outbound connection (malware-cnc.rules)
 * 1:28247 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules)
 * 1:28250 <-> DISABLED <-> MALWARE-CNC Security Cleaner Pro Install Confirmation (malware-cnc.rules)
 * 1:28254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perl.Shellbot variant outbound connection (malware-cnc.rules)
 * 1:28255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz Potential phishing URL (malware-cnc.rules)
 * 1:28285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.hdog connectivity check-in version 2 (malware-cnc.rules)
 * 1:28300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant connection (malware-cnc.rules)
 * 1:28323 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:28325 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zuza variant outbound connection (malware-cnc.rules)
 * 1:28326 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zuza variant outbound connection (malware-cnc.rules)
 * 1:28328 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Hupigon variant outbound connection (malware-cnc.rules)
 * 1:28362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string SUiCiDE/1.5 (malware-cnc.rules)
 * 1:28366 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Venik variant outbound connection (malware-cnc.rules)
 * 1:28373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mutopy variant outbound connection (malware-cnc.rules)
 * 1:28399 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Tsunami outbound connection (malware-cnc.rules)
 * 1:28405 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:28406 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:28410 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner variant outbound connection (malware-cnc.rules)
 * 1:28411 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner variant outbound connection (malware-cnc.rules)
 * 1:28415 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:28416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker outbound connection (malware-cnc.rules)
 * 1:28417 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Molgomsg variant outbound connection (malware-cnc.rules)
 * 1:28418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Dtcontx outbound connection (malware-cnc.rules)
 * 1:28419 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tesch variant outbound connection (malware-cnc.rules)
 * 1:28444 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CBgate variant outbound connection (malware-cnc.rules)
 * 1:28446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant SQL check-in (malware-cnc.rules)
 * 1:28463 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AllAple Variant ICMP flood (malware-cnc.rules)
 * 1:28484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delpbank variant outbound connection (malware-cnc.rules)
 * 1:28485 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Khalog variant outbound connection (malware-cnc.rules)
 * 1:28486 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Codiltak variant outbound connection (malware-cnc.rules)
 * 1:28528 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (malware-cnc.rules)
 * 1:28529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (malware-cnc.rules)
 * 1:28538 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox/Kuluoz variant connection (malware-cnc.rules)
 * 1:28541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess Download Headers (malware-cnc.rules)
 * 1:28542 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules)
 * 1:28543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules)
 * 1:28547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:28548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.chfx variant outbound connection (malware-cnc.rules)
 * 1:28551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NXI ftp username connection (malware-cnc.rules)
 * 1:28553 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /main.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28554 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /online.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28558 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string getURLdown (malware-cnc.rules)
 * 1:28559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules)
 * 1:28560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plugx FTP keepalive outbound connection (malware-cnc.rules)
 * 1:28561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plugx outbound connection (malware-cnc.rules)
 * 1:28562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sidopa variant outbound connection (malware-cnc.rules)
 * 1:28563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pkdesco variant outbound connection (malware-cnc.rules)
 * 1:28564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pkdesco variant outbound connection (malware-cnc.rules)
 * 1:28565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sluegot variant connection (malware-cnc.rules)
 * 1:28599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Lesirt variant outbound connection (malware-cnc.rules)
 * 1:28604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kasnam variant connection (malware-cnc.rules)
 * 1:28605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kasnam variant connection (malware-cnc.rules)
 * 1:28606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Surtr variant connection (malware-cnc.rules)
 * 1:28607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:28724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent outbound connection (malware-cnc.rules)
 * 1:28799 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mxtcycle variant outbound connection (malware-cnc.rules)
 * 1:28800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (malware-cnc.rules)
 * 1:28802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos outbound connection (malware-cnc.rules)
 * 1:28803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector inbound connection (malware-cnc.rules)
 * 1:28804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector outbound connection (malware-cnc.rules)
 * 1:28805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Palevo outbound connection (malware-cnc.rules)
 * 1:28807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules)
 * 1:28808 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Ptiger variant outbound connection (malware-cnc.rules)
 * 1:28809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil inbound connection (malware-cnc.rules)
 * 1:28810 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection - MSIE7 No Referer No Cookie (malware-cnc.rules)
 * 1:28813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ufraie variant outbound connection (malware-cnc.rules)
 * 1:28814 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi/Neverquest variant outbound connection (malware-cnc.rules)
 * 1:28815 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi/Neverquest variant outbound connection (malware-cnc.rules)
 * 1:28816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Siluhdur variant outbound connection (malware-cnc.rules)
 * 1:25547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules)
 * 1:28116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /home.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28118 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /login.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /default.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload download (malware-cnc.rules)
 * 1:28119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /search.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:27636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Likseput variant connection (malware-cnc.rules)
 * 1:28117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /install.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /welcome.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:27639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epipenwa variant connection (malware-cnc.rules)
 * 1:27637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syhcmd variant connection (malware-cnc.rules)
 * 1:28120 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /start.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28125 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant connection (malware-cnc.rules)
 * 1:28122 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /index.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /setup.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload information upload (malware-cnc.rules)
 * 1:28134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant connection (malware-cnc.rules)
 * 1:28141 <-> DISABLED <-> MALWARE-CNC Win.Trojan.banker outbound connection (malware-cnc.rules)
 * 1:28143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos outbound connection (malware-cnc.rules)
 * 1:28144 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32.Wpbrutebot variant connection (malware-cnc.rules)
 * 1:28146 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Salgorea variant connection (malware-cnc.rules)
 * 1:28147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules)
 * 1:28148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mevade variant outbound connection (malware-cnc.rules)
 * 1:28153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - /html2/ (malware-cnc.rules)
 * 1:28105 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:28115 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /file.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:26775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker variant outbound connection HTTP Header Structure (malware-cnc.rules)
 * 1:25570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medialabs variant outbound connection (malware-cnc.rules)
 * 1:25571 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medialabs variant outbound connection (malware-cnc.rules)
 * 1:25572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut variant outbound connection (malware-cnc.rules)
 * 1:25577 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Necurs possible URI with encrypted POST (malware-cnc.rules)
 * 1:25599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gupboot variant outbound connection (malware-cnc.rules)
 * 1:25600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dilavtor variant outbound connection (malware-cnc.rules)
 * 1:25609 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:25610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mofsmall variant outbound connection (malware-cnc.rules)
 * 1:25623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jimpime variant outbound connection (malware-cnc.rules)
 * 1:25625 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Daws variant outbound connection (malware-cnc.rules)
 * 1:25626 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:25628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant connect to cnc-server (malware-cnc.rules)
 * 1:25632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Golisy variant outbound connection (malware-cnc.rules)
 * 1:25652 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptic variant outbound connection (malware-cnc.rules)
 * 1:25660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules)
 * 1:25661 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules)
 * 1:25662 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chowspy variant outbound connection (malware-cnc.rules)
 * 1:25663 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rimod variant outbound connection (malware-cnc.rules)
 * 1:25665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sycomder variant outbound connection (malware-cnc.rules)
 * 1:25666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25667 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nflog variant outbound connection (malware-cnc.rules)
 * 1:25668 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nflog variant outbound connection (malware-cnc.rules)
 * 1:25669 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Selasloot variant outbound connection (malware-cnc.rules)
 * 1:25671 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25672 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound connection (malware-cnc.rules)
 * 1:25673 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.QQDragon variant outbound connection (malware-cnc.rules)
 * 1:25674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shimwoc variant outbound connection (malware-cnc.rules)
 * 1:25675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeavlock variant outbound connection (malware-cnc.rules)
 * 1:25765 <-> DISABLED <-> MALWARE-CNC Trojan Agent YEH variant outbound connection (malware-cnc.rules)
 * 1:25766 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:25807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Urausy Botnet variant outbound connection (malware-cnc.rules)
 * 1:25829 <-> DISABLED <-> MALWARE-CNC Trojan Banker FTC variant outbound connection (malware-cnc.rules)
 * 1:25854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection - MSIE7 No Referer No Cookie (malware-cnc.rules)
 * 1:25863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.QBundle variant outbound connection (malware-cnc.rules)
 * 1:25865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boolflot variant outbound connection (malware-cnc.rules)
 * 1:25974 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lukprofin variant outbound connection (malware-cnc.rules)
 * 1:25979 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lukprofin variant outbound connection (malware-cnc.rules)
 * 1:25987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upof variant outbound connection (malware-cnc.rules)
 * 1:25990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (malware-cnc.rules)
 * 1:25991 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (malware-cnc.rules)
 * 1:25992 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules)
 * 1:25993 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules)
 * 1:25994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reswor variant outbound connection (malware-cnc.rules)
 * 1:26010 <-> DISABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules)
 * 1:26011 <-> DISABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules)
 * 1:26019 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bredo variant outbound connection (malware-cnc.rules)
 * 1:26023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant in.php outbound connection (malware-cnc.rules)
 * 1:26024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wecod variant outbound connection (malware-cnc.rules)
 * 1:26072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locati variant outbound connection (malware-cnc.rules)
 * 1:26075 <-> DISABLED <-> MALWARE-CNC Bancos variant outbound connection SQL query POST data (malware-cnc.rules)
 * 1:26086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Exicon variant outbound connection (malware-cnc.rules)
 * 1:26088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Encriyoko variant outbound connection (malware-cnc.rules)
 * 1:26106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:26115 <-> DISABLED <-> MALWARE-CNC NSIS.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26116 <-> DISABLED <-> MALWARE-CNC NSIS.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarctox variant outbound connection (malware-cnc.rules)
 * 1:26118 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26201 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lobparck variant outbound connection (malware-cnc.rules)
 * 1:26202 <-> DISABLED <-> MALWARE-CNC VBS.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gupd variant outbound connection (malware-cnc.rules)
 * 1:26204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malex variant outbound connection (malware-cnc.rules)
 * 1:26211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eldorado variant outbound connection (malware-cnc.rules)
 * 1:26238 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Snopexy variant outbound connection (malware-cnc.rules)
 * 1:26239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stehlox variant outbound connection (malware-cnc.rules)
 * 1:26240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vkeikooc variant outbound connection (malware-cnc.rules)
 * 1:26244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Troll variant outbound connection (malware-cnc.rules)
 * 1:26245 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:26248 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent cibabam (malware-cnc.rules)
 * 1:26249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Sonide variant outbound connection (malware-cnc.rules)
 * 1:26260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Vectmp variant outbound connection (malware-cnc.rules)
 * 1:26266 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26267 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Surok variant outbound connection (malware-cnc.rules)
 * 1:28820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:28852 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules)
 * 1:28853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dipverdle variant outbound connection (malware-cnc.rules)
 * 1:28856 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yowdab variant connection (malware-cnc.rules)
 * 1:28857 <-> DISABLED <-> MALWARE-CNC Adwind UNRECOM connnection back to cnc server (malware-cnc.rules)
 * 1:28858 <-> DISABLED <-> MALWARE-CNC Adwind UNRECOM connnection back to cnc server (malware-cnc.rules)
 * 1:28859 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent z00sAgent - Win.Trojan.Zbot (malware-cnc.rules)
 * 1:28860 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Nitedrem (malware-cnc.rules)
 * 1:28861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Roxfora variant outbound connection (malware-cnc.rules)
 * 1:28864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tofsee variant outbound connection (malware-cnc.rules)
 * 1:28886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules)
 * 1:28914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Anony variant connection (malware-cnc.rules)
 * 1:28918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant network connectivity check (malware-cnc.rules)
 * 1:28919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant network connectivity check (malware-cnc.rules)
 * 1:28930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeav variant outbound data connection (malware-cnc.rules)
 * 1:28940 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix malicious download (malware-cnc.rules)
 * 1:28947 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tapaoux variant connection (malware-cnc.rules)
 * 1:28948 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishlog variant outbound connection (malware-cnc.rules)
 * 1:28949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishlog variant outbound connection (malware-cnc.rules)
 * 1:28958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jussuc variant outbound connection (malware-cnc.rules)
 * 1:28960 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alurewo outbound connection (malware-cnc.rules)
 * 1:48157 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules)
 * 1:25980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pass (malware-cnc.rules)
 * 1:26285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Garveep variant outbound connection (malware-cnc.rules)
 * 1:26288 <-> DISABLED <-> MALWARE-CNC Brontok Worm variant outbound connection (malware-cnc.rules)
 * 1:26289 <-> DISABLED <-> MALWARE-CNC Daws Trojan Outbound Plaintext over SSL Port (malware-cnc.rules)
 * 1:26319 <-> DISABLED <-> MALWARE-CNC file path used as User-Agent - potential Trojan (malware-cnc.rules)
 * 1:26325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules)
 * 1:26327 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Flashfake variant outbound connection (malware-cnc.rules)
 * 1:26331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qhost variant outbound connection (malware-cnc.rules)
 * 1:26335 <-> DISABLED <-> MALWARE-CNC FBI Ransom Trojan variant outbound connection (malware-cnc.rules)
 * 1:26370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - ksa.txt (malware-cnc.rules)
 * 1:26371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - op POST (malware-cnc.rules)
 * 1:26398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue variant outbound connection (malware-cnc.rules)
 * 1:26428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:26444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26445 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler variant outbound connection (malware-cnc.rules)
 * 1:26448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakesig variant outbound connection (malware-cnc.rules)
 * 1:26449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules)
 * 1:26463 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linog.A variant outbound connection (malware-cnc.rules)
 * 1:26464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linog.A variant outbound connection (malware-cnc.rules)
 * 1:26467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Magic variant inbound connection (malware-cnc.rules)
 * 1:26480 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot fake PNG config file download without User-Agent (malware-cnc.rules)
 * 1:26482 <-> DISABLED <-> MALWARE-CNC Unknown Thinner Encrypted POST botnet C&C (malware-cnc.rules)
 * 1:26522 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent NOKIAN95/WEB (malware-cnc.rules)
 * 1:26533 <-> DISABLED <-> MALWARE-CNC Unknown malware - Incorrect headers - Referer HTTP/1.0 (malware-cnc.rules)
 * 1:26558 <-> DISABLED <-> MALWARE-CNC User-Agent known Malicious user agent Brutus AET (malware-cnc.rules)
 * 1:26560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - getcomando POST data (malware-cnc.rules)
 * 1:26561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:26563 <-> DISABLED <-> MALWARE-CNC Harakit botnet traffic (malware-cnc.rules)
 * 1:26576 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules)
 * 1:26577 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent Opera 10 (malware-cnc.rules)
 * 1:26578 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy/FakeAV Checkin with IE6 User-Agent (malware-cnc.rules)
 * 1:26579 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy/FakeAV Checkin with IE6 User-Agent (malware-cnc.rules)
 * 1:26604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bydra variant outbound connection (malware-cnc.rules)
 * 1:26605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bydra variant outbound connection (malware-cnc.rules)
 * 1:26606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sosork variant outbound connection (malware-cnc.rules)
 * 1:26607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korlia variant outbound connection (malware-cnc.rules)
 * 1:26608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rocra variant outbound connection (malware-cnc.rules)
 * 1:26609 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Dockster variant outbound connection (malware-cnc.rules)
 * 1:26613 <-> DISABLED <-> MALWARE-CNC Medfos Trojan variant outbound connection (malware-cnc.rules)
 * 1:26656 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Travnet Botnet data upload (malware-cnc.rules)
 * 1:26657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz variant outbound connection (malware-cnc.rules)
 * 1:26677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules)
 * 1:26678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules)
 * 1:26679 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules)
 * 1:26680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules)
 * 1:26681 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules)
 * 1:26683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shyape variant outbound connection (malware-cnc.rules)
 * 1:26684 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neshax variant outbound connection (malware-cnc.rules)
 * 1:26685 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string J13A (malware-cnc.rules)
 * 1:26686 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alina (malware-cnc.rules)
 * 1:26690 <-> DISABLED <-> MALWARE-CNC Miniduke server contact (malware-cnc.rules)
 * 1:26691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UFRStealer variant outbound connection (malware-cnc.rules)
 * 1:26692 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyremoav variant outbound connection (malware-cnc.rules)
 * 1:26695 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Namihno variant outbound request (malware-cnc.rules)
 * 1:26696 <-> DISABLED <-> MALWARE-CNC Cbeplay Ransomware variant outbound connection - Abnormal HTTP Headers (malware-cnc.rules)
 * 1:26697 <-> DISABLED <-> MALWARE-CNC Cbeplay Ransomware variant outbound connection - POST Body (malware-cnc.rules)
 * 1:26702 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win (malware-cnc.rules)
 * 1:26703 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upero variant outbound connection (malware-cnc.rules)
 * 1:26712 <-> DISABLED <-> MALWARE-CNC Kazy Trojan check-in (malware-cnc.rules)
 * 1:26713 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 1 outbound traffic (malware-cnc.rules)
 * 1:26714 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 2 outbound traffic (malware-cnc.rules)
 * 1:26715 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 3 outbound traffic (malware-cnc.rules)
 * 1:26719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules)
 * 1:26720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules)
 * 1:26721 <-> DISABLED <-> MALWARE-CNC Pushdo Spiral Traffic (malware-cnc.rules)
 * 1:26722 <-> DISABLED <-> MALWARE-CNC Bancos fake JPG encrypted config file download (malware-cnc.rules)
 * 1:26723 <-> DISABLED <-> MALWARE-CNC Trojan Downloader7 (malware-cnc.rules)
 * 1:26725 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc http command (malware-cnc.rules)
 * 1:26726 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc stop command (malware-cnc.rules)
 * 1:26727 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc die command (malware-cnc.rules)
 * 1:26728 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc sleep command (malware-cnc.rules)
 * 1:26729 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc simple command (malware-cnc.rules)
 * 1:26730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc loginpost command (malware-cnc.rules)
 * 1:26731 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc datapost command (malware-cnc.rules)
 * 1:26732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc syn command (malware-cnc.rules)
 * 1:26733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udp command (malware-cnc.rules)
 * 1:26734 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udpdata command (malware-cnc.rules)
 * 1:26735 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc data command (malware-cnc.rules)
 * 1:26736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc icmp command (malware-cnc.rules)
 * 1:26737 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc tcpdata command (malware-cnc.rules)
 * 1:26738 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dataget command (malware-cnc.rules)
 * 1:26739 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc connect command (malware-cnc.rules)
 * 1:26740 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dns command (malware-cnc.rules)
 * 1:26741 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc exec command (malware-cnc.rules)
 * 1:26742 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc resolve command (malware-cnc.rules)
 * 1:26743 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc antiddos command (malware-cnc.rules)
 * 1:26744 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc range command (malware-cnc.rules)
 * 1:26745 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc ftp command (malware-cnc.rules)
 * 1:26746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc download command (malware-cnc.rules)
 * 1:26747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc fastddos command (malware-cnc.rules)
 * 1:26748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc slowhttp command (malware-cnc.rules)
 * 1:26749 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc allhttp command (malware-cnc.rules)
 * 1:26750 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc full command (malware-cnc.rules)
 * 1:26751 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - msctls_progress32 (malware-cnc.rules)
 * 1:26756 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Datcaen variant outbound connection (malware-cnc.rules)
 * 1:26757 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Datcaen variant outbound connection (malware-cnc.rules)
 * 1:26758 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elefin variant outbound connection (malware-cnc.rules)
 * 1:26763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:26770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:26774 <-> DISABLED <-> MALWARE-CNC Win.Worm.Luder variant outbound connection (malware-cnc.rules)
 * 1:26771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:26776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker variant outbound connection POST (malware-cnc.rules)
 * 1:26777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:26779 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex encrypted POST check-in (malware-cnc.rules)
 * 1:26780 <-> DISABLED <-> MALWARE-CNC cridex HTTP Response - default0.js (malware-cnc.rules)
 * 1:26785 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qrmon variant outbound connection (malware-cnc.rules)
 * 1:26792 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbula variant outbound connection (malware-cnc.rules)
 * 1:26793 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbula variant initial CNC contact (malware-cnc.rules)
 * 1:26809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor.Tomvode variant outbound connection (malware-cnc.rules)
 * 1:26811 <-> DISABLED <-> MALWARE-CNC XP Fake Antivirus Payment Page Request (malware-cnc.rules)
 * 1:26812 <-> DISABLED <-> MALWARE-CNC XP Fake Antivirus Check-in (malware-cnc.rules)
 * 1:26813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato CMS spambot check-in (malware-cnc.rules)
 * 1:26815 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.KitM variant outbound connection user-agent (malware-cnc.rules)
 * 1:26816 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.KitM variant outbound connection (malware-cnc.rules)
 * 1:26818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Zawat variant outbound connection (malware-cnc.rules)
 * 1:26819 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Datash variant outbound connection (malware-cnc.rules)
 * 1:26820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Datash variant outbound connection (malware-cnc.rules)
 * 1:26822 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules)
 * 1:26828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uperti variant outbound connection (malware-cnc.rules)
 * 1:26835 <-> DISABLED <-> MALWARE-CNC RDN Banker POST variant outbound connection (malware-cnc.rules)
 * 1:26836 <-> DISABLED <-> MALWARE-CNC RDN Banker Strange Google Traffic (malware-cnc.rules)
 * 1:26837 <-> DISABLED <-> MALWARE-CNC BitBot Idle C2 response (malware-cnc.rules)
 * 1:26840 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (malware-cnc.rules)
 * 1:26841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (malware-cnc.rules)
 * 1:26880 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zotob.E gc.exe download (malware-cnc.rules)
 * 1:26911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules)
 * 1:26912 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules)
 * 1:26923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:26924 <-> DISABLED <-> MALWARE-CNC Potential Gozi Trojan HTTP Header Structure (malware-cnc.rules)
 * 1:26930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules)
 * 1:26931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules)
 * 1:26932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules)
 * 1:26940 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TripleNine RAT beacon (malware-cnc.rules)
 * 1:26941 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PipCreat RAT dropper download (malware-cnc.rules)
 * 1:26942 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PipCreat RAT beacon (malware-cnc.rules)
 * 1:26943 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Post_Show RAT beacon (malware-cnc.rules)
 * 1:26944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Post_Show RAT beacon (malware-cnc.rules)
 * 1:26945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bisonal RAT beacon (malware-cnc.rules)
 * 1:26946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uptime RAT beacon (malware-cnc.rules)
 * 1:26952 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcim variant outbound connection (malware-cnc.rules)
 * 1:26954 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Talsab variant outbound connection (malware-cnc.rules)
 * 1:26955 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Talsab variant outbound connection (malware-cnc.rules)
 * 1:26965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Facebook Secure Cryptor C2 (malware-cnc.rules)
 * 1:26966 <-> DISABLED <-> MALWARE-CNC Win32/Autorun.JN variant outbound connection (malware-cnc.rules)
 * 1:26967 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:26968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi Data Theft POST Data (malware-cnc.rules)
 * 1:26969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi Trojan Data Theft POST URL (malware-cnc.rules)
 * 1:26970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pirminay variant outbound connection (malware-cnc.rules)
 * 1:26984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector Info Stealer Trojan variant outbound connection (malware-cnc.rules)
 * 1:26986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xenil variant outbound connection (malware-cnc.rules)
 * 1:26987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyvadextr variant outbound connection (malware-cnc.rules)
 * 1:26995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26997 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Morcut variant outbound connection (malware-cnc.rules)
 * 1:26998 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Morcut file download (malware-cnc.rules)
 * 1:26999 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chinoxy variant outbound connection (malware-cnc.rules)
 * 1:27000 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chinoxy variant outbound connection (malware-cnc.rules)
 * 1:27002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:27003 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:27007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:27008 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:27010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot payment .scr download (malware-cnc.rules)
 * 1:27012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant outbound connection (malware-cnc.rules)
 * 1:27013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant inbound connection (malware-cnc.rules)
 * 1:27014 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epipenwa variant outbound connection (malware-cnc.rules)
 * 1:27017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato variant inbound response connection (malware-cnc.rules)
 * 1:27021 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Layvam variant outbound connection (malware-cnc.rules)
 * 1:27022 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules)
 * 1:27023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules)
 * 1:27033 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Transhell variant outbound connection user-agent (malware-cnc.rules)
 * 1:27039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.OnlineGameHack variant outbound connection (malware-cnc.rules)
 * 1:27044 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string pb - Htbot (malware-cnc.rules)
 * 1:27045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker Download (malware-cnc.rules)
 * 1:27049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dokstormac variant outbound connection (malware-cnc.rules)
 * 1:27054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant outbound connection (malware-cnc.rules)
 * 1:27058 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.HackBack variant outbound connection (malware-cnc.rules)
 * 1:27093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules)
 * 1:27120 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:27169 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atezag variant outbound connection (malware-cnc.rules)
 * 1:27199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meredrop variant outbound connection GET Request (malware-cnc.rules)
 * 1:27200 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meredrop variant outbound connection POST Request (malware-cnc.rules)
 * 1:27201 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neurevt variant outbound connection (malware-cnc.rules)
 * 1:27248 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue - Mozi1la User-Agent (malware-cnc.rules)
 * 1:27252 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess 111-byte URL variant outbound connection (malware-cnc.rules)
 * 1:27256 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik Drive-by Download Malware (malware-cnc.rules)
 * 1:27257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptic 7-byte URI Invalid Firefox Headers - no Accept-Language (malware-cnc.rules)
 * 1:27260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Java.Agent.NFK variant connection (malware-cnc.rules)
 * 1:27263 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - yahoonews (malware-cnc.rules)
 * 1:27533 <-> DISABLED <-> MALWARE-CNC Potential Win.Trojan.Kraziomel Download - 000.jpg (malware-cnc.rules)
 * 1:27551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorapu variant outbound connection (malware-cnc.rules)
 * 1:27558 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bezigate variant outbound connection (malware-cnc.rules)
 * 1:27567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix malicious download request (malware-cnc.rules)
 * 1:27577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:27596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redyms variant outbound connection (malware-cnc.rules)
 * 1:27599 <-> DISABLED <-> MALWARE-CNC Fort Disco Registration variant outbound connection (malware-cnc.rules)
 * 1:27600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nawpers variant connection (malware-cnc.rules)
 * 1:27629 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules)
 * 1:27630 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules)
 * 1:27631 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules)
 * 1:25553 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (malware-cnc.rules)
 * 1:25551 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dipasik variant outbound connection (malware-cnc.rules)
 * 1:27640 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chekafe variant connection (malware-cnc.rules)
 * 1:27641 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meilat variant connection (malware-cnc.rules)
 * 1:27642 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downbot variant connection (malware-cnc.rules)
 * 1:27643 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Betabot variant connection (malware-cnc.rules)
 * 1:27644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Merong variant connection (malware-cnc.rules)
 * 1:27645 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Binjo variant outbound connection (malware-cnc.rules)
 * 1:27647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nelaja variant outbound connection (malware-cnc.rules)
 * 1:27648 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker.ZSL variant outbound connection (malware-cnc.rules)
 * 1:27649 <-> DISABLED <-> MALWARE-CNC Brazilian Banking Trojan data theft (malware-cnc.rules)
 * 1:27655 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Enchanim variant connection (malware-cnc.rules)
 * 1:27659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gapz variant connection (malware-cnc.rules)
 * 1:27660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reabfrus variant connection (malware-cnc.rules)
 * 1:27661 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reabfrus variant connection (malware-cnc.rules)
 * 1:27662 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Galfun variant outbound connection (malware-cnc.rules)
 * 1:27664 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules)
 * 1:27665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules)
 * 1:27670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.evf variant connection (malware-cnc.rules)
 * 1:27678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Goolelo variant connection (malware-cnc.rules)
 * 1:27679 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:27680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess variant outbound connection (malware-cnc.rules)
 * 1:27699 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tartober variant connection (malware-cnc.rules)
 * 1:27709 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string umbra (malware-cnc.rules)
 * 1:27710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string IExplore (malware-cnc.rules)
 * 1:27711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant outbound connection (malware-cnc.rules)
 * 1:27720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kolok variant connection (malware-cnc.rules)
 * 1:27726 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules)
 * 1:27727 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules)
 * 1:27728 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules)
 * 1:27737 <-> DISABLED <-> MALWARE-CNC DNS suspicious .c0m.li dns query (malware-cnc.rules)
 * 1:27746 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Hanthie variant outbound connection (malware-cnc.rules)
 * 1:27747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banechant outbound variant connection (malware-cnc.rules)
 * 1:27759 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Treizt variant connection (malware-cnc.rules)
 * 1:27774 <-> DISABLED <-> MALWARE-CNC RDN Banker Data Exfiltration (malware-cnc.rules)
 * 1:27775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:27802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PRISM variant outbound connection (malware-cnc.rules)
 * 1:27803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PRISM variant outbound connection (malware-cnc.rules)
 * 1:27805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bisonha variant outbound connection (malware-cnc.rules)
 * 1:27806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retruse variant connection (malware-cnc.rules)
 * 1:27811 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mindweq variant connection (malware-cnc.rules)
 * 1:27817 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenavt connection (malware-cnc.rules)
 * 1:27864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinowal variant connection (malware-cnc.rules)
 * 1:27867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper outbound connection (malware-cnc.rules)
 * 1:27868 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - dt12012 (malware-cnc.rules)
 * 1:27905 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helauto variant connection (malware-cnc.rules)
 * 1:27918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:27919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus encrypted POST Data exfiltration (malware-cnc.rules)
 * 1:27939 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Galock variant connection (malware-cnc.rules)
 * 1:27955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mevade variant outbound connection (malware-cnc.rules)
 * 1:27963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lolbot variant outbound connection (malware-cnc.rules)
 * 1:27964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules)
 * 1:27965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eupuds variant connection (malware-cnc.rules)
 * 1:27966 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:27968 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:27969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Updays variant connection (malware-cnc.rules)
 * 1:27970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus dropper variant connection (malware-cnc.rules)
 * 1:27980 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /botnet/adduser.php?uid= (malware-cnc.rules)
 * 1:27981 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /botnet/tasks.php?uid= (malware-cnc.rules)
 * 1:28005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz outbound command (malware-cnc.rules)
 * 1:28007 <-> DISABLED <-> MALWARE-CNC BLYPT installer startupkey outbound traffic (malware-cnc.rules)
 * 1:28008 <-> DISABLED <-> MALWARE-CNC BLYPT installer reuse outbound traffic (malware-cnc.rules)
 * 1:28009 <-> DISABLED <-> MALWARE-CNC BLYPT installer configkey outbound traffic (malware-cnc.rules)
 * 1:28010 <-> DISABLED <-> MALWARE-CNC BLYPT installer tserror outbound traffic (malware-cnc.rules)
 * 1:28011 <-> DISABLED <-> MALWARE-CNC BLYPT installer createproc outbound traffic (malware-cnc.rules)
 * 1:28012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:28033 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Urausy variant outbound connection (malware-cnc.rules)
 * 1:28040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules)
 * 1:28042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Caphaw variant outbound connection (malware-cnc.rules)
 * 1:28044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker variant connection (malware-cnc.rules)
 * 1:28045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBKrypt variant connection (malware-cnc.rules)
 * 1:28072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Omexo outbound connection (malware-cnc.rules)
 * 1:28073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32.Kimsuky variant file stealing (malware-cnc.rules)
 * 1:28074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ADKR connection (malware-cnc.rules)
 * 1:28075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.gzfw connection (malware-cnc.rules)
 * 1:28079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar variant outbound connection (malware-cnc.rules)
 * 1:28080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar data theft (malware-cnc.rules)
 * 1:28084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant connection (malware-cnc.rules)
 * 1:28094 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Liteol variant connection (malware-cnc.rules)
 * 1:28095 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Liteol variant connection (malware-cnc.rules)
 * 1:28096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spynet variant connection (malware-cnc.rules)
 * 1:27633 <-> DISABLED <-> MALWARE-CNC Worm.Silly variant outbound connection (malware-cnc.rules)

2020-10-08 13:28:31 UTC

Snort Subscriber Rules Update

Date: 2020-10-08

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:55931 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant outbound connection attempt (malware-cnc.rules)
 * 1:55929 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9774504-0 download attempt (malware-other.rules)
 * 1:55930 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9774504-0 download attempt (malware-other.rules)
 * 1:55932 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic malicious RemoteConstructor deserialization attempt (server-other.rules)
 * 1:55933 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic malicious RemoteConstructor deserialization attempt (server-other.rules)

Modified Rules:


 * 1:28859 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent z00sAgent - Win.Trojan.Zbot (malware-cnc.rules)
 * 1:28860 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Nitedrem (malware-cnc.rules)
 * 1:28861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Roxfora variant outbound connection (malware-cnc.rules)
 * 1:28864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tofsee variant outbound connection (malware-cnc.rules)
 * 1:28886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules)
 * 1:28914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Anony variant connection (malware-cnc.rules)
 * 1:28918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant network connectivity check (malware-cnc.rules)
 * 1:28919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant network connectivity check (malware-cnc.rules)
 * 1:28930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeav variant outbound data connection (malware-cnc.rules)
 * 1:28940 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix malicious download (malware-cnc.rules)
 * 1:28947 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tapaoux variant connection (malware-cnc.rules)
 * 1:28948 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishlog variant outbound connection (malware-cnc.rules)
 * 1:28949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishlog variant outbound connection (malware-cnc.rules)
 * 1:28958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jussuc variant outbound connection (malware-cnc.rules)
 * 1:28960 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alurewo outbound connection (malware-cnc.rules)
 * 1:48157 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules)
 * 1:28561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plugx outbound connection (malware-cnc.rules)
 * 1:28558 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string getURLdown (malware-cnc.rules)
 * 1:28107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload download (malware-cnc.rules)
 * 1:28285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.hdog connectivity check-in version 2 (malware-cnc.rules)
 * 1:28599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Lesirt variant outbound connection (malware-cnc.rules)
 * 1:28418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Dtcontx outbound connection (malware-cnc.rules)
 * 1:28543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules)
 * 1:28209 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules)
 * 1:28444 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CBgate variant outbound connection (malware-cnc.rules)
 * 1:28122 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /index.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Surtr variant connection (malware-cnc.rules)
 * 1:28560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plugx FTP keepalive outbound connection (malware-cnc.rules)
 * 1:28803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector inbound connection (malware-cnc.rules)
 * 1:28553 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /main.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28141 <-> DISABLED <-> MALWARE-CNC Win.Trojan.banker outbound connection (malware-cnc.rules)
 * 1:28234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hdslogger outbound connection (malware-cnc.rules)
 * 1:28538 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox/Kuluoz variant connection (malware-cnc.rules)
 * 1:28244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phrovon outbound connection (malware-cnc.rules)
 * 1:28604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kasnam variant connection (malware-cnc.rules)
 * 1:28411 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner variant outbound connection (malware-cnc.rules)
 * 1:28562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sidopa variant outbound connection (malware-cnc.rules)
 * 1:28155 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - MSIE 7.2 (malware-cnc.rules)
 * 1:28484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delpbank variant outbound connection (malware-cnc.rules)
 * 1:28802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos outbound connection (malware-cnc.rules)
 * 1:28808 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Ptiger variant outbound connection (malware-cnc.rules)
 * 1:28724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent outbound connection (malware-cnc.rules)
 * 1:28143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos outbound connection (malware-cnc.rules)
 * 1:28804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector outbound connection (malware-cnc.rules)
 * 1:28114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /default.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28366 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Venik variant outbound connection (malware-cnc.rules)
 * 1:28807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules)
 * 1:28116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /home.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28326 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zuza variant outbound connection (malware-cnc.rules)
 * 1:28485 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Khalog variant outbound connection (malware-cnc.rules)
 * 1:28809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil inbound connection (malware-cnc.rules)
 * 1:28805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Palevo outbound connection (malware-cnc.rules)
 * 1:28541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess Download Headers (malware-cnc.rules)
 * 1:28144 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32.Wpbrutebot variant connection (malware-cnc.rules)
 * 1:28147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules)
 * 1:28551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NXI ftp username connection (malware-cnc.rules)
 * 1:28120 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /start.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28463 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AllAple Variant ICMP flood (malware-cnc.rules)
 * 1:28362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string SUiCiDE/1.5 (malware-cnc.rules)
 * 1:28419 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tesch variant outbound connection (malware-cnc.rules)
 * 1:28528 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (malware-cnc.rules)
 * 1:28416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker outbound connection (malware-cnc.rules)
 * 1:28146 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Salgorea variant connection (malware-cnc.rules)
 * 1:28300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant connection (malware-cnc.rules)
 * 1:28814 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi/Neverquest variant outbound connection (malware-cnc.rules)
 * 1:28242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KanKan variant connection (malware-cnc.rules)
 * 1:28148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mevade variant outbound connection (malware-cnc.rules)
 * 1:28548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.chfx variant outbound connection (malware-cnc.rules)
 * 1:28154 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - MSIE 7.1 (malware-cnc.rules)
 * 1:28192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz Potential Phishing URL (malware-cnc.rules)
 * 1:28255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz Potential phishing URL (malware-cnc.rules)
 * 1:28325 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zuza variant outbound connection (malware-cnc.rules)
 * 1:28559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules)
 * 1:28153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - /html2/ (malware-cnc.rules)
 * 1:28563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pkdesco variant outbound connection (malware-cnc.rules)
 * 1:28254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perl.Shellbot variant outbound connection (malware-cnc.rules)
 * 1:28405 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:28565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sluegot variant connection (malware-cnc.rules)
 * 1:28813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ufraie variant outbound connection (malware-cnc.rules)
 * 1:28815 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi/Neverquest variant outbound connection (malware-cnc.rules)
 * 1:28564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pkdesco variant outbound connection (malware-cnc.rules)
 * 1:28166 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bifrose variant connection (malware-cnc.rules)
 * 1:28373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mutopy variant outbound connection (malware-cnc.rules)
 * 1:28212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bitsto variant connection (malware-cnc.rules)
 * 1:28328 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Hupigon variant outbound connection (malware-cnc.rules)
 * 1:28800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (malware-cnc.rules)
 * 1:28123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /setup.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28852 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules)
 * 1:28115 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /file.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28105 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:28097 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ohlat variant connection (malware-cnc.rules)
 * 1:28857 <-> DISABLED <-> MALWARE-CNC Adwind UNRECOM connnection back to cnc server (malware-cnc.rules)
 * 1:28117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /install.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:28856 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yowdab variant connection (malware-cnc.rules)
 * 1:28853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dipverdle variant outbound connection (malware-cnc.rules)
 * 1:28816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Siluhdur variant outbound connection (malware-cnc.rules)
 * 1:28858 <-> DISABLED <-> MALWARE-CNC Adwind UNRECOM connnection back to cnc server (malware-cnc.rules)
 * 1:27640 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chekafe variant connection (malware-cnc.rules)
 * 1:28119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /search.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28216 <-> DISABLED <-> MALWARE-CNC known malware FTP login (malware-cnc.rules)
 * 1:28486 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Codiltak variant outbound connection (malware-cnc.rules)
 * 1:28446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant SQL check-in (malware-cnc.rules)
 * 1:28399 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Tsunami outbound connection (malware-cnc.rules)
 * 1:28415 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:28121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /welcome.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tuxido outbound connection (malware-cnc.rules)
 * 1:28554 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /online.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:28607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:28118 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /login.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28810 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection - MSIE7 No Referer No Cookie (malware-cnc.rules)
 * 1:28529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (malware-cnc.rules)
 * 1:28323 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:28250 <-> DISABLED <-> MALWARE-CNC Security Cleaner Pro Install Confirmation (malware-cnc.rules)
 * 1:28211 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules)
 * 1:28542 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules)
 * 1:28605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kasnam variant connection (malware-cnc.rules)
 * 1:28417 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Molgomsg variant outbound connection (malware-cnc.rules)
 * 1:28230 <-> DISABLED <-> MALWARE-CNC Boot.Bootroot Variant data upload (malware-cnc.rules)
 * 1:28125 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant connection (malware-cnc.rules)
 * 1:28247 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules)
 * 1:28210 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules)
 * 1:28134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant connection (malware-cnc.rules)
 * 1:28406 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:28410 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner variant outbound connection (malware-cnc.rules)
 * 1:28799 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mxtcycle variant outbound connection (malware-cnc.rules)
 * 1:27709 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string umbra (malware-cnc.rules)
 * 1:26319 <-> DISABLED <-> MALWARE-CNC file path used as User-Agent - potential Trojan (malware-cnc.rules)
 * 1:25671 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25672 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound connection (malware-cnc.rules)
 * 1:25673 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.QQDragon variant outbound connection (malware-cnc.rules)
 * 1:25674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shimwoc variant outbound connection (malware-cnc.rules)
 * 1:25675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeavlock variant outbound connection (malware-cnc.rules)
 * 1:25765 <-> DISABLED <-> MALWARE-CNC Trojan Agent YEH variant outbound connection (malware-cnc.rules)
 * 1:25766 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:25807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Urausy Botnet variant outbound connection (malware-cnc.rules)
 * 1:25829 <-> DISABLED <-> MALWARE-CNC Trojan Banker FTC variant outbound connection (malware-cnc.rules)
 * 1:25854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection - MSIE7 No Referer No Cookie (malware-cnc.rules)
 * 1:25863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.QBundle variant outbound connection (malware-cnc.rules)
 * 1:25865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boolflot variant outbound connection (malware-cnc.rules)
 * 1:25974 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lukprofin variant outbound connection (malware-cnc.rules)
 * 1:25979 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lukprofin variant outbound connection (malware-cnc.rules)
 * 1:25980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pass (malware-cnc.rules)
 * 1:25987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upof variant outbound connection (malware-cnc.rules)
 * 1:25990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (malware-cnc.rules)
 * 1:25991 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (malware-cnc.rules)
 * 1:25992 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules)
 * 1:25993 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules)
 * 1:25994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reswor variant outbound connection (malware-cnc.rules)
 * 1:26010 <-> DISABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules)
 * 1:26011 <-> DISABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules)
 * 1:26019 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bredo variant outbound connection (malware-cnc.rules)
 * 1:26023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant in.php outbound connection (malware-cnc.rules)
 * 1:26024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wecod variant outbound connection (malware-cnc.rules)
 * 1:26072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locati variant outbound connection (malware-cnc.rules)
 * 1:26075 <-> DISABLED <-> MALWARE-CNC Bancos variant outbound connection SQL query POST data (malware-cnc.rules)
 * 1:26086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Exicon variant outbound connection (malware-cnc.rules)
 * 1:26088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Encriyoko variant outbound connection (malware-cnc.rules)
 * 1:26106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:26115 <-> DISABLED <-> MALWARE-CNC NSIS.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26116 <-> DISABLED <-> MALWARE-CNC NSIS.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarctox variant outbound connection (malware-cnc.rules)
 * 1:26118 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26202 <-> DISABLED <-> MALWARE-CNC VBS.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gupd variant outbound connection (malware-cnc.rules)
 * 1:26204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malex variant outbound connection (malware-cnc.rules)
 * 1:26211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eldorado variant outbound connection (malware-cnc.rules)
 * 1:26238 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Snopexy variant outbound connection (malware-cnc.rules)
 * 1:26239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stehlox variant outbound connection (malware-cnc.rules)
 * 1:26240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vkeikooc variant outbound connection (malware-cnc.rules)
 * 1:26244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Troll variant outbound connection (malware-cnc.rules)
 * 1:26245 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:26248 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent cibabam (malware-cnc.rules)
 * 1:26249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Sonide variant outbound connection (malware-cnc.rules)
 * 1:26260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Vectmp variant outbound connection (malware-cnc.rules)
 * 1:26266 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26267 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Surok variant outbound connection (malware-cnc.rules)
 * 1:26285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Garveep variant outbound connection (malware-cnc.rules)
 * 1:26288 <-> DISABLED <-> MALWARE-CNC Brontok Worm variant outbound connection (malware-cnc.rules)
 * 1:26289 <-> DISABLED <-> MALWARE-CNC Daws Trojan Outbound Plaintext over SSL Port (malware-cnc.rules)
 * 1:28106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload information upload (malware-cnc.rules)
 * 1:27641 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meilat variant connection (malware-cnc.rules)
 * 1:27642 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downbot variant connection (malware-cnc.rules)
 * 1:27643 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Betabot variant connection (malware-cnc.rules)
 * 1:27644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Merong variant connection (malware-cnc.rules)
 * 1:27645 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Binjo variant outbound connection (malware-cnc.rules)
 * 1:27647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nelaja variant outbound connection (malware-cnc.rules)
 * 1:27648 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker.ZSL variant outbound connection (malware-cnc.rules)
 * 1:27649 <-> DISABLED <-> MALWARE-CNC Brazilian Banking Trojan data theft (malware-cnc.rules)
 * 1:27655 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Enchanim variant connection (malware-cnc.rules)
 * 1:27659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gapz variant connection (malware-cnc.rules)
 * 1:27660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reabfrus variant connection (malware-cnc.rules)
 * 1:27661 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reabfrus variant connection (malware-cnc.rules)
 * 1:27662 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Galfun variant outbound connection (malware-cnc.rules)
 * 1:27664 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules)
 * 1:27665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules)
 * 1:27670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.evf variant connection (malware-cnc.rules)
 * 1:27678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Goolelo variant connection (malware-cnc.rules)
 * 1:27679 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:27680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess variant outbound connection (malware-cnc.rules)
 * 1:27699 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tartober variant connection (malware-cnc.rules)
 * 1:27710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string IExplore (malware-cnc.rules)
 * 1:27711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant outbound connection (malware-cnc.rules)
 * 1:27720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kolok variant connection (malware-cnc.rules)
 * 1:27726 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules)
 * 1:27727 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules)
 * 1:27728 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules)
 * 1:27737 <-> DISABLED <-> MALWARE-CNC DNS suspicious .c0m.li dns query (malware-cnc.rules)
 * 1:27746 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Hanthie variant outbound connection (malware-cnc.rules)
 * 1:27747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banechant outbound variant connection (malware-cnc.rules)
 * 1:27759 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Treizt variant connection (malware-cnc.rules)
 * 1:27774 <-> DISABLED <-> MALWARE-CNC RDN Banker Data Exfiltration (malware-cnc.rules)
 * 1:27775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:27802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PRISM variant outbound connection (malware-cnc.rules)
 * 1:27803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PRISM variant outbound connection (malware-cnc.rules)
 * 1:27805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bisonha variant outbound connection (malware-cnc.rules)
 * 1:27806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retruse variant connection (malware-cnc.rules)
 * 1:27811 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mindweq variant connection (malware-cnc.rules)
 * 1:27817 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenavt connection (malware-cnc.rules)
 * 1:27864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinowal variant connection (malware-cnc.rules)
 * 1:27867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper outbound connection (malware-cnc.rules)
 * 1:27868 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - dt12012 (malware-cnc.rules)
 * 1:27905 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helauto variant connection (malware-cnc.rules)
 * 1:27918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:27919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus encrypted POST Data exfiltration (malware-cnc.rules)
 * 1:27939 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Galock variant connection (malware-cnc.rules)
 * 1:27955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mevade variant outbound connection (malware-cnc.rules)
 * 1:27963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lolbot variant outbound connection (malware-cnc.rules)
 * 1:27964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules)
 * 1:27965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eupuds variant connection (malware-cnc.rules)
 * 1:27966 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:27968 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:27969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Updays variant connection (malware-cnc.rules)
 * 1:27970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus dropper variant connection (malware-cnc.rules)
 * 1:27980 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /botnet/adduser.php?uid= (malware-cnc.rules)
 * 1:27981 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /botnet/tasks.php?uid= (malware-cnc.rules)
 * 1:28005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz outbound command (malware-cnc.rules)
 * 1:28007 <-> DISABLED <-> MALWARE-CNC BLYPT installer startupkey outbound traffic (malware-cnc.rules)
 * 1:28008 <-> DISABLED <-> MALWARE-CNC BLYPT installer reuse outbound traffic (malware-cnc.rules)
 * 1:28009 <-> DISABLED <-> MALWARE-CNC BLYPT installer configkey outbound traffic (malware-cnc.rules)
 * 1:28010 <-> DISABLED <-> MALWARE-CNC BLYPT installer tserror outbound traffic (malware-cnc.rules)
 * 1:28011 <-> DISABLED <-> MALWARE-CNC BLYPT installer createproc outbound traffic (malware-cnc.rules)
 * 1:28012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:28033 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Urausy variant outbound connection (malware-cnc.rules)
 * 1:28040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules)
 * 1:28042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Caphaw variant outbound connection (malware-cnc.rules)
 * 1:28044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker variant connection (malware-cnc.rules)
 * 1:28045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBKrypt variant connection (malware-cnc.rules)
 * 1:28072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Omexo outbound connection (malware-cnc.rules)
 * 1:28073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32.Kimsuky variant file stealing (malware-cnc.rules)
 * 1:28074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ADKR connection (malware-cnc.rules)
 * 1:28075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.gzfw connection (malware-cnc.rules)
 * 1:28079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar variant outbound connection (malware-cnc.rules)
 * 1:28080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar data theft (malware-cnc.rules)
 * 1:28084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant connection (malware-cnc.rules)
 * 1:28094 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Liteol variant connection (malware-cnc.rules)
 * 1:28095 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Liteol variant connection (malware-cnc.rules)
 * 1:28096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spynet variant connection (malware-cnc.rules)
 * 1:26777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:27639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epipenwa variant connection (malware-cnc.rules)
 * 1:25547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules)
 * 1:25551 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dipasik variant outbound connection (malware-cnc.rules)
 * 1:25553 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (malware-cnc.rules)
 * 1:25570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medialabs variant outbound connection (malware-cnc.rules)
 * 1:25571 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medialabs variant outbound connection (malware-cnc.rules)
 * 1:25572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut variant outbound connection (malware-cnc.rules)
 * 1:25577 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Necurs possible URI with encrypted POST (malware-cnc.rules)
 * 1:25599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gupboot variant outbound connection (malware-cnc.rules)
 * 1:25600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dilavtor variant outbound connection (malware-cnc.rules)
 * 1:25609 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:25610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mofsmall variant outbound connection (malware-cnc.rules)
 * 1:25623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jimpime variant outbound connection (malware-cnc.rules)
 * 1:25625 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Daws variant outbound connection (malware-cnc.rules)
 * 1:25626 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:25628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant connect to cnc-server (malware-cnc.rules)
 * 1:25632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Golisy variant outbound connection (malware-cnc.rules)
 * 1:25652 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptic variant outbound connection (malware-cnc.rules)
 * 1:25660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules)
 * 1:25661 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules)
 * 1:25662 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chowspy variant outbound connection (malware-cnc.rules)
 * 1:25663 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rimod variant outbound connection (malware-cnc.rules)
 * 1:25665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sycomder variant outbound connection (malware-cnc.rules)
 * 1:25666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25667 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nflog variant outbound connection (malware-cnc.rules)
 * 1:25668 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nflog variant outbound connection (malware-cnc.rules)
 * 1:25669 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Selasloot variant outbound connection (malware-cnc.rules)
 * 1:26201 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lobparck variant outbound connection (malware-cnc.rules)
 * 1:26325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules)
 * 1:26327 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Flashfake variant outbound connection (malware-cnc.rules)
 * 1:26331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qhost variant outbound connection (malware-cnc.rules)
 * 1:26335 <-> DISABLED <-> MALWARE-CNC FBI Ransom Trojan variant outbound connection (malware-cnc.rules)
 * 1:26370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - ksa.txt (malware-cnc.rules)
 * 1:26371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - op POST (malware-cnc.rules)
 * 1:26398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue variant outbound connection (malware-cnc.rules)
 * 1:26428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:26444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26445 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler variant outbound connection (malware-cnc.rules)
 * 1:26448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakesig variant outbound connection (malware-cnc.rules)
 * 1:26449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules)
 * 1:26463 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linog.A variant outbound connection (malware-cnc.rules)
 * 1:26464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linog.A variant outbound connection (malware-cnc.rules)
 * 1:26467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Magic variant inbound connection (malware-cnc.rules)
 * 1:26480 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot fake PNG config file download without User-Agent (malware-cnc.rules)
 * 1:26482 <-> DISABLED <-> MALWARE-CNC Unknown Thinner Encrypted POST botnet C&C (malware-cnc.rules)
 * 1:26522 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent NOKIAN95/WEB (malware-cnc.rules)
 * 1:26533 <-> DISABLED <-> MALWARE-CNC Unknown malware - Incorrect headers - Referer HTTP/1.0 (malware-cnc.rules)
 * 1:26558 <-> DISABLED <-> MALWARE-CNC User-Agent known Malicious user agent Brutus AET (malware-cnc.rules)
 * 1:26560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - getcomando POST data (malware-cnc.rules)
 * 1:26561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:26563 <-> DISABLED <-> MALWARE-CNC Harakit botnet traffic (malware-cnc.rules)
 * 1:26576 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules)
 * 1:26577 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent Opera 10 (malware-cnc.rules)
 * 1:26578 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy/FakeAV Checkin with IE6 User-Agent (malware-cnc.rules)
 * 1:26579 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy/FakeAV Checkin with IE6 User-Agent (malware-cnc.rules)
 * 1:26604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bydra variant outbound connection (malware-cnc.rules)
 * 1:26605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bydra variant outbound connection (malware-cnc.rules)
 * 1:26606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sosork variant outbound connection (malware-cnc.rules)
 * 1:26607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korlia variant outbound connection (malware-cnc.rules)
 * 1:26608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rocra variant outbound connection (malware-cnc.rules)
 * 1:26609 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Dockster variant outbound connection (malware-cnc.rules)
 * 1:26613 <-> DISABLED <-> MALWARE-CNC Medfos Trojan variant outbound connection (malware-cnc.rules)
 * 1:26656 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Travnet Botnet data upload (malware-cnc.rules)
 * 1:26657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz variant outbound connection (malware-cnc.rules)
 * 1:26677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules)
 * 1:26678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules)
 * 1:26679 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules)
 * 1:26680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules)
 * 1:26681 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules)
 * 1:26683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shyape variant outbound connection (malware-cnc.rules)
 * 1:26684 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neshax variant outbound connection (malware-cnc.rules)
 * 1:26685 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string J13A (malware-cnc.rules)
 * 1:26686 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alina (malware-cnc.rules)
 * 1:26690 <-> DISABLED <-> MALWARE-CNC Miniduke server contact (malware-cnc.rules)
 * 1:26691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UFRStealer variant outbound connection (malware-cnc.rules)
 * 1:26692 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyremoav variant outbound connection (malware-cnc.rules)
 * 1:26695 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Namihno variant outbound request (malware-cnc.rules)
 * 1:26696 <-> DISABLED <-> MALWARE-CNC Cbeplay Ransomware variant outbound connection - Abnormal HTTP Headers (malware-cnc.rules)
 * 1:26697 <-> DISABLED <-> MALWARE-CNC Cbeplay Ransomware variant outbound connection - POST Body (malware-cnc.rules)
 * 1:26702 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win (malware-cnc.rules)
 * 1:26703 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upero variant outbound connection (malware-cnc.rules)
 * 1:26712 <-> DISABLED <-> MALWARE-CNC Kazy Trojan check-in (malware-cnc.rules)
 * 1:26713 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 1 outbound traffic (malware-cnc.rules)
 * 1:26714 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 2 outbound traffic (malware-cnc.rules)
 * 1:26715 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 3 outbound traffic (malware-cnc.rules)
 * 1:26719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules)
 * 1:26720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules)
 * 1:26721 <-> DISABLED <-> MALWARE-CNC Pushdo Spiral Traffic (malware-cnc.rules)
 * 1:26722 <-> DISABLED <-> MALWARE-CNC Bancos fake JPG encrypted config file download (malware-cnc.rules)
 * 1:26723 <-> DISABLED <-> MALWARE-CNC Trojan Downloader7 (malware-cnc.rules)
 * 1:26725 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc http command (malware-cnc.rules)
 * 1:26726 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc stop command (malware-cnc.rules)
 * 1:26727 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc die command (malware-cnc.rules)
 * 1:26728 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc sleep command (malware-cnc.rules)
 * 1:26729 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc simple command (malware-cnc.rules)
 * 1:26730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc loginpost command (malware-cnc.rules)
 * 1:26731 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc datapost command (malware-cnc.rules)
 * 1:26732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc syn command (malware-cnc.rules)
 * 1:26733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udp command (malware-cnc.rules)
 * 1:26734 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udpdata command (malware-cnc.rules)
 * 1:26735 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc data command (malware-cnc.rules)
 * 1:26736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc icmp command (malware-cnc.rules)
 * 1:26737 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc tcpdata command (malware-cnc.rules)
 * 1:26738 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dataget command (malware-cnc.rules)
 * 1:26739 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc connect command (malware-cnc.rules)
 * 1:26740 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dns command (malware-cnc.rules)
 * 1:26741 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc exec command (malware-cnc.rules)
 * 1:26742 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc resolve command (malware-cnc.rules)
 * 1:26743 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc antiddos command (malware-cnc.rules)
 * 1:26744 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc range command (malware-cnc.rules)
 * 1:26745 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc ftp command (malware-cnc.rules)
 * 1:26746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc download command (malware-cnc.rules)
 * 1:26747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc fastddos command (malware-cnc.rules)
 * 1:26748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc slowhttp command (malware-cnc.rules)
 * 1:26749 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc allhttp command (malware-cnc.rules)
 * 1:26750 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc full command (malware-cnc.rules)
 * 1:26751 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - msctls_progress32 (malware-cnc.rules)
 * 1:26756 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Datcaen variant outbound connection (malware-cnc.rules)
 * 1:26757 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Datcaen variant outbound connection (malware-cnc.rules)
 * 1:26758 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elefin variant outbound connection (malware-cnc.rules)
 * 1:26763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:26770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:26771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:26774 <-> DISABLED <-> MALWARE-CNC Win.Worm.Luder variant outbound connection (malware-cnc.rules)
 * 1:26775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker variant outbound connection HTTP Header Structure (malware-cnc.rules)
 * 1:26779 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex encrypted POST check-in (malware-cnc.rules)
 * 1:26776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker variant outbound connection POST (malware-cnc.rules)
 * 1:26780 <-> DISABLED <-> MALWARE-CNC cridex HTTP Response - default0.js (malware-cnc.rules)
 * 1:26785 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qrmon variant outbound connection (malware-cnc.rules)
 * 1:26792 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbula variant outbound connection (malware-cnc.rules)
 * 1:26793 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbula variant initial CNC contact (malware-cnc.rules)
 * 1:26809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor.Tomvode variant outbound connection (malware-cnc.rules)
 * 1:26811 <-> DISABLED <-> MALWARE-CNC XP Fake Antivirus Payment Page Request (malware-cnc.rules)
 * 1:26812 <-> DISABLED <-> MALWARE-CNC XP Fake Antivirus Check-in (malware-cnc.rules)
 * 1:26813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato CMS spambot check-in (malware-cnc.rules)
 * 1:26815 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.KitM variant outbound connection user-agent (malware-cnc.rules)
 * 1:26816 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.KitM variant outbound connection (malware-cnc.rules)
 * 1:26818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Zawat variant outbound connection (malware-cnc.rules)
 * 1:26819 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Datash variant outbound connection (malware-cnc.rules)
 * 1:26820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Datash variant outbound connection (malware-cnc.rules)
 * 1:26822 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules)
 * 1:26828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uperti variant outbound connection (malware-cnc.rules)
 * 1:26835 <-> DISABLED <-> MALWARE-CNC RDN Banker POST variant outbound connection (malware-cnc.rules)
 * 1:26836 <-> DISABLED <-> MALWARE-CNC RDN Banker Strange Google Traffic (malware-cnc.rules)
 * 1:26837 <-> DISABLED <-> MALWARE-CNC BitBot Idle C2 response (malware-cnc.rules)
 * 1:26840 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (malware-cnc.rules)
 * 1:26841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (malware-cnc.rules)
 * 1:26880 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zotob.E gc.exe download (malware-cnc.rules)
 * 1:26911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules)
 * 1:26912 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules)
 * 1:26923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:26924 <-> DISABLED <-> MALWARE-CNC Potential Gozi Trojan HTTP Header Structure (malware-cnc.rules)
 * 1:26930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules)
 * 1:26931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules)
 * 1:26932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules)
 * 1:26940 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TripleNine RAT beacon (malware-cnc.rules)
 * 1:26941 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PipCreat RAT dropper download (malware-cnc.rules)
 * 1:26942 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PipCreat RAT beacon (malware-cnc.rules)
 * 1:26943 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Post_Show RAT beacon (malware-cnc.rules)
 * 1:26944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Post_Show RAT beacon (malware-cnc.rules)
 * 1:26945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bisonal RAT beacon (malware-cnc.rules)
 * 1:26946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uptime RAT beacon (malware-cnc.rules)
 * 1:26952 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcim variant outbound connection (malware-cnc.rules)
 * 1:26954 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Talsab variant outbound connection (malware-cnc.rules)
 * 1:26955 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Talsab variant outbound connection (malware-cnc.rules)
 * 1:26965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Facebook Secure Cryptor C2 (malware-cnc.rules)
 * 1:26966 <-> DISABLED <-> MALWARE-CNC Win32/Autorun.JN variant outbound connection (malware-cnc.rules)
 * 1:26967 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:26968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi Data Theft POST Data (malware-cnc.rules)
 * 1:26969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi Trojan Data Theft POST URL (malware-cnc.rules)
 * 1:26970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pirminay variant outbound connection (malware-cnc.rules)
 * 1:26984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector Info Stealer Trojan variant outbound connection (malware-cnc.rules)
 * 1:26986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xenil variant outbound connection (malware-cnc.rules)
 * 1:26987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyvadextr variant outbound connection (malware-cnc.rules)
 * 1:26995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26997 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Morcut variant outbound connection (malware-cnc.rules)
 * 1:26998 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Morcut file download (malware-cnc.rules)
 * 1:26999 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chinoxy variant outbound connection (malware-cnc.rules)
 * 1:27000 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chinoxy variant outbound connection (malware-cnc.rules)
 * 1:27002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:27003 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:27007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:27008 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:27010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot payment .scr download (malware-cnc.rules)
 * 1:27012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant outbound connection (malware-cnc.rules)
 * 1:27013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant inbound connection (malware-cnc.rules)
 * 1:27014 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epipenwa variant outbound connection (malware-cnc.rules)
 * 1:27017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato variant inbound response connection (malware-cnc.rules)
 * 1:27021 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Layvam variant outbound connection (malware-cnc.rules)
 * 1:27022 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules)
 * 1:27023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules)
 * 1:27033 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Transhell variant outbound connection user-agent (malware-cnc.rules)
 * 1:27039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.OnlineGameHack variant outbound connection (malware-cnc.rules)
 * 1:27044 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string pb - Htbot (malware-cnc.rules)
 * 1:27045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker Download (malware-cnc.rules)
 * 1:27049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dokstormac variant outbound connection (malware-cnc.rules)
 * 1:27054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant outbound connection (malware-cnc.rules)
 * 1:27058 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.HackBack variant outbound connection (malware-cnc.rules)
 * 1:27093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules)
 * 1:27120 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:27169 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atezag variant outbound connection (malware-cnc.rules)
 * 1:27199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meredrop variant outbound connection GET Request (malware-cnc.rules)
 * 1:27200 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meredrop variant outbound connection POST Request (malware-cnc.rules)
 * 1:27201 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neurevt variant outbound connection (malware-cnc.rules)
 * 1:27248 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue - Mozi1la User-Agent (malware-cnc.rules)
 * 1:27252 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess 111-byte URL variant outbound connection (malware-cnc.rules)
 * 1:27256 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik Drive-by Download Malware (malware-cnc.rules)
 * 1:27257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptic 7-byte URI Invalid Firefox Headers - no Accept-Language (malware-cnc.rules)
 * 1:27260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Java.Agent.NFK variant connection (malware-cnc.rules)
 * 1:27263 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - yahoonews (malware-cnc.rules)
 * 1:27533 <-> DISABLED <-> MALWARE-CNC Potential Win.Trojan.Kraziomel Download - 000.jpg (malware-cnc.rules)
 * 1:27551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorapu variant outbound connection (malware-cnc.rules)
 * 1:27558 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bezigate variant outbound connection (malware-cnc.rules)
 * 1:27567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix malicious download request (malware-cnc.rules)
 * 1:27577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:27596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redyms variant outbound connection (malware-cnc.rules)
 * 1:27599 <-> DISABLED <-> MALWARE-CNC Fort Disco Registration variant outbound connection (malware-cnc.rules)
 * 1:27600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nawpers variant connection (malware-cnc.rules)
 * 1:27629 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules)
 * 1:27630 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules)
 * 1:27631 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules)
 * 1:27633 <-> DISABLED <-> MALWARE-CNC Worm.Silly variant outbound connection (malware-cnc.rules)
 * 1:27636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Likseput variant connection (malware-cnc.rules)
 * 1:27637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syhcmd variant connection (malware-cnc.rules)

2020-10-08 13:28:31 UTC

Snort Subscriber Rules Update

Date: 2020-10-08

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:55931 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant outbound connection attempt (malware-cnc.rules)
 * 1:55929 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9774504-0 download attempt (malware-other.rules)
 * 1:55933 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic malicious RemoteConstructor deserialization attempt (server-other.rules)
 * 1:55932 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic malicious RemoteConstructor deserialization attempt (server-other.rules)
 * 1:55930 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9774504-0 download attempt (malware-other.rules)

Modified Rules:


 * 1:28117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /install.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28105 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:28115 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /file.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28857 <-> DISABLED <-> MALWARE-CNC Adwind UNRECOM connnection back to cnc server (malware-cnc.rules)
 * 1:28106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload information upload (malware-cnc.rules)
 * 1:28856 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yowdab variant connection (malware-cnc.rules)
 * 1:25548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules)
 * 1:28852 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules)
 * 1:28816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Siluhdur variant outbound connection (malware-cnc.rules)
 * 1:28853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dipverdle variant outbound connection (malware-cnc.rules)
 * 1:25547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:28820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:28285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.hdog connectivity check-in version 2 (malware-cnc.rules)
 * 1:28799 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mxtcycle variant outbound connection (malware-cnc.rules)
 * 1:28561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plugx outbound connection (malware-cnc.rules)
 * 1:28406 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:28446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant SQL check-in (malware-cnc.rules)
 * 1:28134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant connection (malware-cnc.rules)
 * 1:28247 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules)
 * 1:28553 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /main.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28141 <-> DISABLED <-> MALWARE-CNC Win.Trojan.banker outbound connection (malware-cnc.rules)
 * 1:28606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Surtr variant connection (malware-cnc.rules)
 * 1:28410 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner variant outbound connection (malware-cnc.rules)
 * 1:28209 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules)
 * 1:28543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules)
 * 1:26119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:28599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Lesirt variant outbound connection (malware-cnc.rules)
 * 1:28418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Dtcontx outbound connection (malware-cnc.rules)
 * 1:28210 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules)
 * 1:28118 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /login.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:28547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:28554 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /online.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28399 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Tsunami outbound connection (malware-cnc.rules)
 * 1:28121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /welcome.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28444 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CBgate variant outbound connection (malware-cnc.rules)
 * 1:28239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tuxido outbound connection (malware-cnc.rules)
 * 1:28415 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:28216 <-> DISABLED <-> MALWARE-CNC known malware FTP login (malware-cnc.rules)
 * 1:28119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /search.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28486 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Codiltak variant outbound connection (malware-cnc.rules)
 * 1:28125 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant connection (malware-cnc.rules)
 * 1:28211 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules)
 * 1:28250 <-> DISABLED <-> MALWARE-CNC Security Cleaner Pro Install Confirmation (malware-cnc.rules)
 * 1:28230 <-> DISABLED <-> MALWARE-CNC Boot.Bootroot Variant data upload (malware-cnc.rules)
 * 1:28417 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Molgomsg variant outbound connection (malware-cnc.rules)
 * 1:28605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kasnam variant connection (malware-cnc.rules)
 * 1:28542 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules)
 * 1:28234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hdslogger outbound connection (malware-cnc.rules)
 * 1:28244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phrovon outbound connection (malware-cnc.rules)
 * 1:28323 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:28810 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection - MSIE7 No Referer No Cookie (malware-cnc.rules)
 * 1:28529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (malware-cnc.rules)
 * 1:28123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /setup.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28528 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (malware-cnc.rules)
 * 1:28419 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tesch variant outbound connection (malware-cnc.rules)
 * 1:28154 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - MSIE 7.1 (malware-cnc.rules)
 * 1:28192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz Potential Phishing URL (malware-cnc.rules)
 * 1:28255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz Potential phishing URL (malware-cnc.rules)
 * 1:28325 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zuza variant outbound connection (malware-cnc.rules)
 * 1:28803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector inbound connection (malware-cnc.rules)
 * 1:28814 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi/Neverquest variant outbound connection (malware-cnc.rules)
 * 1:28548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.chfx variant outbound connection (malware-cnc.rules)
 * 1:28122 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /index.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent outbound connection (malware-cnc.rules)
 * 1:28146 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Salgorea variant connection (malware-cnc.rules)
 * 1:28242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KanKan variant connection (malware-cnc.rules)
 * 1:28300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant connection (malware-cnc.rules)
 * 1:28800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (malware-cnc.rules)
 * 1:28373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mutopy variant outbound connection (malware-cnc.rules)
 * 1:28212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bitsto variant connection (malware-cnc.rules)
 * 1:28328 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Hupigon variant outbound connection (malware-cnc.rules)
 * 1:28148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mevade variant outbound connection (malware-cnc.rules)
 * 1:28565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sluegot variant connection (malware-cnc.rules)
 * 1:28405 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:28564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pkdesco variant outbound connection (malware-cnc.rules)
 * 1:28166 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bifrose variant connection (malware-cnc.rules)
 * 1:28815 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi/Neverquest variant outbound connection (malware-cnc.rules)
 * 1:28813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ufraie variant outbound connection (malware-cnc.rules)
 * 1:28560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plugx FTP keepalive outbound connection (malware-cnc.rules)
 * 1:28559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules)
 * 1:28153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - /html2/ (malware-cnc.rules)
 * 1:28804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector outbound connection (malware-cnc.rules)
 * 1:28254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perl.Shellbot variant outbound connection (malware-cnc.rules)
 * 1:28807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules)
 * 1:28366 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Venik variant outbound connection (malware-cnc.rules)
 * 1:28808 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Ptiger variant outbound connection (malware-cnc.rules)
 * 1:28802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos outbound connection (malware-cnc.rules)
 * 1:28143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos outbound connection (malware-cnc.rules)
 * 1:28484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delpbank variant outbound connection (malware-cnc.rules)
 * 1:28155 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - MSIE 7.2 (malware-cnc.rules)
 * 1:28562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sidopa variant outbound connection (malware-cnc.rules)
 * 1:28558 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string getURLdown (malware-cnc.rules)
 * 1:28538 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox/Kuluoz variant connection (malware-cnc.rules)
 * 1:28411 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner variant outbound connection (malware-cnc.rules)
 * 1:28809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil inbound connection (malware-cnc.rules)
 * 1:28604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kasnam variant connection (malware-cnc.rules)
 * 1:28362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string SUiCiDE/1.5 (malware-cnc.rules)
 * 1:28463 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AllAple Variant ICMP flood (malware-cnc.rules)
 * 1:28120 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /start.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker outbound connection (malware-cnc.rules)
 * 1:28541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess Download Headers (malware-cnc.rules)
 * 1:28551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NXI ftp username connection (malware-cnc.rules)
 * 1:28147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules)
 * 1:28114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /default.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28144 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32.Wpbrutebot variant connection (malware-cnc.rules)
 * 1:28107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload download (malware-cnc.rules)
 * 1:28805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Palevo outbound connection (malware-cnc.rules)
 * 1:28563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pkdesco variant outbound connection (malware-cnc.rules)
 * 1:28116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /home.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28326 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zuza variant outbound connection (malware-cnc.rules)
 * 1:28485 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Khalog variant outbound connection (malware-cnc.rules)
 * 1:28858 <-> DISABLED <-> MALWARE-CNC Adwind UNRECOM connnection back to cnc server (malware-cnc.rules)
 * 1:26697 <-> DISABLED <-> MALWARE-CNC Cbeplay Ransomware variant outbound connection - POST Body (malware-cnc.rules)
 * 1:26702 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win (malware-cnc.rules)
 * 1:26703 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upero variant outbound connection (malware-cnc.rules)
 * 1:26712 <-> DISABLED <-> MALWARE-CNC Kazy Trojan check-in (malware-cnc.rules)
 * 1:26713 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 1 outbound traffic (malware-cnc.rules)
 * 1:26714 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 2 outbound traffic (malware-cnc.rules)
 * 1:26715 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 3 outbound traffic (malware-cnc.rules)
 * 1:26719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules)
 * 1:26720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules)
 * 1:26721 <-> DISABLED <-> MALWARE-CNC Pushdo Spiral Traffic (malware-cnc.rules)
 * 1:26722 <-> DISABLED <-> MALWARE-CNC Bancos fake JPG encrypted config file download (malware-cnc.rules)
 * 1:26723 <-> DISABLED <-> MALWARE-CNC Trojan Downloader7 (malware-cnc.rules)
 * 1:26725 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc http command (malware-cnc.rules)
 * 1:26726 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc stop command (malware-cnc.rules)
 * 1:26727 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc die command (malware-cnc.rules)
 * 1:26728 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc sleep command (malware-cnc.rules)
 * 1:26729 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc simple command (malware-cnc.rules)
 * 1:26730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc loginpost command (malware-cnc.rules)
 * 1:26731 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc datapost command (malware-cnc.rules)
 * 1:26732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc syn command (malware-cnc.rules)
 * 1:26733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udp command (malware-cnc.rules)
 * 1:26734 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udpdata command (malware-cnc.rules)
 * 1:26735 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc data command (malware-cnc.rules)
 * 1:26736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc icmp command (malware-cnc.rules)
 * 1:26737 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc tcpdata command (malware-cnc.rules)
 * 1:26738 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dataget command (malware-cnc.rules)
 * 1:26739 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc connect command (malware-cnc.rules)
 * 1:26118 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26740 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dns command (malware-cnc.rules)
 * 1:25570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medialabs variant outbound connection (malware-cnc.rules)
 * 1:25571 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medialabs variant outbound connection (malware-cnc.rules)
 * 1:25572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut variant outbound connection (malware-cnc.rules)
 * 1:25577 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Necurs possible URI with encrypted POST (malware-cnc.rules)
 * 1:25599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gupboot variant outbound connection (malware-cnc.rules)
 * 1:25600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dilavtor variant outbound connection (malware-cnc.rules)
 * 1:25609 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:25610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mofsmall variant outbound connection (malware-cnc.rules)
 * 1:25623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jimpime variant outbound connection (malware-cnc.rules)
 * 1:25625 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Daws variant outbound connection (malware-cnc.rules)
 * 1:25626 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:25628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant connect to cnc-server (malware-cnc.rules)
 * 1:25632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Golisy variant outbound connection (malware-cnc.rules)
 * 1:25652 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptic variant outbound connection (malware-cnc.rules)
 * 1:25660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules)
 * 1:25661 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules)
 * 1:25662 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chowspy variant outbound connection (malware-cnc.rules)
 * 1:25663 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rimod variant outbound connection (malware-cnc.rules)
 * 1:25665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sycomder variant outbound connection (malware-cnc.rules)
 * 1:25666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25667 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nflog variant outbound connection (malware-cnc.rules)
 * 1:25668 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nflog variant outbound connection (malware-cnc.rules)
 * 1:25669 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Selasloot variant outbound connection (malware-cnc.rules)
 * 1:25671 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25672 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound connection (malware-cnc.rules)
 * 1:25673 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.QQDragon variant outbound connection (malware-cnc.rules)
 * 1:25674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shimwoc variant outbound connection (malware-cnc.rules)
 * 1:25675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeavlock variant outbound connection (malware-cnc.rules)
 * 1:25765 <-> DISABLED <-> MALWARE-CNC Trojan Agent YEH variant outbound connection (malware-cnc.rules)
 * 1:25766 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:25807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Urausy Botnet variant outbound connection (malware-cnc.rules)
 * 1:25829 <-> DISABLED <-> MALWARE-CNC Trojan Banker FTC variant outbound connection (malware-cnc.rules)
 * 1:25854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection - MSIE7 No Referer No Cookie (malware-cnc.rules)
 * 1:25863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.QBundle variant outbound connection (malware-cnc.rules)
 * 1:25865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boolflot variant outbound connection (malware-cnc.rules)
 * 1:25974 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lukprofin variant outbound connection (malware-cnc.rules)
 * 1:26741 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc exec command (malware-cnc.rules)
 * 1:25980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pass (malware-cnc.rules)
 * 1:25987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upof variant outbound connection (malware-cnc.rules)
 * 1:25990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (malware-cnc.rules)
 * 1:25991 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (malware-cnc.rules)
 * 1:25992 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules)
 * 1:25993 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules)
 * 1:25994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reswor variant outbound connection (malware-cnc.rules)
 * 1:26010 <-> DISABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules)
 * 1:26011 <-> DISABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules)
 * 1:26019 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bredo variant outbound connection (malware-cnc.rules)
 * 1:26023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant in.php outbound connection (malware-cnc.rules)
 * 1:26024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wecod variant outbound connection (malware-cnc.rules)
 * 1:26072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locati variant outbound connection (malware-cnc.rules)
 * 1:26075 <-> DISABLED <-> MALWARE-CNC Bancos variant outbound connection SQL query POST data (malware-cnc.rules)
 * 1:26086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Exicon variant outbound connection (malware-cnc.rules)
 * 1:26088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Encriyoko variant outbound connection (malware-cnc.rules)
 * 1:26106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:26115 <-> DISABLED <-> MALWARE-CNC NSIS.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26116 <-> DISABLED <-> MALWARE-CNC NSIS.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarctox variant outbound connection (malware-cnc.rules)
 * 1:25979 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lukprofin variant outbound connection (malware-cnc.rules)
 * 1:25553 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (malware-cnc.rules)
 * 1:26742 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc resolve command (malware-cnc.rules)
 * 1:26743 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc antiddos command (malware-cnc.rules)
 * 1:26744 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc range command (malware-cnc.rules)
 * 1:26745 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc ftp command (malware-cnc.rules)
 * 1:26746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc download command (malware-cnc.rules)
 * 1:26747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc fastddos command (malware-cnc.rules)
 * 1:26748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc slowhttp command (malware-cnc.rules)
 * 1:26749 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc allhttp command (malware-cnc.rules)
 * 1:26750 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc full command (malware-cnc.rules)
 * 1:26751 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - msctls_progress32 (malware-cnc.rules)
 * 1:26756 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Datcaen variant outbound connection (malware-cnc.rules)
 * 1:26757 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Datcaen variant outbound connection (malware-cnc.rules)
 * 1:26758 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elefin variant outbound connection (malware-cnc.rules)
 * 1:26763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:26770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:26771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:26774 <-> DISABLED <-> MALWARE-CNC Win.Worm.Luder variant outbound connection (malware-cnc.rules)
 * 1:26775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker variant outbound connection HTTP Header Structure (malware-cnc.rules)
 * 1:26776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker variant outbound connection POST (malware-cnc.rules)
 * 1:26777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:26779 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex encrypted POST check-in (malware-cnc.rules)
 * 1:26780 <-> DISABLED <-> MALWARE-CNC cridex HTTP Response - default0.js (malware-cnc.rules)
 * 1:26785 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qrmon variant outbound connection (malware-cnc.rules)
 * 1:26792 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbula variant outbound connection (malware-cnc.rules)
 * 1:26793 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbula variant initial CNC contact (malware-cnc.rules)
 * 1:26809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor.Tomvode variant outbound connection (malware-cnc.rules)
 * 1:26811 <-> DISABLED <-> MALWARE-CNC XP Fake Antivirus Payment Page Request (malware-cnc.rules)
 * 1:26812 <-> DISABLED <-> MALWARE-CNC XP Fake Antivirus Check-in (malware-cnc.rules)
 * 1:26813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato CMS spambot check-in (malware-cnc.rules)
 * 1:26815 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.KitM variant outbound connection user-agent (malware-cnc.rules)
 * 1:26816 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.KitM variant outbound connection (malware-cnc.rules)
 * 1:26818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Zawat variant outbound connection (malware-cnc.rules)
 * 1:26819 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Datash variant outbound connection (malware-cnc.rules)
 * 1:26820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Datash variant outbound connection (malware-cnc.rules)
 * 1:26822 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules)
 * 1:26828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uperti variant outbound connection (malware-cnc.rules)
 * 1:26835 <-> DISABLED <-> MALWARE-CNC RDN Banker POST variant outbound connection (malware-cnc.rules)
 * 1:26836 <-> DISABLED <-> MALWARE-CNC RDN Banker Strange Google Traffic (malware-cnc.rules)
 * 1:26837 <-> DISABLED <-> MALWARE-CNC BitBot Idle C2 response (malware-cnc.rules)
 * 1:26840 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (malware-cnc.rules)
 * 1:26841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (malware-cnc.rules)
 * 1:26880 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zotob.E gc.exe download (malware-cnc.rules)
 * 1:26911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules)
 * 1:26912 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules)
 * 1:26923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:26924 <-> DISABLED <-> MALWARE-CNC Potential Gozi Trojan HTTP Header Structure (malware-cnc.rules)
 * 1:26930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules)
 * 1:26931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules)
 * 1:26932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules)
 * 1:26940 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TripleNine RAT beacon (malware-cnc.rules)
 * 1:26941 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PipCreat RAT dropper download (malware-cnc.rules)
 * 1:26942 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PipCreat RAT beacon (malware-cnc.rules)
 * 1:26943 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Post_Show RAT beacon (malware-cnc.rules)
 * 1:26944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Post_Show RAT beacon (malware-cnc.rules)
 * 1:26945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bisonal RAT beacon (malware-cnc.rules)
 * 1:26946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uptime RAT beacon (malware-cnc.rules)
 * 1:26952 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcim variant outbound connection (malware-cnc.rules)
 * 1:26954 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Talsab variant outbound connection (malware-cnc.rules)
 * 1:26955 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Talsab variant outbound connection (malware-cnc.rules)
 * 1:26965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Facebook Secure Cryptor C2 (malware-cnc.rules)
 * 1:26966 <-> DISABLED <-> MALWARE-CNC Win32/Autorun.JN variant outbound connection (malware-cnc.rules)
 * 1:26967 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:26968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi Data Theft POST Data (malware-cnc.rules)
 * 1:26969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi Trojan Data Theft POST URL (malware-cnc.rules)
 * 1:26970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pirminay variant outbound connection (malware-cnc.rules)
 * 1:26984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector Info Stealer Trojan variant outbound connection (malware-cnc.rules)
 * 1:26986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xenil variant outbound connection (malware-cnc.rules)
 * 1:26987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyvadextr variant outbound connection (malware-cnc.rules)
 * 1:26995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26997 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Morcut variant outbound connection (malware-cnc.rules)
 * 1:26998 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Morcut file download (malware-cnc.rules)
 * 1:26999 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chinoxy variant outbound connection (malware-cnc.rules)
 * 1:27000 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chinoxy variant outbound connection (malware-cnc.rules)
 * 1:27002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:27003 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:27007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:27008 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:27010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot payment .scr download (malware-cnc.rules)
 * 1:27012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant outbound connection (malware-cnc.rules)
 * 1:27013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant inbound connection (malware-cnc.rules)
 * 1:27014 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epipenwa variant outbound connection (malware-cnc.rules)
 * 1:27017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato variant inbound response connection (malware-cnc.rules)
 * 1:27021 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Layvam variant outbound connection (malware-cnc.rules)
 * 1:27022 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules)
 * 1:27023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules)
 * 1:27033 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Transhell variant outbound connection user-agent (malware-cnc.rules)
 * 1:27039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.OnlineGameHack variant outbound connection (malware-cnc.rules)
 * 1:27044 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string pb - Htbot (malware-cnc.rules)
 * 1:27045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker Download (malware-cnc.rules)
 * 1:27049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dokstormac variant outbound connection (malware-cnc.rules)
 * 1:27054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant outbound connection (malware-cnc.rules)
 * 1:27058 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.HackBack variant outbound connection (malware-cnc.rules)
 * 1:27093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules)
 * 1:27120 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:27169 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atezag variant outbound connection (malware-cnc.rules)
 * 1:27199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meredrop variant outbound connection GET Request (malware-cnc.rules)
 * 1:27200 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meredrop variant outbound connection POST Request (malware-cnc.rules)
 * 1:27201 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neurevt variant outbound connection (malware-cnc.rules)
 * 1:27248 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue - Mozi1la User-Agent (malware-cnc.rules)
 * 1:27252 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess 111-byte URL variant outbound connection (malware-cnc.rules)
 * 1:26696 <-> DISABLED <-> MALWARE-CNC Cbeplay Ransomware variant outbound connection - Abnormal HTTP Headers (malware-cnc.rules)
 * 1:27257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptic 7-byte URI Invalid Firefox Headers - no Accept-Language (malware-cnc.rules)
 * 1:27256 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik Drive-by Download Malware (malware-cnc.rules)
 * 1:27260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Java.Agent.NFK variant connection (malware-cnc.rules)
 * 1:27263 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - yahoonews (malware-cnc.rules)
 * 1:27533 <-> DISABLED <-> MALWARE-CNC Potential Win.Trojan.Kraziomel Download - 000.jpg (malware-cnc.rules)
 * 1:27551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorapu variant outbound connection (malware-cnc.rules)
 * 1:27558 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bezigate variant outbound connection (malware-cnc.rules)
 * 1:27567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix malicious download request (malware-cnc.rules)
 * 1:27577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:27596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redyms variant outbound connection (malware-cnc.rules)
 * 1:27599 <-> DISABLED <-> MALWARE-CNC Fort Disco Registration variant outbound connection (malware-cnc.rules)
 * 1:27600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nawpers variant connection (malware-cnc.rules)
 * 1:27629 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules)
 * 1:27630 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules)
 * 1:27631 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules)
 * 1:27633 <-> DISABLED <-> MALWARE-CNC Worm.Silly variant outbound connection (malware-cnc.rules)
 * 1:27636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Likseput variant connection (malware-cnc.rules)
 * 1:27637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syhcmd variant connection (malware-cnc.rules)
 * 1:27639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epipenwa variant connection (malware-cnc.rules)
 * 1:27640 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chekafe variant connection (malware-cnc.rules)
 * 1:27641 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meilat variant connection (malware-cnc.rules)
 * 1:27642 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downbot variant connection (malware-cnc.rules)
 * 1:27643 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Betabot variant connection (malware-cnc.rules)
 * 1:27644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Merong variant connection (malware-cnc.rules)
 * 1:27645 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Binjo variant outbound connection (malware-cnc.rules)
 * 1:27647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nelaja variant outbound connection (malware-cnc.rules)
 * 1:27648 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker.ZSL variant outbound connection (malware-cnc.rules)
 * 1:27649 <-> DISABLED <-> MALWARE-CNC Brazilian Banking Trojan data theft (malware-cnc.rules)
 * 1:27655 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Enchanim variant connection (malware-cnc.rules)
 * 1:27659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gapz variant connection (malware-cnc.rules)
 * 1:27660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reabfrus variant connection (malware-cnc.rules)
 * 1:27661 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reabfrus variant connection (malware-cnc.rules)
 * 1:27662 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Galfun variant outbound connection (malware-cnc.rules)
 * 1:27664 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules)
 * 1:27665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules)
 * 1:27670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.evf variant connection (malware-cnc.rules)
 * 1:27678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Goolelo variant connection (malware-cnc.rules)
 * 1:27679 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:27680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess variant outbound connection (malware-cnc.rules)
 * 1:27699 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tartober variant connection (malware-cnc.rules)
 * 1:27709 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string umbra (malware-cnc.rules)
 * 1:27710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string IExplore (malware-cnc.rules)
 * 1:27711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant outbound connection (malware-cnc.rules)
 * 1:27720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kolok variant connection (malware-cnc.rules)
 * 1:27726 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules)
 * 1:27727 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules)
 * 1:27728 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules)
 * 1:27737 <-> DISABLED <-> MALWARE-CNC DNS suspicious .c0m.li dns query (malware-cnc.rules)
 * 1:27746 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Hanthie variant outbound connection (malware-cnc.rules)
 * 1:27747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banechant outbound variant connection (malware-cnc.rules)
 * 1:27759 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Treizt variant connection (malware-cnc.rules)
 * 1:27774 <-> DISABLED <-> MALWARE-CNC RDN Banker Data Exfiltration (malware-cnc.rules)
 * 1:27775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:27802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PRISM variant outbound connection (malware-cnc.rules)
 * 1:27803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PRISM variant outbound connection (malware-cnc.rules)
 * 1:27805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bisonha variant outbound connection (malware-cnc.rules)
 * 1:27806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retruse variant connection (malware-cnc.rules)
 * 1:27811 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mindweq variant connection (malware-cnc.rules)
 * 1:27817 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenavt connection (malware-cnc.rules)
 * 1:27864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinowal variant connection (malware-cnc.rules)
 * 1:27867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper outbound connection (malware-cnc.rules)
 * 1:27868 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - dt12012 (malware-cnc.rules)
 * 1:27905 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helauto variant connection (malware-cnc.rules)
 * 1:27918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:27919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus encrypted POST Data exfiltration (malware-cnc.rules)
 * 1:27939 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Galock variant connection (malware-cnc.rules)
 * 1:27955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mevade variant outbound connection (malware-cnc.rules)
 * 1:27963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lolbot variant outbound connection (malware-cnc.rules)
 * 1:27964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules)
 * 1:27965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eupuds variant connection (malware-cnc.rules)
 * 1:27966 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:27968 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:27969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Updays variant connection (malware-cnc.rules)
 * 1:27970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus dropper variant connection (malware-cnc.rules)
 * 1:27980 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /botnet/adduser.php?uid= (malware-cnc.rules)
 * 1:27981 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /botnet/tasks.php?uid= (malware-cnc.rules)
 * 1:28005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz outbound command (malware-cnc.rules)
 * 1:28007 <-> DISABLED <-> MALWARE-CNC BLYPT installer startupkey outbound traffic (malware-cnc.rules)
 * 1:28008 <-> DISABLED <-> MALWARE-CNC BLYPT installer reuse outbound traffic (malware-cnc.rules)
 * 1:28009 <-> DISABLED <-> MALWARE-CNC BLYPT installer configkey outbound traffic (malware-cnc.rules)
 * 1:28010 <-> DISABLED <-> MALWARE-CNC BLYPT installer tserror outbound traffic (malware-cnc.rules)
 * 1:28011 <-> DISABLED <-> MALWARE-CNC BLYPT installer createproc outbound traffic (malware-cnc.rules)
 * 1:28012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:28033 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Urausy variant outbound connection (malware-cnc.rules)
 * 1:28040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules)
 * 1:28042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Caphaw variant outbound connection (malware-cnc.rules)
 * 1:28044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker variant connection (malware-cnc.rules)
 * 1:28045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBKrypt variant connection (malware-cnc.rules)
 * 1:28072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Omexo outbound connection (malware-cnc.rules)
 * 1:28073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32.Kimsuky variant file stealing (malware-cnc.rules)
 * 1:28074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ADKR connection (malware-cnc.rules)
 * 1:28075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.gzfw connection (malware-cnc.rules)
 * 1:28079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar variant outbound connection (malware-cnc.rules)
 * 1:28080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar data theft (malware-cnc.rules)
 * 1:28084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant connection (malware-cnc.rules)
 * 1:28094 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Liteol variant connection (malware-cnc.rules)
 * 1:28095 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Liteol variant connection (malware-cnc.rules)
 * 1:28096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spynet variant connection (malware-cnc.rules)
 * 1:26201 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lobparck variant outbound connection (malware-cnc.rules)
 * 1:26202 <-> DISABLED <-> MALWARE-CNC VBS.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gupd variant outbound connection (malware-cnc.rules)
 * 1:26204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malex variant outbound connection (malware-cnc.rules)
 * 1:26211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eldorado variant outbound connection (malware-cnc.rules)
 * 1:26238 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Snopexy variant outbound connection (malware-cnc.rules)
 * 1:26239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stehlox variant outbound connection (malware-cnc.rules)
 * 1:26240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vkeikooc variant outbound connection (malware-cnc.rules)
 * 1:26244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Troll variant outbound connection (malware-cnc.rules)
 * 1:26245 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:26248 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent cibabam (malware-cnc.rules)
 * 1:26249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Sonide variant outbound connection (malware-cnc.rules)
 * 1:26260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Vectmp variant outbound connection (malware-cnc.rules)
 * 1:26266 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26267 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Surok variant outbound connection (malware-cnc.rules)
 * 1:25551 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dipasik variant outbound connection (malware-cnc.rules)
 * 1:26285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Garveep variant outbound connection (malware-cnc.rules)
 * 1:26288 <-> DISABLED <-> MALWARE-CNC Brontok Worm variant outbound connection (malware-cnc.rules)
 * 1:26289 <-> DISABLED <-> MALWARE-CNC Daws Trojan Outbound Plaintext over SSL Port (malware-cnc.rules)
 * 1:26319 <-> DISABLED <-> MALWARE-CNC file path used as User-Agent - potential Trojan (malware-cnc.rules)
 * 1:26325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules)
 * 1:26327 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Flashfake variant outbound connection (malware-cnc.rules)
 * 1:26331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qhost variant outbound connection (malware-cnc.rules)
 * 1:26335 <-> DISABLED <-> MALWARE-CNC FBI Ransom Trojan variant outbound connection (malware-cnc.rules)
 * 1:26370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - ksa.txt (malware-cnc.rules)
 * 1:26371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - op POST (malware-cnc.rules)
 * 1:26398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue variant outbound connection (malware-cnc.rules)
 * 1:26428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:26444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26445 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler variant outbound connection (malware-cnc.rules)
 * 1:26448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakesig variant outbound connection (malware-cnc.rules)
 * 1:26449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules)
 * 1:26463 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linog.A variant outbound connection (malware-cnc.rules)
 * 1:26464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linog.A variant outbound connection (malware-cnc.rules)
 * 1:26467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Magic variant inbound connection (malware-cnc.rules)
 * 1:26480 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot fake PNG config file download without User-Agent (malware-cnc.rules)
 * 1:26482 <-> DISABLED <-> MALWARE-CNC Unknown Thinner Encrypted POST botnet C&C (malware-cnc.rules)
 * 1:26522 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent NOKIAN95/WEB (malware-cnc.rules)
 * 1:26533 <-> DISABLED <-> MALWARE-CNC Unknown malware - Incorrect headers - Referer HTTP/1.0 (malware-cnc.rules)
 * 1:26558 <-> DISABLED <-> MALWARE-CNC User-Agent known Malicious user agent Brutus AET (malware-cnc.rules)
 * 1:26560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - getcomando POST data (malware-cnc.rules)
 * 1:26561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:26563 <-> DISABLED <-> MALWARE-CNC Harakit botnet traffic (malware-cnc.rules)
 * 1:26576 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules)
 * 1:26577 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent Opera 10 (malware-cnc.rules)
 * 1:26578 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy/FakeAV Checkin with IE6 User-Agent (malware-cnc.rules)
 * 1:26579 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy/FakeAV Checkin with IE6 User-Agent (malware-cnc.rules)
 * 1:26604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bydra variant outbound connection (malware-cnc.rules)
 * 1:26605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bydra variant outbound connection (malware-cnc.rules)
 * 1:26606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sosork variant outbound connection (malware-cnc.rules)
 * 1:26607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korlia variant outbound connection (malware-cnc.rules)
 * 1:26608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rocra variant outbound connection (malware-cnc.rules)
 * 1:26609 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Dockster variant outbound connection (malware-cnc.rules)
 * 1:26613 <-> DISABLED <-> MALWARE-CNC Medfos Trojan variant outbound connection (malware-cnc.rules)
 * 1:26656 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Travnet Botnet data upload (malware-cnc.rules)
 * 1:26657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz variant outbound connection (malware-cnc.rules)
 * 1:26677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules)
 * 1:26678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules)
 * 1:26679 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules)
 * 1:26680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules)
 * 1:26681 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules)
 * 1:26683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shyape variant outbound connection (malware-cnc.rules)
 * 1:26684 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neshax variant outbound connection (malware-cnc.rules)
 * 1:26685 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string J13A (malware-cnc.rules)
 * 1:26686 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alina (malware-cnc.rules)
 * 1:26690 <-> DISABLED <-> MALWARE-CNC Miniduke server contact (malware-cnc.rules)
 * 1:26691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UFRStealer variant outbound connection (malware-cnc.rules)
 * 1:26692 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyremoav variant outbound connection (malware-cnc.rules)
 * 1:26695 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Namihno variant outbound request (malware-cnc.rules)
 * 1:28097 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ohlat variant connection (malware-cnc.rules)
 * 1:28859 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent z00sAgent - Win.Trojan.Zbot (malware-cnc.rules)
 * 1:28860 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Nitedrem (malware-cnc.rules)
 * 1:28861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Roxfora variant outbound connection (malware-cnc.rules)
 * 1:28864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tofsee variant outbound connection (malware-cnc.rules)
 * 1:28886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules)
 * 1:28914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Anony variant connection (malware-cnc.rules)
 * 1:28918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant network connectivity check (malware-cnc.rules)
 * 1:28919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant network connectivity check (malware-cnc.rules)
 * 1:28930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeav variant outbound data connection (malware-cnc.rules)
 * 1:28940 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix malicious download (malware-cnc.rules)
 * 1:28947 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tapaoux variant connection (malware-cnc.rules)
 * 1:28948 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishlog variant outbound connection (malware-cnc.rules)
 * 1:28949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishlog variant outbound connection (malware-cnc.rules)
 * 1:28958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jussuc variant outbound connection (malware-cnc.rules)
 * 1:28960 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alurewo outbound connection (malware-cnc.rules)
 * 1:48157 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules)

2020-10-08 13:28:31 UTC

Snort Subscriber Rules Update

Date: 2020-10-08

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:55930 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9774504-0 download attempt (malware-other.rules)
 * 1:55929 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9774504-0 download attempt (malware-other.rules)
 * 1:55931 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant outbound connection attempt (malware-cnc.rules)
 * 1:55932 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic malicious RemoteConstructor deserialization attempt (server-other.rules)
 * 1:55933 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic malicious RemoteConstructor deserialization attempt (server-other.rules)

Modified Rules:


 * 1:28405 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:28418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Dtcontx outbound connection (malware-cnc.rules)
 * 1:28816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Siluhdur variant outbound connection (malware-cnc.rules)
 * 1:28606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Surtr variant connection (malware-cnc.rules)
 * 1:28565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sluegot variant connection (malware-cnc.rules)
 * 1:28815 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi/Neverquest variant outbound connection (malware-cnc.rules)
 * 1:28559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules)
 * 1:28463 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AllAple Variant ICMP flood (malware-cnc.rules)
 * 1:28323 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:28805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Palevo outbound connection (malware-cnc.rules)
 * 1:28528 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (malware-cnc.rules)
 * 1:28724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent outbound connection (malware-cnc.rules)
 * 1:28143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos outbound connection (malware-cnc.rules)
 * 1:28560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plugx FTP keepalive outbound connection (malware-cnc.rules)
 * 1:28807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules)
 * 1:28211 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules)
 * 1:28123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /setup.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28328 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Hupigon variant outbound connection (malware-cnc.rules)
 * 1:28599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Lesirt variant outbound connection (malware-cnc.rules)
 * 1:28411 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner variant outbound connection (malware-cnc.rules)
 * 1:28554 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /online.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28166 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bifrose variant connection (malware-cnc.rules)
 * 1:28153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - /html2/ (malware-cnc.rules)
 * 1:28122 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /index.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28146 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Salgorea variant connection (malware-cnc.rules)
 * 1:28803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector inbound connection (malware-cnc.rules)
 * 1:28607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:28125 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant connection (malware-cnc.rules)
 * 1:28118 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /login.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant connection (malware-cnc.rules)
 * 1:28553 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /main.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tuxido outbound connection (malware-cnc.rules)
 * 1:28529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (malware-cnc.rules)
 * 1:28604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kasnam variant connection (malware-cnc.rules)
 * 1:28809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil inbound connection (malware-cnc.rules)
 * 1:28538 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox/Kuluoz variant connection (malware-cnc.rules)
 * 1:28562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sidopa variant outbound connection (malware-cnc.rules)
 * 1:28250 <-> DISABLED <-> MALWARE-CNC Security Cleaner Pro Install Confirmation (malware-cnc.rules)
 * 1:28212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bitsto variant connection (malware-cnc.rules)
 * 1:28810 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection - MSIE7 No Referer No Cookie (malware-cnc.rules)
 * 1:28542 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules)
 * 1:28155 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - MSIE 7.2 (malware-cnc.rules)
 * 1:28417 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Molgomsg variant outbound connection (malware-cnc.rules)
 * 1:28558 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string getURLdown (malware-cnc.rules)
 * 1:28285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.hdog connectivity check-in version 2 (malware-cnc.rules)
 * 1:28107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload download (malware-cnc.rules)
 * 1:28563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pkdesco variant outbound connection (malware-cnc.rules)
 * 1:28033 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Urausy variant outbound connection (malware-cnc.rules)
 * 1:28254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perl.Shellbot variant outbound connection (malware-cnc.rules)
 * 1:28148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mevade variant outbound connection (malware-cnc.rules)
 * 1:28116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /home.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /search.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28410 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner variant outbound connection (malware-cnc.rules)
 * 1:28121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /welcome.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:28486 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Codiltak variant outbound connection (malware-cnc.rules)
 * 1:28192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz Potential Phishing URL (malware-cnc.rules)
 * 1:28326 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zuza variant outbound connection (malware-cnc.rules)
 * 1:28485 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Khalog variant outbound connection (malware-cnc.rules)
 * 1:28446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant SQL check-in (malware-cnc.rules)
 * 1:28415 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:28858 <-> DISABLED <-> MALWARE-CNC Adwind UNRECOM connnection back to cnc server (malware-cnc.rules)
 * 1:28860 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Nitedrem (malware-cnc.rules)
 * 1:28799 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mxtcycle variant outbound connection (malware-cnc.rules)
 * 1:28373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mutopy variant outbound connection (malware-cnc.rules)
 * 1:25628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant connect to cnc-server (malware-cnc.rules)
 * 1:28856 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yowdab variant connection (malware-cnc.rules)
 * 1:28853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dipverdle variant outbound connection (malware-cnc.rules)
 * 1:28852 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules)
 * 1:28605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kasnam variant connection (malware-cnc.rules)
 * 1:28115 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /file.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules)
 * 1:28042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Caphaw variant outbound connection (malware-cnc.rules)
 * 1:28044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker variant connection (malware-cnc.rules)
 * 1:28045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBKrypt variant connection (malware-cnc.rules)
 * 1:28072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Omexo outbound connection (malware-cnc.rules)
 * 1:28073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32.Kimsuky variant file stealing (malware-cnc.rules)
 * 1:28074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ADKR connection (malware-cnc.rules)
 * 1:28075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.gzfw connection (malware-cnc.rules)
 * 1:28079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar variant outbound connection (malware-cnc.rules)
 * 1:28080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar data theft (malware-cnc.rules)
 * 1:28084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant connection (malware-cnc.rules)
 * 1:28094 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Liteol variant connection (malware-cnc.rules)
 * 1:28095 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Liteol variant connection (malware-cnc.rules)
 * 1:28096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spynet variant connection (malware-cnc.rules)
 * 1:28859 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent z00sAgent - Win.Trojan.Zbot (malware-cnc.rules)
 * 1:28209 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules)
 * 1:28362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string SUiCiDE/1.5 (malware-cnc.rules)
 * 1:28234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hdslogger outbound connection (malware-cnc.rules)
 * 1:28814 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi/Neverquest variant outbound connection (malware-cnc.rules)
 * 1:28548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.chfx variant outbound connection (malware-cnc.rules)
 * 1:28216 <-> DISABLED <-> MALWARE-CNC known malware FTP login (malware-cnc.rules)
 * 1:28813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ufraie variant outbound connection (malware-cnc.rules)
 * 1:28541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess Download Headers (malware-cnc.rules)
 * 1:28366 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Venik variant outbound connection (malware-cnc.rules)
 * 1:28561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plugx outbound connection (malware-cnc.rules)
 * 1:28105 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:28564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pkdesco variant outbound connection (malware-cnc.rules)
 * 1:28325 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zuza variant outbound connection (malware-cnc.rules)
 * 1:28444 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CBgate variant outbound connection (malware-cnc.rules)
 * 1:28864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tofsee variant outbound connection (malware-cnc.rules)
 * 1:28886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules)
 * 1:28914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Anony variant connection (malware-cnc.rules)
 * 1:28918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant network connectivity check (malware-cnc.rules)
 * 1:28919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant network connectivity check (malware-cnc.rules)
 * 1:28930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeav variant outbound data connection (malware-cnc.rules)
 * 1:28940 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix malicious download (malware-cnc.rules)
 * 1:28947 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tapaoux variant connection (malware-cnc.rules)
 * 1:28948 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishlog variant outbound connection (malware-cnc.rules)
 * 1:28949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishlog variant outbound connection (malware-cnc.rules)
 * 1:28958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jussuc variant outbound connection (malware-cnc.rules)
 * 1:28960 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alurewo outbound connection (malware-cnc.rules)
 * 1:48157 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules)
 * 1:25547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules)
 * 1:25551 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dipasik variant outbound connection (malware-cnc.rules)
 * 1:25553 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (malware-cnc.rules)
 * 1:25570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medialabs variant outbound connection (malware-cnc.rules)
 * 1:25571 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medialabs variant outbound connection (malware-cnc.rules)
 * 1:25572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut variant outbound connection (malware-cnc.rules)
 * 1:25577 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Necurs possible URI with encrypted POST (malware-cnc.rules)
 * 1:25599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gupboot variant outbound connection (malware-cnc.rules)
 * 1:25600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dilavtor variant outbound connection (malware-cnc.rules)
 * 1:25609 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:25610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mofsmall variant outbound connection (malware-cnc.rules)
 * 1:25623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jimpime variant outbound connection (malware-cnc.rules)
 * 1:25625 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Daws variant outbound connection (malware-cnc.rules)
 * 1:25626 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:26260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Vectmp variant outbound connection (malware-cnc.rules)
 * 1:25652 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptic variant outbound connection (malware-cnc.rules)
 * 1:25660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules)
 * 1:25661 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules)
 * 1:25662 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chowspy variant outbound connection (malware-cnc.rules)
 * 1:25663 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rimod variant outbound connection (malware-cnc.rules)
 * 1:25665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sycomder variant outbound connection (malware-cnc.rules)
 * 1:25666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25667 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nflog variant outbound connection (malware-cnc.rules)
 * 1:25668 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nflog variant outbound connection (malware-cnc.rules)
 * 1:25669 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Selasloot variant outbound connection (malware-cnc.rules)
 * 1:25671 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25672 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound connection (malware-cnc.rules)
 * 1:25673 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.QQDragon variant outbound connection (malware-cnc.rules)
 * 1:25674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shimwoc variant outbound connection (malware-cnc.rules)
 * 1:25675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeavlock variant outbound connection (malware-cnc.rules)
 * 1:25765 <-> DISABLED <-> MALWARE-CNC Trojan Agent YEH variant outbound connection (malware-cnc.rules)
 * 1:25766 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:25807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Urausy Botnet variant outbound connection (malware-cnc.rules)
 * 1:25829 <-> DISABLED <-> MALWARE-CNC Trojan Banker FTC variant outbound connection (malware-cnc.rules)
 * 1:25854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection - MSIE7 No Referer No Cookie (malware-cnc.rules)
 * 1:25863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.QBundle variant outbound connection (malware-cnc.rules)
 * 1:25865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boolflot variant outbound connection (malware-cnc.rules)
 * 1:25974 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lukprofin variant outbound connection (malware-cnc.rules)
 * 1:25979 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lukprofin variant outbound connection (malware-cnc.rules)
 * 1:25980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pass (malware-cnc.rules)
 * 1:25987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upof variant outbound connection (malware-cnc.rules)
 * 1:25990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (malware-cnc.rules)
 * 1:25991 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (malware-cnc.rules)
 * 1:25992 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules)
 * 1:25993 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules)
 * 1:25994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reswor variant outbound connection (malware-cnc.rules)
 * 1:26010 <-> DISABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules)
 * 1:26011 <-> DISABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules)
 * 1:26019 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bredo variant outbound connection (malware-cnc.rules)
 * 1:26023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant in.php outbound connection (malware-cnc.rules)
 * 1:28230 <-> DISABLED <-> MALWARE-CNC Boot.Bootroot Variant data upload (malware-cnc.rules)
 * 1:28800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (malware-cnc.rules)
 * 1:28419 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tesch variant outbound connection (malware-cnc.rules)
 * 1:25632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Golisy variant outbound connection (malware-cnc.rules)
 * 1:26249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Sonide variant outbound connection (malware-cnc.rules)
 * 1:26072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locati variant outbound connection (malware-cnc.rules)
 * 1:26075 <-> DISABLED <-> MALWARE-CNC Bancos variant outbound connection SQL query POST data (malware-cnc.rules)
 * 1:26086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Exicon variant outbound connection (malware-cnc.rules)
 * 1:26088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Encriyoko variant outbound connection (malware-cnc.rules)
 * 1:26106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:26115 <-> DISABLED <-> MALWARE-CNC NSIS.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26116 <-> DISABLED <-> MALWARE-CNC NSIS.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarctox variant outbound connection (malware-cnc.rules)
 * 1:26118 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26201 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lobparck variant outbound connection (malware-cnc.rules)
 * 1:26202 <-> DISABLED <-> MALWARE-CNC VBS.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gupd variant outbound connection (malware-cnc.rules)
 * 1:26204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malex variant outbound connection (malware-cnc.rules)
 * 1:26211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eldorado variant outbound connection (malware-cnc.rules)
 * 1:26238 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Snopexy variant outbound connection (malware-cnc.rules)
 * 1:26239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stehlox variant outbound connection (malware-cnc.rules)
 * 1:26240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vkeikooc variant outbound connection (malware-cnc.rules)
 * 1:26244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Troll variant outbound connection (malware-cnc.rules)
 * 1:26245 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:26248 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent cibabam (malware-cnc.rules)
 * 1:27647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nelaja variant outbound connection (malware-cnc.rules)
 * 1:26024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wecod variant outbound connection (malware-cnc.rules)
 * 1:26266 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26267 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Surok variant outbound connection (malware-cnc.rules)
 * 1:26285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Garveep variant outbound connection (malware-cnc.rules)
 * 1:26288 <-> DISABLED <-> MALWARE-CNC Brontok Worm variant outbound connection (malware-cnc.rules)
 * 1:26289 <-> DISABLED <-> MALWARE-CNC Daws Trojan Outbound Plaintext over SSL Port (malware-cnc.rules)
 * 1:26319 <-> DISABLED <-> MALWARE-CNC file path used as User-Agent - potential Trojan (malware-cnc.rules)
 * 1:26325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules)
 * 1:26327 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Flashfake variant outbound connection (malware-cnc.rules)
 * 1:26331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qhost variant outbound connection (malware-cnc.rules)
 * 1:26335 <-> DISABLED <-> MALWARE-CNC FBI Ransom Trojan variant outbound connection (malware-cnc.rules)
 * 1:26370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - ksa.txt (malware-cnc.rules)
 * 1:26371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - op POST (malware-cnc.rules)
 * 1:26398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue variant outbound connection (malware-cnc.rules)
 * 1:26428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:26444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26445 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler variant outbound connection (malware-cnc.rules)
 * 1:26448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakesig variant outbound connection (malware-cnc.rules)
 * 1:26449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules)
 * 1:26463 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linog.A variant outbound connection (malware-cnc.rules)
 * 1:26464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linog.A variant outbound connection (malware-cnc.rules)
 * 1:26467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Magic variant inbound connection (malware-cnc.rules)
 * 1:26480 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot fake PNG config file download without User-Agent (malware-cnc.rules)
 * 1:26482 <-> DISABLED <-> MALWARE-CNC Unknown Thinner Encrypted POST botnet C&C (malware-cnc.rules)
 * 1:26522 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent NOKIAN95/WEB (malware-cnc.rules)
 * 1:26533 <-> DISABLED <-> MALWARE-CNC Unknown malware - Incorrect headers - Referer HTTP/1.0 (malware-cnc.rules)
 * 1:26558 <-> DISABLED <-> MALWARE-CNC User-Agent known Malicious user agent Brutus AET (malware-cnc.rules)
 * 1:26560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - getcomando POST data (malware-cnc.rules)
 * 1:26561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:26563 <-> DISABLED <-> MALWARE-CNC Harakit botnet traffic (malware-cnc.rules)
 * 1:26576 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules)
 * 1:26577 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent Opera 10 (malware-cnc.rules)
 * 1:26578 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy/FakeAV Checkin with IE6 User-Agent (malware-cnc.rules)
 * 1:26579 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy/FakeAV Checkin with IE6 User-Agent (malware-cnc.rules)
 * 1:26604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bydra variant outbound connection (malware-cnc.rules)
 * 1:26605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bydra variant outbound connection (malware-cnc.rules)
 * 1:26606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sosork variant outbound connection (malware-cnc.rules)
 * 1:26607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korlia variant outbound connection (malware-cnc.rules)
 * 1:26608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rocra variant outbound connection (malware-cnc.rules)
 * 1:26609 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Dockster variant outbound connection (malware-cnc.rules)
 * 1:26613 <-> DISABLED <-> MALWARE-CNC Medfos Trojan variant outbound connection (malware-cnc.rules)
 * 1:26656 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Travnet Botnet data upload (malware-cnc.rules)
 * 1:26657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz variant outbound connection (malware-cnc.rules)
 * 1:26677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules)
 * 1:26678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules)
 * 1:26679 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules)
 * 1:26680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules)
 * 1:26681 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules)
 * 1:26683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shyape variant outbound connection (malware-cnc.rules)
 * 1:26684 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neshax variant outbound connection (malware-cnc.rules)
 * 1:26685 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string J13A (malware-cnc.rules)
 * 1:26686 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alina (malware-cnc.rules)
 * 1:26690 <-> DISABLED <-> MALWARE-CNC Miniduke server contact (malware-cnc.rules)
 * 1:26691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UFRStealer variant outbound connection (malware-cnc.rules)
 * 1:26692 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyremoav variant outbound connection (malware-cnc.rules)
 * 1:26695 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Namihno variant outbound request (malware-cnc.rules)
 * 1:26696 <-> DISABLED <-> MALWARE-CNC Cbeplay Ransomware variant outbound connection - Abnormal HTTP Headers (malware-cnc.rules)
 * 1:26697 <-> DISABLED <-> MALWARE-CNC Cbeplay Ransomware variant outbound connection - POST Body (malware-cnc.rules)
 * 1:26702 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win (malware-cnc.rules)
 * 1:26703 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upero variant outbound connection (malware-cnc.rules)
 * 1:26712 <-> DISABLED <-> MALWARE-CNC Kazy Trojan check-in (malware-cnc.rules)
 * 1:26713 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 1 outbound traffic (malware-cnc.rules)
 * 1:26714 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 2 outbound traffic (malware-cnc.rules)
 * 1:26715 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 3 outbound traffic (malware-cnc.rules)
 * 1:26719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules)
 * 1:26720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules)
 * 1:26721 <-> DISABLED <-> MALWARE-CNC Pushdo Spiral Traffic (malware-cnc.rules)
 * 1:26722 <-> DISABLED <-> MALWARE-CNC Bancos fake JPG encrypted config file download (malware-cnc.rules)
 * 1:26723 <-> DISABLED <-> MALWARE-CNC Trojan Downloader7 (malware-cnc.rules)
 * 1:26725 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc http command (malware-cnc.rules)
 * 1:26726 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc stop command (malware-cnc.rules)
 * 1:26727 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc die command (malware-cnc.rules)
 * 1:26728 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc sleep command (malware-cnc.rules)
 * 1:26729 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc simple command (malware-cnc.rules)
 * 1:26730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc loginpost command (malware-cnc.rules)
 * 1:26731 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc datapost command (malware-cnc.rules)
 * 1:26732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc syn command (malware-cnc.rules)
 * 1:26733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udp command (malware-cnc.rules)
 * 1:26734 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udpdata command (malware-cnc.rules)
 * 1:26735 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc data command (malware-cnc.rules)
 * 1:26736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc icmp command (malware-cnc.rules)
 * 1:26737 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc tcpdata command (malware-cnc.rules)
 * 1:26738 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dataget command (malware-cnc.rules)
 * 1:26739 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc connect command (malware-cnc.rules)
 * 1:26740 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dns command (malware-cnc.rules)
 * 1:26741 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc exec command (malware-cnc.rules)
 * 1:26742 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc resolve command (malware-cnc.rules)
 * 1:26743 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc antiddos command (malware-cnc.rules)
 * 1:26744 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc range command (malware-cnc.rules)
 * 1:26745 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc ftp command (malware-cnc.rules)
 * 1:26746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc download command (malware-cnc.rules)
 * 1:26747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc fastddos command (malware-cnc.rules)
 * 1:26751 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - msctls_progress32 (malware-cnc.rules)
 * 1:28012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:28861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Roxfora variant outbound connection (malware-cnc.rules)
 * 1:26748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc slowhttp command (malware-cnc.rules)
 * 1:26750 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc full command (malware-cnc.rules)
 * 1:26756 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Datcaen variant outbound connection (malware-cnc.rules)
 * 1:26757 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Datcaen variant outbound connection (malware-cnc.rules)
 * 1:26758 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elefin variant outbound connection (malware-cnc.rules)
 * 1:26763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:26770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:26771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:26774 <-> DISABLED <-> MALWARE-CNC Win.Worm.Luder variant outbound connection (malware-cnc.rules)
 * 1:26775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker variant outbound connection HTTP Header Structure (malware-cnc.rules)
 * 1:26776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker variant outbound connection POST (malware-cnc.rules)
 * 1:26777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:26779 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex encrypted POST check-in (malware-cnc.rules)
 * 1:26780 <-> DISABLED <-> MALWARE-CNC cridex HTTP Response - default0.js (malware-cnc.rules)
 * 1:26785 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qrmon variant outbound connection (malware-cnc.rules)
 * 1:26792 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbula variant outbound connection (malware-cnc.rules)
 * 1:26793 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbula variant initial CNC contact (malware-cnc.rules)
 * 1:26809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor.Tomvode variant outbound connection (malware-cnc.rules)
 * 1:26811 <-> DISABLED <-> MALWARE-CNC XP Fake Antivirus Payment Page Request (malware-cnc.rules)
 * 1:26812 <-> DISABLED <-> MALWARE-CNC XP Fake Antivirus Check-in (malware-cnc.rules)
 * 1:26813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato CMS spambot check-in (malware-cnc.rules)
 * 1:26815 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.KitM variant outbound connection user-agent (malware-cnc.rules)
 * 1:26816 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.KitM variant outbound connection (malware-cnc.rules)
 * 1:26818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Zawat variant outbound connection (malware-cnc.rules)
 * 1:26819 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Datash variant outbound connection (malware-cnc.rules)
 * 1:26820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Datash variant outbound connection (malware-cnc.rules)
 * 1:26822 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules)
 * 1:26828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uperti variant outbound connection (malware-cnc.rules)
 * 1:26835 <-> DISABLED <-> MALWARE-CNC RDN Banker POST variant outbound connection (malware-cnc.rules)
 * 1:26836 <-> DISABLED <-> MALWARE-CNC RDN Banker Strange Google Traffic (malware-cnc.rules)
 * 1:26837 <-> DISABLED <-> MALWARE-CNC BitBot Idle C2 response (malware-cnc.rules)
 * 1:26840 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (malware-cnc.rules)
 * 1:26841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (malware-cnc.rules)
 * 1:26880 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zotob.E gc.exe download (malware-cnc.rules)
 * 1:26911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules)
 * 1:26912 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules)
 * 1:26923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:26924 <-> DISABLED <-> MALWARE-CNC Potential Gozi Trojan HTTP Header Structure (malware-cnc.rules)
 * 1:26930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules)
 * 1:26931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules)
 * 1:26932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules)
 * 1:26940 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TripleNine RAT beacon (malware-cnc.rules)
 * 1:26941 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PipCreat RAT dropper download (malware-cnc.rules)
 * 1:26942 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PipCreat RAT beacon (malware-cnc.rules)
 * 1:26943 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Post_Show RAT beacon (malware-cnc.rules)
 * 1:26944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Post_Show RAT beacon (malware-cnc.rules)
 * 1:26945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bisonal RAT beacon (malware-cnc.rules)
 * 1:26946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uptime RAT beacon (malware-cnc.rules)
 * 1:26952 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcim variant outbound connection (malware-cnc.rules)
 * 1:26954 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Talsab variant outbound connection (malware-cnc.rules)
 * 1:26955 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Talsab variant outbound connection (malware-cnc.rules)
 * 1:26965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Facebook Secure Cryptor C2 (malware-cnc.rules)
 * 1:26966 <-> DISABLED <-> MALWARE-CNC Win32/Autorun.JN variant outbound connection (malware-cnc.rules)
 * 1:26967 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:26968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi Data Theft POST Data (malware-cnc.rules)
 * 1:26969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi Trojan Data Theft POST URL (malware-cnc.rules)
 * 1:26970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pirminay variant outbound connection (malware-cnc.rules)
 * 1:26984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector Info Stealer Trojan variant outbound connection (malware-cnc.rules)
 * 1:26986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xenil variant outbound connection (malware-cnc.rules)
 * 1:26987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyvadextr variant outbound connection (malware-cnc.rules)
 * 1:26995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26997 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Morcut variant outbound connection (malware-cnc.rules)
 * 1:26998 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Morcut file download (malware-cnc.rules)
 * 1:26999 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chinoxy variant outbound connection (malware-cnc.rules)
 * 1:27000 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chinoxy variant outbound connection (malware-cnc.rules)
 * 1:27002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:27003 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:27007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:27008 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:27010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot payment .scr download (malware-cnc.rules)
 * 1:27012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant outbound connection (malware-cnc.rules)
 * 1:27013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant inbound connection (malware-cnc.rules)
 * 1:27014 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epipenwa variant outbound connection (malware-cnc.rules)
 * 1:27017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato variant inbound response connection (malware-cnc.rules)
 * 1:27021 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Layvam variant outbound connection (malware-cnc.rules)
 * 1:27022 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules)
 * 1:27023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules)
 * 1:27033 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Transhell variant outbound connection user-agent (malware-cnc.rules)
 * 1:27039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.OnlineGameHack variant outbound connection (malware-cnc.rules)
 * 1:27044 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string pb - Htbot (malware-cnc.rules)
 * 1:27045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker Download (malware-cnc.rules)
 * 1:27049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dokstormac variant outbound connection (malware-cnc.rules)
 * 1:27054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant outbound connection (malware-cnc.rules)
 * 1:27058 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.HackBack variant outbound connection (malware-cnc.rules)
 * 1:27093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules)
 * 1:27120 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:27169 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atezag variant outbound connection (malware-cnc.rules)
 * 1:27199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meredrop variant outbound connection GET Request (malware-cnc.rules)
 * 1:27200 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meredrop variant outbound connection POST Request (malware-cnc.rules)
 * 1:27201 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neurevt variant outbound connection (malware-cnc.rules)
 * 1:27248 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue - Mozi1la User-Agent (malware-cnc.rules)
 * 1:27252 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess 111-byte URL variant outbound connection (malware-cnc.rules)
 * 1:27256 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik Drive-by Download Malware (malware-cnc.rules)
 * 1:27257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptic 7-byte URI Invalid Firefox Headers - no Accept-Language (malware-cnc.rules)
 * 1:27260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Java.Agent.NFK variant connection (malware-cnc.rules)
 * 1:27263 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - yahoonews (malware-cnc.rules)
 * 1:28406 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:26749 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc allhttp command (malware-cnc.rules)
 * 1:27551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorapu variant outbound connection (malware-cnc.rules)
 * 1:27558 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bezigate variant outbound connection (malware-cnc.rules)
 * 1:27567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix malicious download request (malware-cnc.rules)
 * 1:27577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:27596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redyms variant outbound connection (malware-cnc.rules)
 * 1:27599 <-> DISABLED <-> MALWARE-CNC Fort Disco Registration variant outbound connection (malware-cnc.rules)
 * 1:27600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nawpers variant connection (malware-cnc.rules)
 * 1:27629 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules)
 * 1:27630 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules)
 * 1:27631 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules)
 * 1:27633 <-> DISABLED <-> MALWARE-CNC Worm.Silly variant outbound connection (malware-cnc.rules)
 * 1:27636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Likseput variant connection (malware-cnc.rules)
 * 1:27637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syhcmd variant connection (malware-cnc.rules)
 * 1:27639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epipenwa variant connection (malware-cnc.rules)
 * 1:27640 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chekafe variant connection (malware-cnc.rules)
 * 1:27641 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meilat variant connection (malware-cnc.rules)
 * 1:27642 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downbot variant connection (malware-cnc.rules)
 * 1:27643 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Betabot variant connection (malware-cnc.rules)
 * 1:27644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Merong variant connection (malware-cnc.rules)
 * 1:27645 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Binjo variant outbound connection (malware-cnc.rules)
 * 1:27648 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker.ZSL variant outbound connection (malware-cnc.rules)
 * 1:27649 <-> DISABLED <-> MALWARE-CNC Brazilian Banking Trojan data theft (malware-cnc.rules)
 * 1:27655 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Enchanim variant connection (malware-cnc.rules)
 * 1:27659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gapz variant connection (malware-cnc.rules)
 * 1:27660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reabfrus variant connection (malware-cnc.rules)
 * 1:27661 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reabfrus variant connection (malware-cnc.rules)
 * 1:27662 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Galfun variant outbound connection (malware-cnc.rules)
 * 1:27664 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules)
 * 1:27665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules)
 * 1:27670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.evf variant connection (malware-cnc.rules)
 * 1:27678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Goolelo variant connection (malware-cnc.rules)
 * 1:27679 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:27680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess variant outbound connection (malware-cnc.rules)
 * 1:27699 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tartober variant connection (malware-cnc.rules)
 * 1:27709 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string umbra (malware-cnc.rules)
 * 1:27710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string IExplore (malware-cnc.rules)
 * 1:27711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant outbound connection (malware-cnc.rules)
 * 1:27720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kolok variant connection (malware-cnc.rules)
 * 1:27726 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules)
 * 1:27727 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules)
 * 1:27728 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules)
 * 1:27737 <-> DISABLED <-> MALWARE-CNC DNS suspicious .c0m.li dns query (malware-cnc.rules)
 * 1:27746 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Hanthie variant outbound connection (malware-cnc.rules)
 * 1:27747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banechant outbound variant connection (malware-cnc.rules)
 * 1:27759 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Treizt variant connection (malware-cnc.rules)
 * 1:27774 <-> DISABLED <-> MALWARE-CNC RDN Banker Data Exfiltration (malware-cnc.rules)
 * 1:27775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:27802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PRISM variant outbound connection (malware-cnc.rules)
 * 1:27803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PRISM variant outbound connection (malware-cnc.rules)
 * 1:27805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bisonha variant outbound connection (malware-cnc.rules)
 * 1:27806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retruse variant connection (malware-cnc.rules)
 * 1:27811 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mindweq variant connection (malware-cnc.rules)
 * 1:27817 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenavt connection (malware-cnc.rules)
 * 1:27864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinowal variant connection (malware-cnc.rules)
 * 1:27867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper outbound connection (malware-cnc.rules)
 * 1:27868 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - dt12012 (malware-cnc.rules)
 * 1:27905 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helauto variant connection (malware-cnc.rules)
 * 1:27918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:27919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus encrypted POST Data exfiltration (malware-cnc.rules)
 * 1:27939 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Galock variant connection (malware-cnc.rules)
 * 1:27955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mevade variant outbound connection (malware-cnc.rules)
 * 1:27963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lolbot variant outbound connection (malware-cnc.rules)
 * 1:27964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules)
 * 1:27965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eupuds variant connection (malware-cnc.rules)
 * 1:27966 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:27968 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:27969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Updays variant connection (malware-cnc.rules)
 * 1:27970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus dropper variant connection (malware-cnc.rules)
 * 1:27980 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /botnet/adduser.php?uid= (malware-cnc.rules)
 * 1:27981 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /botnet/tasks.php?uid= (malware-cnc.rules)
 * 1:28005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz outbound command (malware-cnc.rules)
 * 1:28007 <-> DISABLED <-> MALWARE-CNC BLYPT installer startupkey outbound traffic (malware-cnc.rules)
 * 1:28008 <-> DISABLED <-> MALWARE-CNC BLYPT installer reuse outbound traffic (malware-cnc.rules)
 * 1:28009 <-> DISABLED <-> MALWARE-CNC BLYPT installer configkey outbound traffic (malware-cnc.rules)
 * 1:28010 <-> DISABLED <-> MALWARE-CNC BLYPT installer tserror outbound traffic (malware-cnc.rules)
 * 1:27533 <-> DISABLED <-> MALWARE-CNC Potential Win.Trojan.Kraziomel Download - 000.jpg (malware-cnc.rules)
 * 1:28011 <-> DISABLED <-> MALWARE-CNC BLYPT installer createproc outbound traffic (malware-cnc.rules)
 * 1:28097 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ohlat variant connection (malware-cnc.rules)
 * 1:28117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /install.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28857 <-> DISABLED <-> MALWARE-CNC Adwind UNRECOM connnection back to cnc server (malware-cnc.rules)
 * 1:28106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload information upload (malware-cnc.rules)
 * 1:28804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector outbound connection (malware-cnc.rules)
 * 1:28147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules)
 * 1:28802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos outbound connection (malware-cnc.rules)
 * 1:28543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules)
 * 1:28114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /default.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28808 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Ptiger variant outbound connection (malware-cnc.rules)
 * 1:28120 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /start.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28210 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules)
 * 1:28399 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Tsunami outbound connection (malware-cnc.rules)
 * 1:28820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:28300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant connection (malware-cnc.rules)
 * 1:28242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KanKan variant connection (malware-cnc.rules)
 * 1:28244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phrovon outbound connection (malware-cnc.rules)
 * 1:28255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz Potential phishing URL (malware-cnc.rules)
 * 1:28247 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules)
 * 1:28484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delpbank variant outbound connection (malware-cnc.rules)
 * 1:28144 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32.Wpbrutebot variant connection (malware-cnc.rules)
 * 1:28416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker outbound connection (malware-cnc.rules)
 * 1:28551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NXI ftp username connection (malware-cnc.rules)
 * 1:28154 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - MSIE 7.1 (malware-cnc.rules)
 * 1:28141 <-> DISABLED <-> MALWARE-CNC Win.Trojan.banker outbound connection (malware-cnc.rules)

2020-10-08 13:28:31 UTC

Snort Subscriber Rules Update

Date: 2020-10-08

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:55931 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant outbound connection attempt (malware-cnc.rules)
 * 1:55933 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic malicious RemoteConstructor deserialization attempt (server-other.rules)
 * 1:55929 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9774504-0 download attempt (malware-other.rules)
 * 1:55930 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9774504-0 download attempt (malware-other.rules)
 * 1:55932 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic malicious RemoteConstructor deserialization attempt (server-other.rules)

Modified Rules:


 * 1:28094 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Liteol variant connection (malware-cnc.rules)
 * 1:28084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant connection (malware-cnc.rules)
 * 1:28074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ADKR connection (malware-cnc.rules)
 * 1:28853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dipverdle variant outbound connection (malware-cnc.rules)
 * 1:25979 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lukprofin variant outbound connection (malware-cnc.rules)
 * 1:28073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32.Kimsuky variant file stealing (malware-cnc.rules)
 * 1:28075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.gzfw connection (malware-cnc.rules)
 * 1:28042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Caphaw variant outbound connection (malware-cnc.rules)
 * 1:28010 <-> DISABLED <-> MALWARE-CNC BLYPT installer tserror outbound traffic (malware-cnc.rules)
 * 1:28011 <-> DISABLED <-> MALWARE-CNC BLYPT installer createproc outbound traffic (malware-cnc.rules)
 * 1:28033 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Urausy variant outbound connection (malware-cnc.rules)
 * 1:28080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar data theft (malware-cnc.rules)
 * 1:28096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spynet variant connection (malware-cnc.rules)
 * 1:28009 <-> DISABLED <-> MALWARE-CNC BLYPT installer configkey outbound traffic (malware-cnc.rules)
 * 1:28005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz outbound command (malware-cnc.rules)
 * 1:25980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pass (malware-cnc.rules)
 * 1:28820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:28856 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yowdab variant connection (malware-cnc.rules)
 * 1:28463 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AllAple Variant ICMP flood (malware-cnc.rules)
 * 1:28114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /default.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:48157 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules)
 * 1:28886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules)
 * 1:28958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jussuc variant outbound connection (malware-cnc.rules)
 * 1:28362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string SUiCiDE/1.5 (malware-cnc.rules)
 * 1:28366 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Venik variant outbound connection (malware-cnc.rules)
 * 1:28807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules)
 * 1:28563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pkdesco variant outbound connection (malware-cnc.rules)
 * 1:28326 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zuza variant outbound connection (malware-cnc.rules)
 * 1:28947 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tapaoux variant connection (malware-cnc.rules)
 * 1:28551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NXI ftp username connection (malware-cnc.rules)
 * 1:28141 <-> DISABLED <-> MALWARE-CNC Win.Trojan.banker outbound connection (malware-cnc.rules)
 * 1:28254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perl.Shellbot variant outbound connection (malware-cnc.rules)
 * 1:28864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tofsee variant outbound connection (malware-cnc.rules)
 * 1:28919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant network connectivity check (malware-cnc.rules)
 * 1:28558 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string getURLdown (malware-cnc.rules)
 * 1:28116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /home.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28007 <-> DISABLED <-> MALWARE-CNC BLYPT installer startupkey outbound traffic (malware-cnc.rules)
 * 1:28040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules)
 * 1:28115 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /file.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28852 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules)
 * 1:28120 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /start.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Omexo outbound connection (malware-cnc.rules)
 * 1:26740 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dns command (malware-cnc.rules)
 * 1:28117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /install.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess Download Headers (malware-cnc.rules)
 * 1:28802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos outbound connection (malware-cnc.rules)
 * 1:28808 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Ptiger variant outbound connection (malware-cnc.rules)
 * 1:28604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kasnam variant connection (malware-cnc.rules)
 * 1:28244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phrovon outbound connection (malware-cnc.rules)
 * 1:28809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil inbound connection (malware-cnc.rules)
 * 1:28800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (malware-cnc.rules)
 * 1:28411 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner variant outbound connection (malware-cnc.rules)
 * 1:28328 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Hupigon variant outbound connection (malware-cnc.rules)
 * 1:28373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mutopy variant outbound connection (malware-cnc.rules)
 * 1:28212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bitsto variant connection (malware-cnc.rules)
 * 1:28564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pkdesco variant outbound connection (malware-cnc.rules)
 * 1:28813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ufraie variant outbound connection (malware-cnc.rules)
 * 1:28565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sluegot variant connection (malware-cnc.rules)
 * 1:28148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mevade variant outbound connection (malware-cnc.rules)
 * 1:28405 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:28559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules)
 * 1:28325 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zuza variant outbound connection (malware-cnc.rules)
 * 1:28814 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi/Neverquest variant outbound connection (malware-cnc.rules)
 * 1:28300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant connection (malware-cnc.rules)
 * 1:28724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent outbound connection (malware-cnc.rules)
 * 1:28542 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules)
 * 1:28166 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bifrose variant connection (malware-cnc.rules)
 * 1:28211 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules)
 * 1:28529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (malware-cnc.rules)
 * 1:28118 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /login.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28154 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - MSIE 7.1 (malware-cnc.rules)
 * 1:28547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:28418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Dtcontx outbound connection (malware-cnc.rules)
 * 1:28239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tuxido outbound connection (malware-cnc.rules)
 * 1:28399 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Tsunami outbound connection (malware-cnc.rules)
 * 1:28121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /welcome.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28486 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Codiltak variant outbound connection (malware-cnc.rules)
 * 1:28548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.chfx variant outbound connection (malware-cnc.rules)
 * 1:28553 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /main.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Surtr variant connection (malware-cnc.rules)
 * 1:28444 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CBgate variant outbound connection (malware-cnc.rules)
 * 1:28543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules)
 * 1:28209 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules)
 * 1:28105 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:28561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plugx outbound connection (malware-cnc.rules)
 * 1:28799 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mxtcycle variant outbound connection (malware-cnc.rules)
 * 1:28406 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:28134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant connection (malware-cnc.rules)
 * 1:28860 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Nitedrem (malware-cnc.rules)
 * 1:28079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar variant outbound connection (malware-cnc.rules)
 * 1:27200 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meredrop variant outbound connection POST Request (malware-cnc.rules)
 * 1:28147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules)
 * 1:28095 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Liteol variant connection (malware-cnc.rules)
 * 1:28816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Siluhdur variant outbound connection (malware-cnc.rules)
 * 1:28805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Palevo outbound connection (malware-cnc.rules)
 * 1:28416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker outbound connection (malware-cnc.rules)
 * 1:28861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Roxfora variant outbound connection (malware-cnc.rules)
 * 1:28949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishlog variant outbound connection (malware-cnc.rules)
 * 1:28960 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alurewo outbound connection (malware-cnc.rules)
 * 1:28918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant network connectivity check (malware-cnc.rules)
 * 1:28562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sidopa variant outbound connection (malware-cnc.rules)
 * 1:28144 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32.Wpbrutebot variant connection (malware-cnc.rules)
 * 1:28948 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishlog variant outbound connection (malware-cnc.rules)
 * 1:28940 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix malicious download (malware-cnc.rules)
 * 1:28859 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent z00sAgent - Win.Trojan.Zbot (malware-cnc.rules)
 * 1:28914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Anony variant connection (malware-cnc.rules)
 * 1:28930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeav variant outbound data connection (malware-cnc.rules)
 * 1:28485 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Khalog variant outbound connection (malware-cnc.rules)
 * 1:26741 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc exec command (malware-cnc.rules)
 * 1:27637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syhcmd variant connection (malware-cnc.rules)
 * 1:25991 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (malware-cnc.rules)
 * 1:25990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (malware-cnc.rules)
 * 1:25570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medialabs variant outbound connection (malware-cnc.rules)
 * 1:25571 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medialabs variant outbound connection (malware-cnc.rules)
 * 1:25572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut variant outbound connection (malware-cnc.rules)
 * 1:25577 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Necurs possible URI with encrypted POST (malware-cnc.rules)
 * 1:25599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gupboot variant outbound connection (malware-cnc.rules)
 * 1:25600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dilavtor variant outbound connection (malware-cnc.rules)
 * 1:25609 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:25610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mofsmall variant outbound connection (malware-cnc.rules)
 * 1:25623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jimpime variant outbound connection (malware-cnc.rules)
 * 1:25625 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Daws variant outbound connection (malware-cnc.rules)
 * 1:25626 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:25628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant connect to cnc-server (malware-cnc.rules)
 * 1:25632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Golisy variant outbound connection (malware-cnc.rules)
 * 1:25652 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptic variant outbound connection (malware-cnc.rules)
 * 1:25660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules)
 * 1:25661 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules)
 * 1:25662 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chowspy variant outbound connection (malware-cnc.rules)
 * 1:25663 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rimod variant outbound connection (malware-cnc.rules)
 * 1:25665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sycomder variant outbound connection (malware-cnc.rules)
 * 1:25666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25667 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nflog variant outbound connection (malware-cnc.rules)
 * 1:25668 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nflog variant outbound connection (malware-cnc.rules)
 * 1:25669 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Selasloot variant outbound connection (malware-cnc.rules)
 * 1:25671 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25672 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound connection (malware-cnc.rules)
 * 1:25673 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.QQDragon variant outbound connection (malware-cnc.rules)
 * 1:25674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shimwoc variant outbound connection (malware-cnc.rules)
 * 1:25675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeavlock variant outbound connection (malware-cnc.rules)
 * 1:25765 <-> DISABLED <-> MALWARE-CNC Trojan Agent YEH variant outbound connection (malware-cnc.rules)
 * 1:25766 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:25807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Urausy Botnet variant outbound connection (malware-cnc.rules)
 * 1:25829 <-> DISABLED <-> MALWARE-CNC Trojan Banker FTC variant outbound connection (malware-cnc.rules)
 * 1:25854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection - MSIE7 No Referer No Cookie (malware-cnc.rules)
 * 1:25863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.QBundle variant outbound connection (malware-cnc.rules)
 * 1:25865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boolflot variant outbound connection (malware-cnc.rules)
 * 1:25974 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26202 <-> DISABLED <-> MALWARE-CNC VBS.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malex variant outbound connection (malware-cnc.rules)
 * 1:25992 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules)
 * 1:25993 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules)
 * 1:25994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reswor variant outbound connection (malware-cnc.rules)
 * 1:26010 <-> DISABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules)
 * 1:26011 <-> DISABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules)
 * 1:26019 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bredo variant outbound connection (malware-cnc.rules)
 * 1:26023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant in.php outbound connection (malware-cnc.rules)
 * 1:26024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wecod variant outbound connection (malware-cnc.rules)
 * 1:26072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locati variant outbound connection (malware-cnc.rules)
 * 1:26075 <-> DISABLED <-> MALWARE-CNC Bancos variant outbound connection SQL query POST data (malware-cnc.rules)
 * 1:26086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Exicon variant outbound connection (malware-cnc.rules)
 * 1:26088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Encriyoko variant outbound connection (malware-cnc.rules)
 * 1:26106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:26115 <-> DISABLED <-> MALWARE-CNC NSIS.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26116 <-> DISABLED <-> MALWARE-CNC NSIS.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarctox variant outbound connection (malware-cnc.rules)
 * 1:26118 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26201 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lobparck variant outbound connection (malware-cnc.rules)
 * 1:25551 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dipasik variant outbound connection (malware-cnc.rules)
 * 1:27970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus dropper variant connection (malware-cnc.rules)
 * 1:27248 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue - Mozi1la User-Agent (malware-cnc.rules)
 * 1:27252 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess 111-byte URL variant outbound connection (malware-cnc.rules)
 * 1:27256 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik Drive-by Download Malware (malware-cnc.rules)
 * 1:27257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptic 7-byte URI Invalid Firefox Headers - no Accept-Language (malware-cnc.rules)
 * 1:27260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Java.Agent.NFK variant connection (malware-cnc.rules)
 * 1:27263 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - yahoonews (malware-cnc.rules)
 * 1:27533 <-> DISABLED <-> MALWARE-CNC Potential Win.Trojan.Kraziomel Download - 000.jpg (malware-cnc.rules)
 * 1:27551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorapu variant outbound connection (malware-cnc.rules)
 * 1:27558 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bezigate variant outbound connection (malware-cnc.rules)
 * 1:27567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix malicious download request (malware-cnc.rules)
 * 1:27577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:27596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redyms variant outbound connection (malware-cnc.rules)
 * 1:27599 <-> DISABLED <-> MALWARE-CNC Fort Disco Registration variant outbound connection (malware-cnc.rules)
 * 1:27600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nawpers variant connection (malware-cnc.rules)
 * 1:27629 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules)
 * 1:27630 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules)
 * 1:27631 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules)
 * 1:27633 <-> DISABLED <-> MALWARE-CNC Worm.Silly variant outbound connection (malware-cnc.rules)
 * 1:27636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Likseput variant connection (malware-cnc.rules)
 * 1:26203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gupd variant outbound connection (malware-cnc.rules)
 * 1:27639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epipenwa variant connection (malware-cnc.rules)
 * 1:27640 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chekafe variant connection (malware-cnc.rules)
 * 1:27641 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meilat variant connection (malware-cnc.rules)
 * 1:27642 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downbot variant connection (malware-cnc.rules)
 * 1:27643 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Betabot variant connection (malware-cnc.rules)
 * 1:27644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Merong variant connection (malware-cnc.rules)
 * 1:27645 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Binjo variant outbound connection (malware-cnc.rules)
 * 1:27647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nelaja variant outbound connection (malware-cnc.rules)
 * 1:27648 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker.ZSL variant outbound connection (malware-cnc.rules)
 * 1:27649 <-> DISABLED <-> MALWARE-CNC Brazilian Banking Trojan data theft (malware-cnc.rules)
 * 1:27655 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Enchanim variant connection (malware-cnc.rules)
 * 1:27659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gapz variant connection (malware-cnc.rules)
 * 1:27660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reabfrus variant connection (malware-cnc.rules)
 * 1:27661 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reabfrus variant connection (malware-cnc.rules)
 * 1:27662 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Galfun variant outbound connection (malware-cnc.rules)
 * 1:27664 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules)
 * 1:27665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules)
 * 1:27670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.evf variant connection (malware-cnc.rules)
 * 1:27678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Goolelo variant connection (malware-cnc.rules)
 * 1:27679 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:27680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess variant outbound connection (malware-cnc.rules)
 * 1:27699 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tartober variant connection (malware-cnc.rules)
 * 1:27709 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string umbra (malware-cnc.rules)
 * 1:27710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string IExplore (malware-cnc.rules)
 * 1:27711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant outbound connection (malware-cnc.rules)
 * 1:27720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kolok variant connection (malware-cnc.rules)
 * 1:27726 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules)
 * 1:27727 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules)
 * 1:27728 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules)
 * 1:27737 <-> DISABLED <-> MALWARE-CNC DNS suspicious .c0m.li dns query (malware-cnc.rules)
 * 1:27746 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Hanthie variant outbound connection (malware-cnc.rules)
 * 1:27747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banechant outbound variant connection (malware-cnc.rules)
 * 1:27759 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Treizt variant connection (malware-cnc.rules)
 * 1:27774 <-> DISABLED <-> MALWARE-CNC RDN Banker Data Exfiltration (malware-cnc.rules)
 * 1:27775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:27802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PRISM variant outbound connection (malware-cnc.rules)
 * 1:27803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PRISM variant outbound connection (malware-cnc.rules)
 * 1:27805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bisonha variant outbound connection (malware-cnc.rules)
 * 1:27806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retruse variant connection (malware-cnc.rules)
 * 1:27811 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mindweq variant connection (malware-cnc.rules)
 * 1:27817 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenavt connection (malware-cnc.rules)
 * 1:27864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinowal variant connection (malware-cnc.rules)
 * 1:27867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper outbound connection (malware-cnc.rules)
 * 1:27868 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - dt12012 (malware-cnc.rules)
 * 1:27905 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helauto variant connection (malware-cnc.rules)
 * 1:27918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:27919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus encrypted POST Data exfiltration (malware-cnc.rules)
 * 1:27939 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Galock variant connection (malware-cnc.rules)
 * 1:27955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mevade variant outbound connection (malware-cnc.rules)
 * 1:27963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lolbot variant outbound connection (malware-cnc.rules)
 * 1:27964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules)
 * 1:27965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eupuds variant connection (malware-cnc.rules)
 * 1:27966 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:27968 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:27969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Updays variant connection (malware-cnc.rules)
 * 1:28143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos outbound connection (malware-cnc.rules)
 * 1:27199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meredrop variant outbound connection GET Request (malware-cnc.rules)
 * 1:28097 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ohlat variant connection (malware-cnc.rules)
 * 1:28857 <-> DISABLED <-> MALWARE-CNC Adwind UNRECOM connnection back to cnc server (malware-cnc.rules)
 * 1:28106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload information upload (malware-cnc.rules)
 * 1:28484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delpbank variant outbound connection (malware-cnc.rules)
 * 1:28538 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox/Kuluoz variant connection (malware-cnc.rules)
 * 1:28528 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (malware-cnc.rules)
 * 1:28242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KanKan variant connection (malware-cnc.rules)
 * 1:28125 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant connection (malware-cnc.rules)
 * 1:28417 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Molgomsg variant outbound connection (malware-cnc.rules)
 * 1:28250 <-> DISABLED <-> MALWARE-CNC Security Cleaner Pro Install Confirmation (malware-cnc.rules)
 * 1:28323 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:28554 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /online.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /search.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hdslogger outbound connection (malware-cnc.rules)
 * 1:28560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plugx FTP keepalive outbound connection (malware-cnc.rules)
 * 1:28122 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /index.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant SQL check-in (malware-cnc.rules)
 * 1:28247 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules)
 * 1:28858 <-> DISABLED <-> MALWARE-CNC Adwind UNRECOM connnection back to cnc server (malware-cnc.rules)
 * 1:28012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:28045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBKrypt variant connection (malware-cnc.rules)
 * 1:28044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker variant connection (malware-cnc.rules)
 * 1:25987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upof variant outbound connection (malware-cnc.rules)
 * 1:28155 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - MSIE 7.2 (malware-cnc.rules)
 * 1:28008 <-> DISABLED <-> MALWARE-CNC BLYPT installer reuse outbound traffic (malware-cnc.rules)
 * 1:28815 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi/Neverquest variant outbound connection (malware-cnc.rules)
 * 1:28153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - /html2/ (malware-cnc.rules)
 * 1:28255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz Potential phishing URL (malware-cnc.rules)
 * 1:28192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz Potential Phishing URL (malware-cnc.rules)
 * 1:28419 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tesch variant outbound connection (malware-cnc.rules)
 * 1:28146 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Salgorea variant connection (malware-cnc.rules)
 * 1:28210 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules)
 * 1:28230 <-> DISABLED <-> MALWARE-CNC Boot.Bootroot Variant data upload (malware-cnc.rules)
 * 1:28605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kasnam variant connection (malware-cnc.rules)
 * 1:28123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /setup.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28810 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection - MSIE7 No Referer No Cookie (malware-cnc.rules)
 * 1:28607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:28804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector outbound connection (malware-cnc.rules)
 * 1:28415 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:27981 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /botnet/tasks.php?uid= (malware-cnc.rules)
 * 1:28216 <-> DISABLED <-> MALWARE-CNC known malware FTP login (malware-cnc.rules)
 * 1:28107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload download (malware-cnc.rules)
 * 1:28803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector inbound connection (malware-cnc.rules)
 * 1:28599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Lesirt variant outbound connection (malware-cnc.rules)
 * 1:28285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.hdog connectivity check-in version 2 (malware-cnc.rules)
 * 1:28410 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner variant outbound connection (malware-cnc.rules)
 * 1:27980 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /botnet/adduser.php?uid= (malware-cnc.rules)
 * 1:26742 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc resolve command (malware-cnc.rules)
 * 1:25547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules)
 * 1:25978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lukprofin variant outbound connection (malware-cnc.rules)
 * 1:25553 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (malware-cnc.rules)
 * 1:26211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eldorado variant outbound connection (malware-cnc.rules)
 * 1:26238 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Snopexy variant outbound connection (malware-cnc.rules)
 * 1:26239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stehlox variant outbound connection (malware-cnc.rules)
 * 1:26240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vkeikooc variant outbound connection (malware-cnc.rules)
 * 1:26244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Troll variant outbound connection (malware-cnc.rules)
 * 1:26245 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:26248 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent cibabam (malware-cnc.rules)
 * 1:26249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Sonide variant outbound connection (malware-cnc.rules)
 * 1:26260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Vectmp variant outbound connection (malware-cnc.rules)
 * 1:26266 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26267 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Surok variant outbound connection (malware-cnc.rules)
 * 1:26285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Garveep variant outbound connection (malware-cnc.rules)
 * 1:26288 <-> DISABLED <-> MALWARE-CNC Brontok Worm variant outbound connection (malware-cnc.rules)
 * 1:26289 <-> DISABLED <-> MALWARE-CNC Daws Trojan Outbound Plaintext over SSL Port (malware-cnc.rules)
 * 1:26319 <-> DISABLED <-> MALWARE-CNC file path used as User-Agent - potential Trojan (malware-cnc.rules)
 * 1:26325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules)
 * 1:26327 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Flashfake variant outbound connection (malware-cnc.rules)
 * 1:26331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qhost variant outbound connection (malware-cnc.rules)
 * 1:26335 <-> DISABLED <-> MALWARE-CNC FBI Ransom Trojan variant outbound connection (malware-cnc.rules)
 * 1:26370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - ksa.txt (malware-cnc.rules)
 * 1:26371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - op POST (malware-cnc.rules)
 * 1:26398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue variant outbound connection (malware-cnc.rules)
 * 1:26428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:26444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26445 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler variant outbound connection (malware-cnc.rules)
 * 1:26448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakesig variant outbound connection (malware-cnc.rules)
 * 1:26449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules)
 * 1:26463 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linog.A variant outbound connection (malware-cnc.rules)
 * 1:26464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linog.A variant outbound connection (malware-cnc.rules)
 * 1:26467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Magic variant inbound connection (malware-cnc.rules)
 * 1:26480 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot fake PNG config file download without User-Agent (malware-cnc.rules)
 * 1:26482 <-> DISABLED <-> MALWARE-CNC Unknown Thinner Encrypted POST botnet C&C (malware-cnc.rules)
 * 1:26522 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent NOKIAN95/WEB (malware-cnc.rules)
 * 1:26533 <-> DISABLED <-> MALWARE-CNC Unknown malware - Incorrect headers - Referer HTTP/1.0 (malware-cnc.rules)
 * 1:26558 <-> DISABLED <-> MALWARE-CNC User-Agent known Malicious user agent Brutus AET (malware-cnc.rules)
 * 1:26560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - getcomando POST data (malware-cnc.rules)
 * 1:26561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:26563 <-> DISABLED <-> MALWARE-CNC Harakit botnet traffic (malware-cnc.rules)
 * 1:26576 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules)
 * 1:26577 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent Opera 10 (malware-cnc.rules)
 * 1:26578 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy/FakeAV Checkin with IE6 User-Agent (malware-cnc.rules)
 * 1:26579 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy/FakeAV Checkin with IE6 User-Agent (malware-cnc.rules)
 * 1:26604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bydra variant outbound connection (malware-cnc.rules)
 * 1:26605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bydra variant outbound connection (malware-cnc.rules)
 * 1:26606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sosork variant outbound connection (malware-cnc.rules)
 * 1:26607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korlia variant outbound connection (malware-cnc.rules)
 * 1:26608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rocra variant outbound connection (malware-cnc.rules)
 * 1:26609 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Dockster variant outbound connection (malware-cnc.rules)
 * 1:26613 <-> DISABLED <-> MALWARE-CNC Medfos Trojan variant outbound connection (malware-cnc.rules)
 * 1:26656 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Travnet Botnet data upload (malware-cnc.rules)
 * 1:26657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz variant outbound connection (malware-cnc.rules)
 * 1:26677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules)
 * 1:26678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules)
 * 1:26679 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules)
 * 1:26680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules)
 * 1:26681 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules)
 * 1:26683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shyape variant outbound connection (malware-cnc.rules)
 * 1:26684 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neshax variant outbound connection (malware-cnc.rules)
 * 1:26685 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string J13A (malware-cnc.rules)
 * 1:26686 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alina (malware-cnc.rules)
 * 1:26690 <-> DISABLED <-> MALWARE-CNC Miniduke server contact (malware-cnc.rules)
 * 1:26691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UFRStealer variant outbound connection (malware-cnc.rules)
 * 1:26692 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyremoav variant outbound connection (malware-cnc.rules)
 * 1:26695 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Namihno variant outbound request (malware-cnc.rules)
 * 1:26696 <-> DISABLED <-> MALWARE-CNC Cbeplay Ransomware variant outbound connection - Abnormal HTTP Headers (malware-cnc.rules)
 * 1:26697 <-> DISABLED <-> MALWARE-CNC Cbeplay Ransomware variant outbound connection - POST Body (malware-cnc.rules)
 * 1:26702 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win (malware-cnc.rules)
 * 1:26703 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upero variant outbound connection (malware-cnc.rules)
 * 1:26712 <-> DISABLED <-> MALWARE-CNC Kazy Trojan check-in (malware-cnc.rules)
 * 1:26713 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 1 outbound traffic (malware-cnc.rules)
 * 1:26714 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 2 outbound traffic (malware-cnc.rules)
 * 1:26715 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 3 outbound traffic (malware-cnc.rules)
 * 1:26719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules)
 * 1:26720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules)
 * 1:26721 <-> DISABLED <-> MALWARE-CNC Pushdo Spiral Traffic (malware-cnc.rules)
 * 1:26722 <-> DISABLED <-> MALWARE-CNC Bancos fake JPG encrypted config file download (malware-cnc.rules)
 * 1:26723 <-> DISABLED <-> MALWARE-CNC Trojan Downloader7 (malware-cnc.rules)
 * 1:26725 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc http command (malware-cnc.rules)
 * 1:26726 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc stop command (malware-cnc.rules)
 * 1:26727 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc die command (malware-cnc.rules)
 * 1:26728 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc sleep command (malware-cnc.rules)
 * 1:26729 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc simple command (malware-cnc.rules)
 * 1:26730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc loginpost command (malware-cnc.rules)
 * 1:26731 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc datapost command (malware-cnc.rules)
 * 1:26732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc syn command (malware-cnc.rules)
 * 1:26733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udp command (malware-cnc.rules)
 * 1:26734 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udpdata command (malware-cnc.rules)
 * 1:26735 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc data command (malware-cnc.rules)
 * 1:26736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc icmp command (malware-cnc.rules)
 * 1:26737 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc tcpdata command (malware-cnc.rules)
 * 1:26738 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dataget command (malware-cnc.rules)
 * 1:26743 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc antiddos command (malware-cnc.rules)
 * 1:27201 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neurevt variant outbound connection (malware-cnc.rules)
 * 1:26739 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc connect command (malware-cnc.rules)
 * 1:26744 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc range command (malware-cnc.rules)
 * 1:26745 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc ftp command (malware-cnc.rules)
 * 1:26746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc download command (malware-cnc.rules)
 * 1:26747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc fastddos command (malware-cnc.rules)
 * 1:26748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc slowhttp command (malware-cnc.rules)
 * 1:26749 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc allhttp command (malware-cnc.rules)
 * 1:26750 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc full command (malware-cnc.rules)
 * 1:26751 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - msctls_progress32 (malware-cnc.rules)
 * 1:26756 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Datcaen variant outbound connection (malware-cnc.rules)
 * 1:26757 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Datcaen variant outbound connection (malware-cnc.rules)
 * 1:26758 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elefin variant outbound connection (malware-cnc.rules)
 * 1:26763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:26770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:26771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:26774 <-> DISABLED <-> MALWARE-CNC Win.Worm.Luder variant outbound connection (malware-cnc.rules)
 * 1:26775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker variant outbound connection HTTP Header Structure (malware-cnc.rules)
 * 1:26776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker variant outbound connection POST (malware-cnc.rules)
 * 1:26777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:26779 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex encrypted POST check-in (malware-cnc.rules)
 * 1:26780 <-> DISABLED <-> MALWARE-CNC cridex HTTP Response - default0.js (malware-cnc.rules)
 * 1:26785 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qrmon variant outbound connection (malware-cnc.rules)
 * 1:26792 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbula variant outbound connection (malware-cnc.rules)
 * 1:26793 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbula variant initial CNC contact (malware-cnc.rules)
 * 1:26809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor.Tomvode variant outbound connection (malware-cnc.rules)
 * 1:26811 <-> DISABLED <-> MALWARE-CNC XP Fake Antivirus Payment Page Request (malware-cnc.rules)
 * 1:26812 <-> DISABLED <-> MALWARE-CNC XP Fake Antivirus Check-in (malware-cnc.rules)
 * 1:26813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato CMS spambot check-in (malware-cnc.rules)
 * 1:26815 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.KitM variant outbound connection user-agent (malware-cnc.rules)
 * 1:26816 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.KitM variant outbound connection (malware-cnc.rules)
 * 1:26818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Zawat variant outbound connection (malware-cnc.rules)
 * 1:26819 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Datash variant outbound connection (malware-cnc.rules)
 * 1:26820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Datash variant outbound connection (malware-cnc.rules)
 * 1:26822 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules)
 * 1:26828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uperti variant outbound connection (malware-cnc.rules)
 * 1:26835 <-> DISABLED <-> MALWARE-CNC RDN Banker POST variant outbound connection (malware-cnc.rules)
 * 1:26836 <-> DISABLED <-> MALWARE-CNC RDN Banker Strange Google Traffic (malware-cnc.rules)
 * 1:26837 <-> DISABLED <-> MALWARE-CNC BitBot Idle C2 response (malware-cnc.rules)
 * 1:26840 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (malware-cnc.rules)
 * 1:26841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (malware-cnc.rules)
 * 1:26880 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zotob.E gc.exe download (malware-cnc.rules)
 * 1:26911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules)
 * 1:26912 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules)
 * 1:26923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:26924 <-> DISABLED <-> MALWARE-CNC Potential Gozi Trojan HTTP Header Structure (malware-cnc.rules)
 * 1:26930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules)
 * 1:26931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules)
 * 1:26932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules)
 * 1:26940 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TripleNine RAT beacon (malware-cnc.rules)
 * 1:26941 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PipCreat RAT dropper download (malware-cnc.rules)
 * 1:26942 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PipCreat RAT beacon (malware-cnc.rules)
 * 1:26943 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Post_Show RAT beacon (malware-cnc.rules)
 * 1:26944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Post_Show RAT beacon (malware-cnc.rules)
 * 1:26945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bisonal RAT beacon (malware-cnc.rules)
 * 1:26946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uptime RAT beacon (malware-cnc.rules)
 * 1:26952 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcim variant outbound connection (malware-cnc.rules)
 * 1:26954 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Talsab variant outbound connection (malware-cnc.rules)
 * 1:26955 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Talsab variant outbound connection (malware-cnc.rules)
 * 1:26965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Facebook Secure Cryptor C2 (malware-cnc.rules)
 * 1:26966 <-> DISABLED <-> MALWARE-CNC Win32/Autorun.JN variant outbound connection (malware-cnc.rules)
 * 1:26967 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:26968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi Data Theft POST Data (malware-cnc.rules)
 * 1:26969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi Trojan Data Theft POST URL (malware-cnc.rules)
 * 1:26970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pirminay variant outbound connection (malware-cnc.rules)
 * 1:26984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector Info Stealer Trojan variant outbound connection (malware-cnc.rules)
 * 1:26986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xenil variant outbound connection (malware-cnc.rules)
 * 1:26987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyvadextr variant outbound connection (malware-cnc.rules)
 * 1:26995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26997 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Morcut variant outbound connection (malware-cnc.rules)
 * 1:26998 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Morcut file download (malware-cnc.rules)
 * 1:26999 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chinoxy variant outbound connection (malware-cnc.rules)
 * 1:27000 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chinoxy variant outbound connection (malware-cnc.rules)
 * 1:27002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:27003 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:27007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:27008 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:27010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot payment .scr download (malware-cnc.rules)
 * 1:27012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant outbound connection (malware-cnc.rules)
 * 1:27013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant inbound connection (malware-cnc.rules)
 * 1:27014 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epipenwa variant outbound connection (malware-cnc.rules)
 * 1:27017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato variant inbound response connection (malware-cnc.rules)
 * 1:27021 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Layvam variant outbound connection (malware-cnc.rules)
 * 1:27022 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules)
 * 1:27023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules)
 * 1:27033 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Transhell variant outbound connection user-agent (malware-cnc.rules)
 * 1:27039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.OnlineGameHack variant outbound connection (malware-cnc.rules)
 * 1:27044 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string pb - Htbot (malware-cnc.rules)
 * 1:27045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker Download (malware-cnc.rules)
 * 1:27049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dokstormac variant outbound connection (malware-cnc.rules)
 * 1:27054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant outbound connection (malware-cnc.rules)
 * 1:27058 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.HackBack variant outbound connection (malware-cnc.rules)
 * 1:27093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules)
 * 1:27120 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:27169 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atezag variant outbound connection (malware-cnc.rules)

2020-10-08 13:28:31 UTC

Snort Subscriber Rules Update

Date: 2020-10-08

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:55931 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant outbound connection attempt (snort3-malware-cnc.rules)
 * 1:55933 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic malicious RemoteConstructor deserialization attempt (snort3-server-other.rules)
 * 1:55929 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9774504-0 download attempt (snort3-malware-other.rules)
 * 1:55932 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic malicious RemoteConstructor deserialization attempt (snort3-server-other.rules)
 * 1:55930 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9774504-0 download attempt (snort3-malware-other.rules)

Modified Rules:


 * 1:28115 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /file.htm GET Encrypted Payload (snort3-malware-cnc.rules)
 * 1:26733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udp command (snort3-malware-cnc.rules)
 * 1:26607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korlia variant outbound connection (snort3-malware-cnc.rules)
 * 1:26703 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upero variant outbound connection (snort3-malware-cnc.rules)
 * 1:26744 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc range command (snort3-malware-cnc.rules)
 * 1:26613 <-> DISABLED <-> MALWARE-CNC Medfos Trojan variant outbound connection (snort3-malware-cnc.rules)
 * 1:28211 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (snort3-malware-cnc.rules)
 * 1:28117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /install.htm GET Encrypted Payload (snort3-malware-cnc.rules)
 * 1:26737 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc tcpdata command (snort3-malware-cnc.rules)
 * 1:26720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:26723 <-> DISABLED <-> MALWARE-CNC Trojan Downloader7 (snort3-malware-cnc.rules)
 * 1:28097 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ohlat variant connection (snort3-malware-cnc.rules)
 * 1:26738 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dataget command (snort3-malware-cnc.rules)
 * 1:28123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /setup.htm GET Encrypted Payload (snort3-malware-cnc.rules)
 * 1:26609 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Dockster variant outbound connection (snort3-malware-cnc.rules)
 * 1:26730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc loginpost command (snort3-malware-cnc.rules)
 * 1:28417 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Molgomsg variant outbound connection (snort3-malware-cnc.rules)
 * 1:28125 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant connection (snort3-malware-cnc.rules)
 * 1:28230 <-> DISABLED <-> MALWARE-CNC Boot.Bootroot Variant data upload (snort3-malware-cnc.rules)
 * 1:28856 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yowdab variant connection (snort3-malware-cnc.rules)
 * 1:28859 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent z00sAgent - Win.Trojan.Zbot (snort3-malware-cnc.rules)
 * 1:28323 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (snort3-malware-cnc.rules)
 * 1:28860 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Nitedrem (snort3-malware-cnc.rules)
 * 1:26702 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win (snort3-malware-cnc.rules)
 * 1:28529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (snort3-malware-cnc.rules)
 * 1:28810 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection - MSIE7 No Referer No Cookie (snort3-malware-cnc.rules)
 * 1:28864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tofsee variant outbound connection (snort3-malware-cnc.rules)
 * 1:28861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Roxfora variant outbound connection (snort3-malware-cnc.rules)
 * 1:28547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (snort3-malware-cnc.rules)
 * 1:28554 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /online.htm GET Encrypted Payload (snort3-malware-cnc.rules)
 * 1:28399 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Tsunami outbound connection (snort3-malware-cnc.rules)
 * 1:28121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /welcome.htm GET Encrypted Payload (snort3-malware-cnc.rules)
 * 1:28415 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:28239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tuxido outbound connection (snort3-malware-cnc.rules)
 * 1:28486 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Codiltak variant outbound connection (snort3-malware-cnc.rules)
 * 1:28141 <-> DISABLED <-> MALWARE-CNC Win.Trojan.banker outbound connection (snort3-malware-cnc.rules)
 * 1:28724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent outbound connection (snort3-malware-cnc.rules)
 * 1:28606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Surtr variant connection (snort3-malware-cnc.rules)
 * 1:28250 <-> DISABLED <-> MALWARE-CNC Security Cleaner Pro Install Confirmation (snort3-malware-cnc.rules)
 * 1:28146 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Salgorea variant connection (snort3-malware-cnc.rules)
 * 1:28209 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (snort3-malware-cnc.rules)
 * 1:28444 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CBgate variant outbound connection (snort3-malware-cnc.rules)
 * 1:28418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Dtcontx outbound connection (snort3-malware-cnc.rules)
 * 1:28599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Lesirt variant outbound connection (snort3-malware-cnc.rules)
 * 1:28119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /search.htm GET Encrypted Payload (snort3-malware-cnc.rules)
 * 1:28799 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mxtcycle variant outbound connection (snort3-malware-cnc.rules)
 * 1:28561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plugx outbound connection (snort3-malware-cnc.rules)
 * 1:28410 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner variant outbound connection (snort3-malware-cnc.rules)
 * 1:28406 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (snort3-malware-cnc.rules)
 * 1:28247 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (snort3-malware-cnc.rules)
 * 1:28134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant connection (snort3-malware-cnc.rules)
 * 1:28362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string SUiCiDE/1.5 (snort3-malware-cnc.rules)
 * 1:28463 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AllAple Variant ICMP flood (snort3-malware-cnc.rules)
 * 1:28551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NXI ftp username connection (snort3-malware-cnc.rules)
 * 1:28528 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (snort3-malware-cnc.rules)
 * 1:28192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz Potential Phishing URL (snort3-malware-cnc.rules)
 * 1:28805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Palevo outbound connection (snort3-malware-cnc.rules)
 * 1:28144 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32.Wpbrutebot variant connection (snort3-malware-cnc.rules)
 * 1:28326 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zuza variant outbound connection (snort3-malware-cnc.rules)
 * 1:28116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /home.htm GET Encrypted Payload (snort3-malware-cnc.rules)
 * 1:28804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector outbound connection (snort3-malware-cnc.rules)
 * 1:28807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (snort3-malware-cnc.rules)
 * 1:28366 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Venik variant outbound connection (snort3-malware-cnc.rules)
 * 1:28802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos outbound connection (snort3-malware-cnc.rules)
 * 1:28808 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Ptiger variant outbound connection (snort3-malware-cnc.rules)
 * 1:28562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sidopa variant outbound connection (snort3-malware-cnc.rules)
 * 1:28558 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string getURLdown (snort3-malware-cnc.rules)
 * 1:28484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delpbank variant outbound connection (snort3-malware-cnc.rules)
 * 1:28815 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi/Neverquest variant outbound connection (snort3-malware-cnc.rules)
 * 1:28538 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox/Kuluoz variant connection (snort3-malware-cnc.rules)
 * 1:28604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kasnam variant connection (snort3-malware-cnc.rules)
 * 1:28166 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bifrose variant connection (snort3-malware-cnc.rules)
 * 1:28212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bitsto variant connection (snort3-malware-cnc.rules)
 * 1:28328 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Hupigon variant outbound connection (snort3-malware-cnc.rules)
 * 1:26692 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyremoav variant outbound connection (snort3-malware-cnc.rules)
 * 1:26691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UFRStealer variant outbound connection (snort3-malware-cnc.rules)
 * 1:26679 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (snort3-malware-cnc.rules)
 * 1:26734 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udpdata command (snort3-malware-cnc.rules)
 * 1:26681 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (snort3-malware-cnc.rules)
 * 1:26719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:26727 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc die command (snort3-malware-cnc.rules)
 * 1:26678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (snort3-malware-cnc.rules)
 * 1:28820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (snort3-malware-cnc.rules)
 * 1:26690 <-> DISABLED <-> MALWARE-CNC Miniduke server contact (snort3-malware-cnc.rules)
 * 1:26715 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 3 outbound traffic (snort3-malware-cnc.rules)
 * 1:26725 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc http command (snort3-malware-cnc.rules)
 * 1:26736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc icmp command (snort3-malware-cnc.rules)
 * 1:26680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (snort3-malware-cnc.rules)
 * 1:26695 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Namihno variant outbound request (snort3-malware-cnc.rules)
 * 1:26684 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neshax variant outbound connection (snort3-malware-cnc.rules)
 * 1:28853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dipverdle variant outbound connection (snort3-malware-cnc.rules)
 * 1:28886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (snort3-malware-cnc.rules)
 * 1:28405 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (snort3-malware-cnc.rules)
 * 1:28564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pkdesco variant outbound connection (snort3-malware-cnc.rules)
 * 1:28153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - /html2/ (snort3-malware-cnc.rules)
 * 1:26686 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alina (snort3-malware-cnc.rules)
 * 1:28852 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (snort3-malware-cnc.rules)
 * 1:28255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz Potential phishing URL (snort3-malware-cnc.rules)
 * 1:28560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plugx FTP keepalive outbound connection (snort3-malware-cnc.rules)
 * 1:28559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (snort3-malware-cnc.rules)
 * 1:28813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ufraie variant outbound connection (snort3-malware-cnc.rules)
 * 1:28154 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - MSIE 7.1 (snort3-malware-cnc.rules)
 * 1:28242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KanKan variant connection (snort3-malware-cnc.rules)
 * 1:28148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mevade variant outbound connection (snort3-malware-cnc.rules)
 * 1:28416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker outbound connection (snort3-malware-cnc.rules)
 * 1:28300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant connection (snort3-malware-cnc.rules)
 * 1:28605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kasnam variant connection (snort3-malware-cnc.rules)
 * 1:26696 <-> DISABLED <-> MALWARE-CNC Cbeplay Ransomware variant outbound connection - Abnormal HTTP Headers (snort3-malware-cnc.rules)
 * 1:26742 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc resolve command (snort3-malware-cnc.rules)
 * 1:26743 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc antiddos command (snort3-malware-cnc.rules)
 * 1:26712 <-> DISABLED <-> MALWARE-CNC Kazy Trojan check-in (snort3-malware-cnc.rules)
 * 1:26745 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc ftp command (snort3-malware-cnc.rules)
 * 1:25547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:25548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (snort3-malware-cnc.rules)
 * 1:25551 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dipasik variant outbound connection (snort3-malware-cnc.rules)
 * 1:25553 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (snort3-malware-cnc.rules)
 * 1:25570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medialabs variant outbound connection (snort3-malware-cnc.rules)
 * 1:25571 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medialabs variant outbound connection (snort3-malware-cnc.rules)
 * 1:25572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut variant outbound connection (snort3-malware-cnc.rules)
 * 1:25577 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Necurs possible URI with encrypted POST (snort3-malware-cnc.rules)
 * 1:25599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gupboot variant outbound connection (snort3-malware-cnc.rules)
 * 1:25600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dilavtor variant outbound connection (snort3-malware-cnc.rules)
 * 1:25609 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (snort3-malware-cnc.rules)
 * 1:25610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mofsmall variant outbound connection (snort3-malware-cnc.rules)
 * 1:25623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jimpime variant outbound connection (snort3-malware-cnc.rules)
 * 1:25625 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Daws variant outbound connection (snort3-malware-cnc.rules)
 * 1:25626 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (snort3-malware-cnc.rules)
 * 1:25628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant connect to cnc-server (snort3-malware-cnc.rules)
 * 1:25632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Golisy variant outbound connection (snort3-malware-cnc.rules)
 * 1:25652 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptic variant outbound connection (snort3-malware-cnc.rules)
 * 1:25660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (snort3-malware-cnc.rules)
 * 1:25661 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (snort3-malware-cnc.rules)
 * 1:25662 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chowspy variant outbound connection (snort3-malware-cnc.rules)
 * 1:25663 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rimod variant outbound connection (snort3-malware-cnc.rules)
 * 1:25665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sycomder variant outbound connection (snort3-malware-cnc.rules)
 * 1:25666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (snort3-malware-cnc.rules)
 * 1:25667 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nflog variant outbound connection (snort3-malware-cnc.rules)
 * 1:28565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sluegot variant connection (snort3-malware-cnc.rules)
 * 1:25668 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nflog variant outbound connection (snort3-malware-cnc.rules)
 * 1:26202 <-> DISABLED <-> MALWARE-CNC VBS.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:25672 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound connection (snort3-malware-cnc.rules)
 * 1:25673 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.QQDragon variant outbound connection (snort3-malware-cnc.rules)
 * 1:25674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shimwoc variant outbound connection (snort3-malware-cnc.rules)
 * 1:25675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeavlock variant outbound connection (snort3-malware-cnc.rules)
 * 1:25765 <-> DISABLED <-> MALWARE-CNC Trojan Agent YEH variant outbound connection (snort3-malware-cnc.rules)
 * 1:25766 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (snort3-malware-cnc.rules)
 * 1:25807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Urausy Botnet variant outbound connection (snort3-malware-cnc.rules)
 * 1:25829 <-> DISABLED <-> MALWARE-CNC Trojan Banker FTC variant outbound connection (snort3-malware-cnc.rules)
 * 1:25854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection - MSIE7 No Referer No Cookie (snort3-malware-cnc.rules)
 * 1:25863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.QBundle variant outbound connection (snort3-malware-cnc.rules)
 * 1:25865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:25866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:25867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:25973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boolflot variant outbound connection (snort3-malware-cnc.rules)
 * 1:25974 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:25978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lukprofin variant outbound connection (snort3-malware-cnc.rules)
 * 1:25979 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lukprofin variant outbound connection (snort3-malware-cnc.rules)
 * 1:25980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pass (snort3-malware-cnc.rules)
 * 1:25987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upof variant outbound connection (snort3-malware-cnc.rules)
 * 1:25990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (snort3-malware-cnc.rules)
 * 1:25991 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (snort3-malware-cnc.rules)
 * 1:25671 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (snort3-malware-cnc.rules)
 * 1:26746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc download command (snort3-malware-cnc.rules)
 * 1:26747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc fastddos command (snort3-malware-cnc.rules)
 * 1:26748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc slowhttp command (snort3-malware-cnc.rules)
 * 1:26749 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc allhttp command (snort3-malware-cnc.rules)
 * 1:26750 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc full command (snort3-malware-cnc.rules)
 * 1:26751 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - msctls_progress32 (snort3-malware-cnc.rules)
 * 1:26756 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Datcaen variant outbound connection (snort3-malware-cnc.rules)
 * 1:26757 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Datcaen variant outbound connection (snort3-malware-cnc.rules)
 * 1:26758 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elefin variant outbound connection (snort3-malware-cnc.rules)
 * 1:26763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (snort3-malware-cnc.rules)
 * 1:26770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (snort3-malware-cnc.rules)
 * 1:26771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (snort3-malware-cnc.rules)
 * 1:26774 <-> DISABLED <-> MALWARE-CNC Win.Worm.Luder variant outbound connection (snort3-malware-cnc.rules)
 * 1:26775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker variant outbound connection HTTP Header Structure (snort3-malware-cnc.rules)
 * 1:26776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker variant outbound connection POST (snort3-malware-cnc.rules)
 * 1:26777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (snort3-malware-cnc.rules)
 * 1:26779 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex encrypted POST check-in (snort3-malware-cnc.rules)
 * 1:26780 <-> DISABLED <-> MALWARE-CNC cridex HTTP Response - default0.js (snort3-malware-cnc.rules)
 * 1:26785 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qrmon variant outbound connection (snort3-malware-cnc.rules)
 * 1:26792 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbula variant outbound connection (snort3-malware-cnc.rules)
 * 1:26793 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbula variant initial CNC contact (snort3-malware-cnc.rules)
 * 1:26809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor.Tomvode variant outbound connection (snort3-malware-cnc.rules)
 * 1:26811 <-> DISABLED <-> MALWARE-CNC XP Fake Antivirus Payment Page Request (snort3-malware-cnc.rules)
 * 1:26812 <-> DISABLED <-> MALWARE-CNC XP Fake Antivirus Check-in (snort3-malware-cnc.rules)
 * 1:26813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato CMS spambot check-in (snort3-malware-cnc.rules)
 * 1:26815 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.KitM variant outbound connection user-agent (snort3-malware-cnc.rules)
 * 1:26816 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.KitM variant outbound connection (snort3-malware-cnc.rules)
 * 1:26818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Zawat variant outbound connection (snort3-malware-cnc.rules)
 * 1:26819 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Datash variant outbound connection (snort3-malware-cnc.rules)
 * 1:26820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Datash variant outbound connection (snort3-malware-cnc.rules)
 * 1:26822 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (snort3-malware-cnc.rules)
 * 1:26828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uperti variant outbound connection (snort3-malware-cnc.rules)
 * 1:26835 <-> DISABLED <-> MALWARE-CNC RDN Banker POST variant outbound connection (snort3-malware-cnc.rules)
 * 1:26836 <-> DISABLED <-> MALWARE-CNC RDN Banker Strange Google Traffic (snort3-malware-cnc.rules)
 * 1:26837 <-> DISABLED <-> MALWARE-CNC BitBot Idle C2 response (snort3-malware-cnc.rules)
 * 1:26840 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:26841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:26880 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zotob.E gc.exe download (snort3-malware-cnc.rules)
 * 1:26911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (snort3-malware-cnc.rules)
 * 1:26912 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (snort3-malware-cnc.rules)
 * 1:26923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (snort3-malware-cnc.rules)
 * 1:26924 <-> DISABLED <-> MALWARE-CNC Potential Gozi Trojan HTTP Header Structure (snort3-malware-cnc.rules)
 * 1:26930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (snort3-malware-cnc.rules)
 * 1:26931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (snort3-malware-cnc.rules)
 * 1:26932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (snort3-malware-cnc.rules)
 * 1:26940 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TripleNine RAT beacon (snort3-malware-cnc.rules)
 * 1:26941 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PipCreat RAT dropper download (snort3-malware-cnc.rules)
 * 1:26942 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PipCreat RAT beacon (snort3-malware-cnc.rules)
 * 1:26943 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Post_Show RAT beacon (snort3-malware-cnc.rules)
 * 1:26944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Post_Show RAT beacon (snort3-malware-cnc.rules)
 * 1:26945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bisonal RAT beacon (snort3-malware-cnc.rules)
 * 1:26946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uptime RAT beacon (snort3-malware-cnc.rules)
 * 1:26952 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcim variant outbound connection (snort3-malware-cnc.rules)
 * 1:26954 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Talsab variant outbound connection (snort3-malware-cnc.rules)
 * 1:26955 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Talsab variant outbound connection (snort3-malware-cnc.rules)
 * 1:26965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Facebook Secure Cryptor C2 (snort3-malware-cnc.rules)
 * 1:26966 <-> DISABLED <-> MALWARE-CNC Win32/Autorun.JN variant outbound connection (snort3-malware-cnc.rules)
 * 1:26967 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (snort3-malware-cnc.rules)
 * 1:26968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi Data Theft POST Data (snort3-malware-cnc.rules)
 * 1:26969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi Trojan Data Theft POST URL (snort3-malware-cnc.rules)
 * 1:26970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pirminay variant outbound connection (snort3-malware-cnc.rules)
 * 1:26984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector Info Stealer Trojan variant outbound connection (snort3-malware-cnc.rules)
 * 1:26986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xenil variant outbound connection (snort3-malware-cnc.rules)
 * 1:26987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyvadextr variant outbound connection (snort3-malware-cnc.rules)
 * 1:26995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:26996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:26997 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Morcut variant outbound connection (snort3-malware-cnc.rules)
 * 1:26998 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Morcut file download (snort3-malware-cnc.rules)
 * 1:26999 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chinoxy variant outbound connection (snort3-malware-cnc.rules)
 * 1:27000 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chinoxy variant outbound connection (snort3-malware-cnc.rules)
 * 1:27002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:27003 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:27007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:27008 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:27010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot payment .scr download (snort3-malware-cnc.rules)
 * 1:27012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant outbound connection (snort3-malware-cnc.rules)
 * 1:27013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant inbound connection (snort3-malware-cnc.rules)
 * 1:27014 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epipenwa variant outbound connection (snort3-malware-cnc.rules)
 * 1:27017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato variant inbound response connection (snort3-malware-cnc.rules)
 * 1:27021 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Layvam variant outbound connection (snort3-malware-cnc.rules)
 * 1:27022 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (snort3-malware-cnc.rules)
 * 1:27023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (snort3-malware-cnc.rules)
 * 1:27033 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Transhell variant outbound connection user-agent (snort3-malware-cnc.rules)
 * 1:27039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.OnlineGameHack variant outbound connection (snort3-malware-cnc.rules)
 * 1:27044 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string pb - Htbot (snort3-malware-cnc.rules)
 * 1:27045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker Download (snort3-malware-cnc.rules)
 * 1:27049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dokstormac variant outbound connection (snort3-malware-cnc.rules)
 * 1:27054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant outbound connection (snort3-malware-cnc.rules)
 * 1:27058 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.HackBack variant outbound connection (snort3-malware-cnc.rules)
 * 1:27093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (snort3-malware-cnc.rules)
 * 1:27120 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:27169 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atezag variant outbound connection (snort3-malware-cnc.rules)
 * 1:27199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meredrop variant outbound connection GET Request (snort3-malware-cnc.rules)
 * 1:27200 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meredrop variant outbound connection POST Request (snort3-malware-cnc.rules)
 * 1:27201 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neurevt variant outbound connection (snort3-malware-cnc.rules)
 * 1:27248 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue - Mozi1la User-Agent (snort3-malware-cnc.rules)
 * 1:27252 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess 111-byte URL variant outbound connection (snort3-malware-cnc.rules)
 * 1:27256 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik Drive-by Download Malware (snort3-malware-cnc.rules)
 * 1:27257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptic 7-byte URI Invalid Firefox Headers - no Accept-Language (snort3-malware-cnc.rules)
 * 1:26741 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc exec command (snort3-malware-cnc.rules)
 * 1:27260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Java.Agent.NFK variant connection (snort3-malware-cnc.rules)
 * 1:27263 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - yahoonews (snort3-malware-cnc.rules)
 * 1:27558 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bezigate variant outbound connection (snort3-malware-cnc.rules)
 * 1:27567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix malicious download request (snort3-malware-cnc.rules)
 * 1:27577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:27596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redyms variant outbound connection (snort3-malware-cnc.rules)
 * 1:27599 <-> DISABLED <-> MALWARE-CNC Fort Disco Registration variant outbound connection (snort3-malware-cnc.rules)
 * 1:27600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nawpers variant connection (snort3-malware-cnc.rules)
 * 1:27629 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (snort3-malware-cnc.rules)
 * 1:27630 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (snort3-malware-cnc.rules)
 * 1:27631 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (snort3-malware-cnc.rules)
 * 1:27633 <-> DISABLED <-> MALWARE-CNC Worm.Silly variant outbound connection (snort3-malware-cnc.rules)
 * 1:27636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Likseput variant connection (snort3-malware-cnc.rules)
 * 1:27637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syhcmd variant connection (snort3-malware-cnc.rules)
 * 1:27639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epipenwa variant connection (snort3-malware-cnc.rules)
 * 1:27640 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chekafe variant connection (snort3-malware-cnc.rules)
 * 1:27641 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meilat variant connection (snort3-malware-cnc.rules)
 * 1:27642 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downbot variant connection (snort3-malware-cnc.rules)
 * 1:27643 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Betabot variant connection (snort3-malware-cnc.rules)
 * 1:27644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Merong variant connection (snort3-malware-cnc.rules)
 * 1:27645 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Binjo variant outbound connection (snort3-malware-cnc.rules)
 * 1:27647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nelaja variant outbound connection (snort3-malware-cnc.rules)
 * 1:27648 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker.ZSL variant outbound connection (snort3-malware-cnc.rules)
 * 1:27649 <-> DISABLED <-> MALWARE-CNC Brazilian Banking Trojan data theft (snort3-malware-cnc.rules)
 * 1:27655 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Enchanim variant connection (snort3-malware-cnc.rules)
 * 1:27659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gapz variant connection (snort3-malware-cnc.rules)
 * 1:27660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reabfrus variant connection (snort3-malware-cnc.rules)
 * 1:27661 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reabfrus variant connection (snort3-malware-cnc.rules)
 * 1:27662 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Galfun variant outbound connection (snort3-malware-cnc.rules)
 * 1:27664 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (snort3-malware-cnc.rules)
 * 1:27665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (snort3-malware-cnc.rules)
 * 1:27670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.evf variant connection (snort3-malware-cnc.rules)
 * 1:27678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Goolelo variant connection (snort3-malware-cnc.rules)
 * 1:27679 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (snort3-malware-cnc.rules)
 * 1:27680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess variant outbound connection (snort3-malware-cnc.rules)
 * 1:27699 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tartober variant connection (snort3-malware-cnc.rules)
 * 1:27709 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string umbra (snort3-malware-cnc.rules)
 * 1:27710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string IExplore (snort3-malware-cnc.rules)
 * 1:27711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant outbound connection (snort3-malware-cnc.rules)
 * 1:27720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kolok variant connection (snort3-malware-cnc.rules)
 * 1:27726 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (snort3-malware-cnc.rules)
 * 1:27727 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (snort3-malware-cnc.rules)
 * 1:27728 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (snort3-malware-cnc.rules)
 * 1:27737 <-> DISABLED <-> MALWARE-CNC DNS suspicious .c0m.li dns query (snort3-malware-cnc.rules)
 * 1:27746 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Hanthie variant outbound connection (snort3-malware-cnc.rules)
 * 1:27747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banechant outbound variant connection (snort3-malware-cnc.rules)
 * 1:27759 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Treizt variant connection (snort3-malware-cnc.rules)
 * 1:27774 <-> DISABLED <-> MALWARE-CNC RDN Banker Data Exfiltration (snort3-malware-cnc.rules)
 * 1:27775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (snort3-malware-cnc.rules)
 * 1:27802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PRISM variant outbound connection (snort3-malware-cnc.rules)
 * 1:27803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PRISM variant outbound connection (snort3-malware-cnc.rules)
 * 1:27805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bisonha variant outbound connection (snort3-malware-cnc.rules)
 * 1:27806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retruse variant connection (snort3-malware-cnc.rules)
 * 1:27811 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mindweq variant connection (snort3-malware-cnc.rules)
 * 1:27817 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenavt connection (snort3-malware-cnc.rules)
 * 1:27864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinowal variant connection (snort3-malware-cnc.rules)
 * 1:27867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper outbound connection (snort3-malware-cnc.rules)
 * 1:27868 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - dt12012 (snort3-malware-cnc.rules)
 * 1:27905 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helauto variant connection (snort3-malware-cnc.rules)
 * 1:27918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (snort3-malware-cnc.rules)
 * 1:27919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus encrypted POST Data exfiltration (snort3-malware-cnc.rules)
 * 1:27939 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Galock variant connection (snort3-malware-cnc.rules)
 * 1:27955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mevade variant outbound connection (snort3-malware-cnc.rules)
 * 1:27963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lolbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:27964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (snort3-malware-cnc.rules)
 * 1:27965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eupuds variant connection (snort3-malware-cnc.rules)
 * 1:27966 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (snort3-malware-cnc.rules)
 * 1:27968 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (snort3-malware-cnc.rules)
 * 1:27969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Updays variant connection (snort3-malware-cnc.rules)
 * 1:27970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus dropper variant connection (snort3-malware-cnc.rules)
 * 1:27980 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /botnet/adduser.php?uid= (snort3-malware-cnc.rules)
 * 1:27981 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /botnet/tasks.php?uid= (snort3-malware-cnc.rules)
 * 1:28005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz outbound command (snort3-malware-cnc.rules)
 * 1:28007 <-> DISABLED <-> MALWARE-CNC BLYPT installer startupkey outbound traffic (snort3-malware-cnc.rules)
 * 1:28008 <-> DISABLED <-> MALWARE-CNC BLYPT installer reuse outbound traffic (snort3-malware-cnc.rules)
 * 1:28009 <-> DISABLED <-> MALWARE-CNC BLYPT installer configkey outbound traffic (snort3-malware-cnc.rules)
 * 1:28010 <-> DISABLED <-> MALWARE-CNC BLYPT installer tserror outbound traffic (snort3-malware-cnc.rules)
 * 1:28011 <-> DISABLED <-> MALWARE-CNC BLYPT installer createproc outbound traffic (snort3-malware-cnc.rules)
 * 1:28012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (snort3-malware-cnc.rules)
 * 1:28033 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Urausy variant outbound connection (snort3-malware-cnc.rules)
 * 1:28040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (snort3-malware-cnc.rules)
 * 1:28042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Caphaw variant outbound connection (snort3-malware-cnc.rules)
 * 1:28044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker variant connection (snort3-malware-cnc.rules)
 * 1:28045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBKrypt variant connection (snort3-malware-cnc.rules)
 * 1:28072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Omexo outbound connection (snort3-malware-cnc.rules)
 * 1:28073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32.Kimsuky variant file stealing (snort3-malware-cnc.rules)
 * 1:28074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ADKR connection (snort3-malware-cnc.rules)
 * 1:28075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.gzfw connection (snort3-malware-cnc.rules)
 * 1:28079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar variant outbound connection (snort3-malware-cnc.rules)
 * 1:28080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar data theft (snort3-malware-cnc.rules)
 * 1:28084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant connection (snort3-malware-cnc.rules)
 * 1:28094 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Liteol variant connection (snort3-malware-cnc.rules)
 * 1:28095 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Liteol variant connection (snort3-malware-cnc.rules)
 * 1:28096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spynet variant connection (snort3-malware-cnc.rules)
 * 1:28373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mutopy variant outbound connection (snort3-malware-cnc.rules)
 * 1:26605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bydra variant outbound connection (snort3-malware-cnc.rules)
 * 1:27533 <-> DISABLED <-> MALWARE-CNC Potential Win.Trojan.Kraziomel Download - 000.jpg (snort3-malware-cnc.rules)
 * 1:25993 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (snort3-malware-cnc.rules)
 * 1:25994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:25996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reswor variant outbound connection (snort3-malware-cnc.rules)
 * 1:26010 <-> DISABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (snort3-malware-cnc.rules)
 * 1:26011 <-> DISABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (snort3-malware-cnc.rules)
 * 1:26019 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bredo variant outbound connection (snort3-malware-cnc.rules)
 * 1:26023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant in.php outbound connection (snort3-malware-cnc.rules)
 * 1:26024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wecod variant outbound connection (snort3-malware-cnc.rules)
 * 1:26072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locati variant outbound connection (snort3-malware-cnc.rules)
 * 1:26075 <-> DISABLED <-> MALWARE-CNC Bancos variant outbound connection SQL query POST data (snort3-malware-cnc.rules)
 * 1:26086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Exicon variant outbound connection (snort3-malware-cnc.rules)
 * 1:26088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Encriyoko variant outbound connection (snort3-malware-cnc.rules)
 * 1:26106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (snort3-malware-cnc.rules)
 * 1:26115 <-> DISABLED <-> MALWARE-CNC NSIS.Downloader.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:26116 <-> DISABLED <-> MALWARE-CNC NSIS.Downloader.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:26117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarctox variant outbound connection (snort3-malware-cnc.rules)
 * 1:26118 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:26119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:26201 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lobparck variant outbound connection (snort3-malware-cnc.rules)
 * 1:25669 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Selasloot variant outbound connection (snort3-malware-cnc.rules)
 * 1:26203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gupd variant outbound connection (snort3-malware-cnc.rules)
 * 1:26204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malex variant outbound connection (snort3-malware-cnc.rules)
 * 1:26211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eldorado variant outbound connection (snort3-malware-cnc.rules)
 * 1:26238 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Snopexy variant outbound connection (snort3-malware-cnc.rules)
 * 1:26239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stehlox variant outbound connection (snort3-malware-cnc.rules)
 * 1:26240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vkeikooc variant outbound connection (snort3-malware-cnc.rules)
 * 1:26244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Troll variant outbound connection (snort3-malware-cnc.rules)
 * 1:26245 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (snort3-malware-cnc.rules)
 * 1:26248 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent cibabam (snort3-malware-cnc.rules)
 * 1:26249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Sonide variant outbound connection (snort3-malware-cnc.rules)
 * 1:26260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Vectmp variant outbound connection (snort3-malware-cnc.rules)
 * 1:26266 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (snort3-malware-cnc.rules)
 * 1:26267 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (snort3-malware-cnc.rules)
 * 1:26268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (snort3-malware-cnc.rules)
 * 1:26269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (snort3-malware-cnc.rules)
 * 1:26270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (snort3-malware-cnc.rules)
 * 1:26271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (snort3-malware-cnc.rules)
 * 1:26284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Surok variant outbound connection (snort3-malware-cnc.rules)
 * 1:26285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Garveep variant outbound connection (snort3-malware-cnc.rules)
 * 1:26288 <-> DISABLED <-> MALWARE-CNC Brontok Worm variant outbound connection (snort3-malware-cnc.rules)
 * 1:26289 <-> DISABLED <-> MALWARE-CNC Daws Trojan Outbound Plaintext over SSL Port (snort3-malware-cnc.rules)
 * 1:26319 <-> DISABLED <-> MALWARE-CNC file path used as User-Agent - potential Trojan (snort3-malware-cnc.rules)
 * 1:26325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (snort3-malware-cnc.rules)
 * 1:26327 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Flashfake variant outbound connection (snort3-malware-cnc.rules)
 * 1:26331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qhost variant outbound connection (snort3-malware-cnc.rules)
 * 1:26335 <-> DISABLED <-> MALWARE-CNC FBI Ransom Trojan variant outbound connection (snort3-malware-cnc.rules)
 * 1:26370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - ksa.txt (snort3-malware-cnc.rules)
 * 1:26371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - op POST (snort3-malware-cnc.rules)
 * 1:26398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue variant outbound connection (snort3-malware-cnc.rules)
 * 1:26428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (snort3-malware-cnc.rules)
 * 1:26444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:26445 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:26446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:26447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler variant outbound connection (snort3-malware-cnc.rules)
 * 1:26448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakesig variant outbound connection (snort3-malware-cnc.rules)
 * 1:26449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:26450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:26452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (snort3-malware-cnc.rules)
 * 1:26463 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linog.A variant outbound connection (snort3-malware-cnc.rules)
 * 1:26464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linog.A variant outbound connection (snort3-malware-cnc.rules)
 * 1:26467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Magic variant inbound connection (snort3-malware-cnc.rules)
 * 1:26480 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot fake PNG config file download without User-Agent (snort3-malware-cnc.rules)
 * 1:26482 <-> DISABLED <-> MALWARE-CNC Unknown Thinner Encrypted POST botnet C&C (snort3-malware-cnc.rules)
 * 1:26522 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent NOKIAN95/WEB (snort3-malware-cnc.rules)
 * 1:26533 <-> DISABLED <-> MALWARE-CNC Unknown malware - Incorrect headers - Referer HTTP/1.0 (snort3-malware-cnc.rules)
 * 1:26558 <-> DISABLED <-> MALWARE-CNC User-Agent known Malicious user agent Brutus AET (snort3-malware-cnc.rules)
 * 1:26560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - getcomando POST data (snort3-malware-cnc.rules)
 * 1:26561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (snort3-malware-cnc.rules)
 * 1:26563 <-> DISABLED <-> MALWARE-CNC Harakit botnet traffic (snort3-malware-cnc.rules)
 * 1:26576 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (snort3-malware-cnc.rules)
 * 1:26577 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent Opera 10 (snort3-malware-cnc.rules)
 * 1:26578 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy/FakeAV Checkin with IE6 User-Agent (snort3-malware-cnc.rules)
 * 1:26579 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy/FakeAV Checkin with IE6 User-Agent (snort3-malware-cnc.rules)
 * 1:26604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bydra variant outbound connection (snort3-malware-cnc.rules)
 * 1:28857 <-> DISABLED <-> MALWARE-CNC Adwind UNRECOM connnection back to cnc server (snort3-malware-cnc.rules)
 * 1:28106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload information upload (snort3-malware-cnc.rules)
 * 1:26608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rocra variant outbound connection (snort3-malware-cnc.rules)
 * 1:28216 <-> DISABLED <-> MALWARE-CNC known malware FTP login (snort3-malware-cnc.rules)
 * 1:28234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hdslogger outbound connection (snort3-malware-cnc.rules)
 * 1:28543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (snort3-malware-cnc.rules)
 * 1:28285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.hdog connectivity check-in version 2 (snort3-malware-cnc.rules)
 * 1:28446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant SQL check-in (snort3-malware-cnc.rules)
 * 1:28210 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (snort3-malware-cnc.rules)
 * 1:28120 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /start.htm GET Encrypted Payload (snort3-malware-cnc.rules)
 * 1:28419 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tesch variant outbound connection (snort3-malware-cnc.rules)
 * 1:28809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil inbound connection (snort3-malware-cnc.rules)
 * 1:28541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess Download Headers (snort3-malware-cnc.rules)
 * 1:28485 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Khalog variant outbound connection (snort3-malware-cnc.rules)
 * 1:28553 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /main.htm GET Encrypted Payload (snort3-malware-cnc.rules)
 * 1:28114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /default.htm GET Encrypted Payload (snort3-malware-cnc.rules)
 * 1:28143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos outbound connection (snort3-malware-cnc.rules)
 * 1:28155 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - MSIE 7.2 (snort3-malware-cnc.rules)
 * 1:28244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phrovon outbound connection (snort3-malware-cnc.rules)
 * 1:28107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload download (snort3-malware-cnc.rules)
 * 1:28800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (snort3-malware-cnc.rules)
 * 1:28563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pkdesco variant outbound connection (snort3-malware-cnc.rules)
 * 1:28411 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner variant outbound connection (snort3-malware-cnc.rules)
 * 1:28325 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zuza variant outbound connection (snort3-malware-cnc.rules)
 * 1:28814 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi/Neverquest variant outbound connection (snort3-malware-cnc.rules)
 * 1:28548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.chfx variant outbound connection (snort3-malware-cnc.rules)
 * 1:28803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector inbound connection (snort3-malware-cnc.rules)
 * 1:28122 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /index.htm GET Encrypted Payload (snort3-malware-cnc.rules)
 * 1:28542 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (snort3-malware-cnc.rules)
 * 1:28858 <-> DISABLED <-> MALWARE-CNC Adwind UNRECOM connnection back to cnc server (snort3-malware-cnc.rules)
 * 1:25992 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (snort3-malware-cnc.rules)
 * 1:26677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (snort3-malware-cnc.rules)
 * 1:26739 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc connect command (snort3-malware-cnc.rules)
 * 1:26683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shyape variant outbound connection (snort3-malware-cnc.rules)
 * 1:26685 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string J13A (snort3-malware-cnc.rules)
 * 1:26713 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 1 outbound traffic (snort3-malware-cnc.rules)
 * 1:26606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sosork variant outbound connection (snort3-malware-cnc.rules)
 * 1:26740 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dns command (snort3-malware-cnc.rules)
 * 1:26726 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc stop command (snort3-malware-cnc.rules)
 * 1:28147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (snort3-malware-cnc.rules)
 * 1:26722 <-> DISABLED <-> MALWARE-CNC Bancos fake JPG encrypted config file download (snort3-malware-cnc.rules)
 * 1:26732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc syn command (snort3-malware-cnc.rules)
 * 1:26735 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc data command (snort3-malware-cnc.rules)
 * 1:26714 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 2 outbound traffic (snort3-malware-cnc.rules)
 * 1:27551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorapu variant outbound connection (snort3-malware-cnc.rules)
 * 1:28105 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (snort3-malware-cnc.rules)
 * 1:28118 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /login.htm GET Encrypted Payload (snort3-malware-cnc.rules)
 * 1:26656 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Travnet Botnet data upload (snort3-malware-cnc.rules)
 * 1:26697 <-> DISABLED <-> MALWARE-CNC Cbeplay Ransomware variant outbound connection - POST Body (snort3-malware-cnc.rules)
 * 1:26729 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc simple command (snort3-malware-cnc.rules)
 * 1:28816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Siluhdur variant outbound connection (snort3-malware-cnc.rules)
 * 1:26721 <-> DISABLED <-> MALWARE-CNC Pushdo Spiral Traffic (snort3-malware-cnc.rules)
 * 1:26657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz variant outbound connection (snort3-malware-cnc.rules)
 * 1:26728 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc sleep command (snort3-malware-cnc.rules)
 * 1:26731 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc datapost command (snort3-malware-cnc.rules)
 * 1:28254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perl.Shellbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:28914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Anony variant connection (snort3-malware-cnc.rules)
 * 1:28918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant network connectivity check (snort3-malware-cnc.rules)
 * 1:28919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant network connectivity check (snort3-malware-cnc.rules)
 * 1:28930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeav variant outbound data connection (snort3-malware-cnc.rules)
 * 1:28940 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix malicious download (snort3-malware-cnc.rules)
 * 1:28947 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tapaoux variant connection (snort3-malware-cnc.rules)
 * 1:28948 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishlog variant outbound connection (snort3-malware-cnc.rules)
 * 1:28949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishlog variant outbound connection (snort3-malware-cnc.rules)
 * 1:28958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jussuc variant outbound connection (snort3-malware-cnc.rules)
 * 1:28960 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alurewo outbound connection (snort3-malware-cnc.rules)
 * 1:48157 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (snort3-malware-cnc.rules)
 * 1:28607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (snort3-malware-cnc.rules)

2020-10-08 13:28:31 UTC

Snort Subscriber Rules Update

Date: 2020-10-08

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:55929 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9774504-0 download attempt (malware-other.rules)
 * 1:55930 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9774504-0 download attempt (malware-other.rules)
 * 1:55931 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant outbound connection attempt (malware-cnc.rules)
 * 1:55932 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic malicious RemoteConstructor deserialization attempt (server-other.rules)
 * 1:55933 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic malicious RemoteConstructor deserialization attempt (server-other.rules)

Modified Rules:


 * 1:28042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Caphaw variant outbound connection (malware-cnc.rules)
 * 1:28323 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:28230 <-> DISABLED <-> MALWARE-CNC Boot.Bootroot Variant data upload (malware-cnc.rules)
 * 1:28234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hdslogger outbound connection (malware-cnc.rules)
 * 1:28154 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - MSIE 7.1 (malware-cnc.rules)
 * 1:27662 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Galfun variant outbound connection (malware-cnc.rules)
 * 1:27665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules)
 * 1:28011 <-> DISABLED <-> MALWARE-CNC BLYPT installer createproc outbound traffic (malware-cnc.rules)
 * 1:28607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:28547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:28415 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:28216 <-> DISABLED <-> MALWARE-CNC known malware FTP login (malware-cnc.rules)
 * 1:28486 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Codiltak variant outbound connection (malware-cnc.rules)
 * 1:28560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plugx FTP keepalive outbound connection (malware-cnc.rules)
 * 1:28192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz Potential Phishing URL (malware-cnc.rules)
 * 1:27709 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string umbra (malware-cnc.rules)
 * 1:28007 <-> DISABLED <-> MALWARE-CNC BLYPT installer startupkey outbound traffic (malware-cnc.rules)
 * 1:28325 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zuza variant outbound connection (malware-cnc.rules)
 * 1:28804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector outbound connection (malware-cnc.rules)
 * 1:28419 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tesch variant outbound connection (malware-cnc.rules)
 * 1:28565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sluegot variant connection (malware-cnc.rules)
 * 1:28209 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules)
 * 1:28146 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Salgorea variant connection (malware-cnc.rules)
 * 1:28815 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi/Neverquest variant outbound connection (malware-cnc.rules)
 * 1:28418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Dtcontx outbound connection (malware-cnc.rules)
 * 1:28599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Lesirt variant outbound connection (malware-cnc.rules)
 * 1:28107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload download (malware-cnc.rules)
 * 1:28805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Palevo outbound connection (malware-cnc.rules)
 * 1:28446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant SQL check-in (malware-cnc.rules)
 * 1:28724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent outbound connection (malware-cnc.rules)
 * 1:28604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kasnam variant connection (malware-cnc.rules)
 * 1:28410 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner variant outbound connection (malware-cnc.rules)
 * 1:28802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos outbound connection (malware-cnc.rules)
 * 1:28210 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules)
 * 1:28366 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Venik variant outbound connection (malware-cnc.rules)
 * 1:28247 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules)
 * 1:28328 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Hupigon variant outbound connection (malware-cnc.rules)
 * 1:28538 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox/Kuluoz variant connection (malware-cnc.rules)
 * 1:28144 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32.Wpbrutebot variant connection (malware-cnc.rules)
 * 1:28211 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules)
 * 1:28326 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zuza variant outbound connection (malware-cnc.rules)
 * 1:28254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perl.Shellbot variant outbound connection (malware-cnc.rules)
 * 1:28558 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string getURLdown (malware-cnc.rules)
 * 1:27664 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules)
 * 1:28485 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Khalog variant outbound connection (malware-cnc.rules)
 * 1:28116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /home.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pkdesco variant outbound connection (malware-cnc.rules)
 * 1:28562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sidopa variant outbound connection (malware-cnc.rules)
 * 1:28543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules)
 * 1:28362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string SUiCiDE/1.5 (malware-cnc.rules)
 * 1:28255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz Potential phishing URL (malware-cnc.rules)
 * 1:28405 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:28148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mevade variant outbound connection (malware-cnc.rules)
 * 1:28285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.hdog connectivity check-in version 2 (malware-cnc.rules)
 * 1:28564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pkdesco variant outbound connection (malware-cnc.rules)
 * 1:28814 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi/Neverquest variant outbound connection (malware-cnc.rules)
 * 1:28813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ufraie variant outbound connection (malware-cnc.rules)
 * 1:27726 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules)
 * 1:28852 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules)
 * 1:28212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bitsto variant connection (malware-cnc.rules)
 * 1:28125 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant connection (malware-cnc.rules)
 * 1:28559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules)
 * 1:27747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banechant outbound variant connection (malware-cnc.rules)
 * 1:28528 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (malware-cnc.rules)
 * 1:27817 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenavt connection (malware-cnc.rules)
 * 1:28120 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /start.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /setup.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - /html2/ (malware-cnc.rules)
 * 1:28810 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection - MSIE7 No Referer No Cookie (malware-cnc.rules)
 * 1:28117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /install.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:27868 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - dt12012 (malware-cnc.rules)
 * 1:27711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant outbound connection (malware-cnc.rules)
 * 1:27803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PRISM variant outbound connection (malware-cnc.rules)
 * 1:27680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess variant outbound connection (malware-cnc.rules)
 * 1:27805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bisonha variant outbound connection (malware-cnc.rules)
 * 1:27759 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Treizt variant connection (malware-cnc.rules)
 * 1:28856 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yowdab variant connection (malware-cnc.rules)
 * 1:27737 <-> DISABLED <-> MALWARE-CNC DNS suspicious .c0m.li dns query (malware-cnc.rules)
 * 1:27811 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mindweq variant connection (malware-cnc.rules)
 * 1:27720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kolok variant connection (malware-cnc.rules)
 * 1:27802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PRISM variant outbound connection (malware-cnc.rules)
 * 1:27806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retruse variant connection (malware-cnc.rules)
 * 1:28045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBKrypt variant connection (malware-cnc.rules)
 * 1:27774 <-> DISABLED <-> MALWARE-CNC RDN Banker Data Exfiltration (malware-cnc.rules)
 * 1:26952 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcim variant outbound connection (malware-cnc.rules)
 * 1:27699 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tartober variant connection (malware-cnc.rules)
 * 1:27864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinowal variant connection (malware-cnc.rules)
 * 1:28820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:27939 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Galock variant connection (malware-cnc.rules)
 * 1:27981 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /botnet/tasks.php?uid= (malware-cnc.rules)
 * 1:27955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mevade variant outbound connection (malware-cnc.rules)
 * 1:28097 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ohlat variant connection (malware-cnc.rules)
 * 1:28044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker variant connection (malware-cnc.rules)
 * 1:28009 <-> DISABLED <-> MALWARE-CNC BLYPT installer configkey outbound traffic (malware-cnc.rules)
 * 1:27918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:28105 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:27969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Updays variant connection (malware-cnc.rules)
 * 1:28033 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Urausy variant outbound connection (malware-cnc.rules)
 * 1:27670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.evf variant connection (malware-cnc.rules)
 * 1:28373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mutopy variant outbound connection (malware-cnc.rules)
 * 1:27968 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:28853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dipverdle variant outbound connection (malware-cnc.rules)
 * 1:27679 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:27710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string IExplore (malware-cnc.rules)
 * 1:27727 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules)
 * 1:27775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:28816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Siluhdur variant outbound connection (malware-cnc.rules)
 * 1:28115 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /file.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (malware-cnc.rules)
 * 1:28799 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mxtcycle variant outbound connection (malware-cnc.rules)
 * 1:28134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant connection (malware-cnc.rules)
 * 1:28605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kasnam variant connection (malware-cnc.rules)
 * 1:28166 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bifrose variant connection (malware-cnc.rules)
 * 1:28800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (malware-cnc.rules)
 * 1:28143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos outbound connection (malware-cnc.rules)
 * 1:28808 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Ptiger variant outbound connection (malware-cnc.rules)
 * 1:28155 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - MSIE 7.2 (malware-cnc.rules)
 * 1:28122 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /index.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28406 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:28809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil inbound connection (malware-cnc.rules)
 * 1:28542 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules)
 * 1:28244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phrovon outbound connection (malware-cnc.rules)
 * 1:28072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Omexo outbound connection (malware-cnc.rules)
 * 1:28073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32.Kimsuky variant file stealing (malware-cnc.rules)
 * 1:28074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ADKR connection (malware-cnc.rules)
 * 1:28075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.gzfw connection (malware-cnc.rules)
 * 1:28079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar variant outbound connection (malware-cnc.rules)
 * 1:28080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar data theft (malware-cnc.rules)
 * 1:28084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant connection (malware-cnc.rules)
 * 1:28094 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Liteol variant connection (malware-cnc.rules)
 * 1:28095 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Liteol variant connection (malware-cnc.rules)
 * 1:28096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spynet variant connection (malware-cnc.rules)
 * 1:28914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Anony variant connection (malware-cnc.rules)
 * 1:28918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant network connectivity check (malware-cnc.rules)
 * 1:28919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant network connectivity check (malware-cnc.rules)
 * 1:28930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeav variant outbound data connection (malware-cnc.rules)
 * 1:28940 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix malicious download (malware-cnc.rules)
 * 1:28947 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tapaoux variant connection (malware-cnc.rules)
 * 1:28948 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishlog variant outbound connection (malware-cnc.rules)
 * 1:28949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishlog variant outbound connection (malware-cnc.rules)
 * 1:28958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jussuc variant outbound connection (malware-cnc.rules)
 * 1:28960 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alurewo outbound connection (malware-cnc.rules)
 * 1:48157 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules)
 * 1:26681 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules)
 * 1:25807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Urausy Botnet variant outbound connection (malware-cnc.rules)
 * 1:25547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules)
 * 1:25551 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dipasik variant outbound connection (malware-cnc.rules)
 * 1:25553 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (malware-cnc.rules)
 * 1:25570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medialabs variant outbound connection (malware-cnc.rules)
 * 1:25571 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medialabs variant outbound connection (malware-cnc.rules)
 * 1:25572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut variant outbound connection (malware-cnc.rules)
 * 1:25577 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Necurs possible URI with encrypted POST (malware-cnc.rules)
 * 1:25599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gupboot variant outbound connection (malware-cnc.rules)
 * 1:25600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dilavtor variant outbound connection (malware-cnc.rules)
 * 1:25609 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:25610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mofsmall variant outbound connection (malware-cnc.rules)
 * 1:25854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection - MSIE7 No Referer No Cookie (malware-cnc.rules)
 * 1:25628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant connect to cnc-server (malware-cnc.rules)
 * 1:25632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Golisy variant outbound connection (malware-cnc.rules)
 * 1:25652 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptic variant outbound connection (malware-cnc.rules)
 * 1:25660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules)
 * 1:25661 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules)
 * 1:25662 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chowspy variant outbound connection (malware-cnc.rules)
 * 1:25663 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rimod variant outbound connection (malware-cnc.rules)
 * 1:25665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sycomder variant outbound connection (malware-cnc.rules)
 * 1:25666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25667 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nflog variant outbound connection (malware-cnc.rules)
 * 1:25668 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nflog variant outbound connection (malware-cnc.rules)
 * 1:25669 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Selasloot variant outbound connection (malware-cnc.rules)
 * 1:25671 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25672 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound connection (malware-cnc.rules)
 * 1:25673 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.QQDragon variant outbound connection (malware-cnc.rules)
 * 1:25674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shimwoc variant outbound connection (malware-cnc.rules)
 * 1:25675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeavlock variant outbound connection (malware-cnc.rules)
 * 1:25765 <-> DISABLED <-> MALWARE-CNC Trojan Agent YEH variant outbound connection (malware-cnc.rules)
 * 1:25766 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:25625 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Daws variant outbound connection (malware-cnc.rules)
 * 1:27008 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:27010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot payment .scr download (malware-cnc.rules)
 * 1:25863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.QBundle variant outbound connection (malware-cnc.rules)
 * 1:25865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boolflot variant outbound connection (malware-cnc.rules)
 * 1:25974 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lukprofin variant outbound connection (malware-cnc.rules)
 * 1:25979 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lukprofin variant outbound connection (malware-cnc.rules)
 * 1:25980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pass (malware-cnc.rules)
 * 1:25987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upof variant outbound connection (malware-cnc.rules)
 * 1:25990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (malware-cnc.rules)
 * 1:25991 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (malware-cnc.rules)
 * 1:25992 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules)
 * 1:25993 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules)
 * 1:25994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reswor variant outbound connection (malware-cnc.rules)
 * 1:26010 <-> DISABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules)
 * 1:26011 <-> DISABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules)
 * 1:26019 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bredo variant outbound connection (malware-cnc.rules)
 * 1:26023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant in.php outbound connection (malware-cnc.rules)
 * 1:26024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wecod variant outbound connection (malware-cnc.rules)
 * 1:26072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locati variant outbound connection (malware-cnc.rules)
 * 1:26075 <-> DISABLED <-> MALWARE-CNC Bancos variant outbound connection SQL query POST data (malware-cnc.rules)
 * 1:26086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Exicon variant outbound connection (malware-cnc.rules)
 * 1:26088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Encriyoko variant outbound connection (malware-cnc.rules)
 * 1:26106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:26115 <-> DISABLED <-> MALWARE-CNC NSIS.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26116 <-> DISABLED <-> MALWARE-CNC NSIS.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarctox variant outbound connection (malware-cnc.rules)
 * 1:26118 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26201 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lobparck variant outbound connection (malware-cnc.rules)
 * 1:26202 <-> DISABLED <-> MALWARE-CNC VBS.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gupd variant outbound connection (malware-cnc.rules)
 * 1:26204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malex variant outbound connection (malware-cnc.rules)
 * 1:26211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eldorado variant outbound connection (malware-cnc.rules)
 * 1:26238 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Snopexy variant outbound connection (malware-cnc.rules)
 * 1:26239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stehlox variant outbound connection (malware-cnc.rules)
 * 1:26240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vkeikooc variant outbound connection (malware-cnc.rules)
 * 1:26244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Troll variant outbound connection (malware-cnc.rules)
 * 1:26245 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:26248 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent cibabam (malware-cnc.rules)
 * 1:26249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Sonide variant outbound connection (malware-cnc.rules)
 * 1:26260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Vectmp variant outbound connection (malware-cnc.rules)
 * 1:26266 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26267 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules)
 * 1:26284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Surok variant outbound connection (malware-cnc.rules)
 * 1:26285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Garveep variant outbound connection (malware-cnc.rules)
 * 1:26288 <-> DISABLED <-> MALWARE-CNC Brontok Worm variant outbound connection (malware-cnc.rules)
 * 1:26289 <-> DISABLED <-> MALWARE-CNC Daws Trojan Outbound Plaintext over SSL Port (malware-cnc.rules)
 * 1:26319 <-> DISABLED <-> MALWARE-CNC file path used as User-Agent - potential Trojan (malware-cnc.rules)
 * 1:26325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules)
 * 1:26327 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Flashfake variant outbound connection (malware-cnc.rules)
 * 1:26331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qhost variant outbound connection (malware-cnc.rules)
 * 1:26335 <-> DISABLED <-> MALWARE-CNC FBI Ransom Trojan variant outbound connection (malware-cnc.rules)
 * 1:26370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - ksa.txt (malware-cnc.rules)
 * 1:26371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - op POST (malware-cnc.rules)
 * 1:26398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue variant outbound connection (malware-cnc.rules)
 * 1:26428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:26444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26445 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler variant outbound connection (malware-cnc.rules)
 * 1:26448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakesig variant outbound connection (malware-cnc.rules)
 * 1:26449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules)
 * 1:26463 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linog.A variant outbound connection (malware-cnc.rules)
 * 1:26464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linog.A variant outbound connection (malware-cnc.rules)
 * 1:26467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Magic variant inbound connection (malware-cnc.rules)
 * 1:26480 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot fake PNG config file download without User-Agent (malware-cnc.rules)
 * 1:26482 <-> DISABLED <-> MALWARE-CNC Unknown Thinner Encrypted POST botnet C&C (malware-cnc.rules)
 * 1:26522 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent NOKIAN95/WEB (malware-cnc.rules)
 * 1:26533 <-> DISABLED <-> MALWARE-CNC Unknown malware - Incorrect headers - Referer HTTP/1.0 (malware-cnc.rules)
 * 1:26558 <-> DISABLED <-> MALWARE-CNC User-Agent known Malicious user agent Brutus AET (malware-cnc.rules)
 * 1:26560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - getcomando POST data (malware-cnc.rules)
 * 1:26561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:26563 <-> DISABLED <-> MALWARE-CNC Harakit botnet traffic (malware-cnc.rules)
 * 1:26576 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules)
 * 1:26577 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent Opera 10 (malware-cnc.rules)
 * 1:26578 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy/FakeAV Checkin with IE6 User-Agent (malware-cnc.rules)
 * 1:26579 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy/FakeAV Checkin with IE6 User-Agent (malware-cnc.rules)
 * 1:26604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bydra variant outbound connection (malware-cnc.rules)
 * 1:26605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bydra variant outbound connection (malware-cnc.rules)
 * 1:26606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sosork variant outbound connection (malware-cnc.rules)
 * 1:26607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korlia variant outbound connection (malware-cnc.rules)
 * 1:26608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rocra variant outbound connection (malware-cnc.rules)
 * 1:26609 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Dockster variant outbound connection (malware-cnc.rules)
 * 1:26613 <-> DISABLED <-> MALWARE-CNC Medfos Trojan variant outbound connection (malware-cnc.rules)
 * 1:26656 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Travnet Botnet data upload (malware-cnc.rules)
 * 1:26657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz variant outbound connection (malware-cnc.rules)
 * 1:26677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules)
 * 1:26678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules)
 * 1:26679 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules)
 * 1:26680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules)
 * 1:26955 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Talsab variant outbound connection (malware-cnc.rules)
 * 1:27965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eupuds variant connection (malware-cnc.rules)
 * 1:26683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shyape variant outbound connection (malware-cnc.rules)
 * 1:28005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz outbound command (malware-cnc.rules)
 * 1:26685 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string J13A (malware-cnc.rules)
 * 1:26686 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alina (malware-cnc.rules)
 * 1:26690 <-> DISABLED <-> MALWARE-CNC Miniduke server contact (malware-cnc.rules)
 * 1:26691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UFRStealer variant outbound connection (malware-cnc.rules)
 * 1:26692 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyremoav variant outbound connection (malware-cnc.rules)
 * 1:26695 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Namihno variant outbound request (malware-cnc.rules)
 * 1:26696 <-> DISABLED <-> MALWARE-CNC Cbeplay Ransomware variant outbound connection - Abnormal HTTP Headers (malware-cnc.rules)
 * 1:26697 <-> DISABLED <-> MALWARE-CNC Cbeplay Ransomware variant outbound connection - POST Body (malware-cnc.rules)
 * 1:26702 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win (malware-cnc.rules)
 * 1:26703 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upero variant outbound connection (malware-cnc.rules)
 * 1:26712 <-> DISABLED <-> MALWARE-CNC Kazy Trojan check-in (malware-cnc.rules)
 * 1:26713 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 1 outbound traffic (malware-cnc.rules)
 * 1:26714 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 2 outbound traffic (malware-cnc.rules)
 * 1:26715 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 3 outbound traffic (malware-cnc.rules)
 * 1:26719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules)
 * 1:26720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules)
 * 1:26721 <-> DISABLED <-> MALWARE-CNC Pushdo Spiral Traffic (malware-cnc.rules)
 * 1:26722 <-> DISABLED <-> MALWARE-CNC Bancos fake JPG encrypted config file download (malware-cnc.rules)
 * 1:26723 <-> DISABLED <-> MALWARE-CNC Trojan Downloader7 (malware-cnc.rules)
 * 1:26725 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc http command (malware-cnc.rules)
 * 1:26726 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc stop command (malware-cnc.rules)
 * 1:26727 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc die command (malware-cnc.rules)
 * 1:26728 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc sleep command (malware-cnc.rules)
 * 1:26729 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc simple command (malware-cnc.rules)
 * 1:26730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc loginpost command (malware-cnc.rules)
 * 1:26731 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc datapost command (malware-cnc.rules)
 * 1:26732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc syn command (malware-cnc.rules)
 * 1:26733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udp command (malware-cnc.rules)
 * 1:26734 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udpdata command (malware-cnc.rules)
 * 1:26735 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc data command (malware-cnc.rules)
 * 1:26736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc icmp command (malware-cnc.rules)
 * 1:26737 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc tcpdata command (malware-cnc.rules)
 * 1:26738 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dataget command (malware-cnc.rules)
 * 1:26739 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc connect command (malware-cnc.rules)
 * 1:26740 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dns command (malware-cnc.rules)
 * 1:26741 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc exec command (malware-cnc.rules)
 * 1:26742 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc resolve command (malware-cnc.rules)
 * 1:26743 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc antiddos command (malware-cnc.rules)
 * 1:26744 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc range command (malware-cnc.rules)
 * 1:26745 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc ftp command (malware-cnc.rules)
 * 1:26746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc download command (malware-cnc.rules)
 * 1:26747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc fastddos command (malware-cnc.rules)
 * 1:26748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc slowhttp command (malware-cnc.rules)
 * 1:26749 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc allhttp command (malware-cnc.rules)
 * 1:26750 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc full command (malware-cnc.rules)
 * 1:26751 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - msctls_progress32 (malware-cnc.rules)
 * 1:26756 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Datcaen variant outbound connection (malware-cnc.rules)
 * 1:26757 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Datcaen variant outbound connection (malware-cnc.rules)
 * 1:26758 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elefin variant outbound connection (malware-cnc.rules)
 * 1:26763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:26770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:26771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:26774 <-> DISABLED <-> MALWARE-CNC Win.Worm.Luder variant outbound connection (malware-cnc.rules)
 * 1:26775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker variant outbound connection HTTP Header Structure (malware-cnc.rules)
 * 1:26776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker variant outbound connection POST (malware-cnc.rules)
 * 1:26777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:26779 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex encrypted POST check-in (malware-cnc.rules)
 * 1:26780 <-> DISABLED <-> MALWARE-CNC cridex HTTP Response - default0.js (malware-cnc.rules)
 * 1:26785 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qrmon variant outbound connection (malware-cnc.rules)
 * 1:26792 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbula variant outbound connection (malware-cnc.rules)
 * 1:26793 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbula variant initial CNC contact (malware-cnc.rules)
 * 1:26809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor.Tomvode variant outbound connection (malware-cnc.rules)
 * 1:26811 <-> DISABLED <-> MALWARE-CNC XP Fake Antivirus Payment Page Request (malware-cnc.rules)
 * 1:26812 <-> DISABLED <-> MALWARE-CNC XP Fake Antivirus Check-in (malware-cnc.rules)
 * 1:26813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato CMS spambot check-in (malware-cnc.rules)
 * 1:26815 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.KitM variant outbound connection user-agent (malware-cnc.rules)
 * 1:26816 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.KitM variant outbound connection (malware-cnc.rules)
 * 1:26818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Zawat variant outbound connection (malware-cnc.rules)
 * 1:26819 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Datash variant outbound connection (malware-cnc.rules)
 * 1:26820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Datash variant outbound connection (malware-cnc.rules)
 * 1:26822 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules)
 * 1:26828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uperti variant outbound connection (malware-cnc.rules)
 * 1:26835 <-> DISABLED <-> MALWARE-CNC RDN Banker POST variant outbound connection (malware-cnc.rules)
 * 1:26836 <-> DISABLED <-> MALWARE-CNC RDN Banker Strange Google Traffic (malware-cnc.rules)
 * 1:26837 <-> DISABLED <-> MALWARE-CNC BitBot Idle C2 response (malware-cnc.rules)
 * 1:26840 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (malware-cnc.rules)
 * 1:26841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (malware-cnc.rules)
 * 1:26880 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zotob.E gc.exe download (malware-cnc.rules)
 * 1:26911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules)
 * 1:26912 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules)
 * 1:26923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:26924 <-> DISABLED <-> MALWARE-CNC Potential Gozi Trojan HTTP Header Structure (malware-cnc.rules)
 * 1:26930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules)
 * 1:26931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules)
 * 1:26932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules)
 * 1:26940 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TripleNine RAT beacon (malware-cnc.rules)
 * 1:26941 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PipCreat RAT dropper download (malware-cnc.rules)
 * 1:26942 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PipCreat RAT beacon (malware-cnc.rules)
 * 1:26943 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Post_Show RAT beacon (malware-cnc.rules)
 * 1:26944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Post_Show RAT beacon (malware-cnc.rules)
 * 1:26945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bisonal RAT beacon (malware-cnc.rules)
 * 1:28118 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /login.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:27964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules)
 * 1:28012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:27746 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Hanthie variant outbound connection (malware-cnc.rules)
 * 1:26684 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neshax variant outbound connection (malware-cnc.rules)
 * 1:27905 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helauto variant connection (malware-cnc.rules)
 * 1:26965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Facebook Secure Cryptor C2 (malware-cnc.rules)
 * 1:26966 <-> DISABLED <-> MALWARE-CNC Win32/Autorun.JN variant outbound connection (malware-cnc.rules)
 * 1:26967 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:26968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi Data Theft POST Data (malware-cnc.rules)
 * 1:26969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi Trojan Data Theft POST URL (malware-cnc.rules)
 * 1:26970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pirminay variant outbound connection (malware-cnc.rules)
 * 1:26984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector Info Stealer Trojan variant outbound connection (malware-cnc.rules)
 * 1:26986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xenil variant outbound connection (malware-cnc.rules)
 * 1:26987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyvadextr variant outbound connection (malware-cnc.rules)
 * 1:26995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26997 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Morcut variant outbound connection (malware-cnc.rules)
 * 1:26998 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Morcut file download (malware-cnc.rules)
 * 1:26999 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chinoxy variant outbound connection (malware-cnc.rules)
 * 1:27000 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chinoxy variant outbound connection (malware-cnc.rules)
 * 1:27002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:27003 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:27007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:25626 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:27012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant outbound connection (malware-cnc.rules)
 * 1:27013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant inbound connection (malware-cnc.rules)
 * 1:27014 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epipenwa variant outbound connection (malware-cnc.rules)
 * 1:27017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato variant inbound response connection (malware-cnc.rules)
 * 1:27021 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Layvam variant outbound connection (malware-cnc.rules)
 * 1:27022 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules)
 * 1:27023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules)
 * 1:27033 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Transhell variant outbound connection user-agent (malware-cnc.rules)
 * 1:27039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.OnlineGameHack variant outbound connection (malware-cnc.rules)
 * 1:27044 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string pb - Htbot (malware-cnc.rules)
 * 1:27045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker Download (malware-cnc.rules)
 * 1:27049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dokstormac variant outbound connection (malware-cnc.rules)
 * 1:27054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant outbound connection (malware-cnc.rules)
 * 1:27058 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.HackBack variant outbound connection (malware-cnc.rules)
 * 1:27093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules)
 * 1:27120 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:27169 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atezag variant outbound connection (malware-cnc.rules)
 * 1:27199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meredrop variant outbound connection GET Request (malware-cnc.rules)
 * 1:27200 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meredrop variant outbound connection POST Request (malware-cnc.rules)
 * 1:27201 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neurevt variant outbound connection (malware-cnc.rules)
 * 1:27248 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue - Mozi1la User-Agent (malware-cnc.rules)
 * 1:27252 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess 111-byte URL variant outbound connection (malware-cnc.rules)
 * 1:27256 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik Drive-by Download Malware (malware-cnc.rules)
 * 1:27257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptic 7-byte URI Invalid Firefox Headers - no Accept-Language (malware-cnc.rules)
 * 1:27260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Java.Agent.NFK variant connection (malware-cnc.rules)
 * 1:27263 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - yahoonews (malware-cnc.rules)
 * 1:27533 <-> DISABLED <-> MALWARE-CNC Potential Win.Trojan.Kraziomel Download - 000.jpg (malware-cnc.rules)
 * 1:27551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorapu variant outbound connection (malware-cnc.rules)
 * 1:27558 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bezigate variant outbound connection (malware-cnc.rules)
 * 1:27567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix malicious download request (malware-cnc.rules)
 * 1:27577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:27596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redyms variant outbound connection (malware-cnc.rules)
 * 1:27599 <-> DISABLED <-> MALWARE-CNC Fort Disco Registration variant outbound connection (malware-cnc.rules)
 * 1:27600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nawpers variant connection (malware-cnc.rules)
 * 1:27629 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules)
 * 1:27630 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules)
 * 1:27631 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules)
 * 1:27633 <-> DISABLED <-> MALWARE-CNC Worm.Silly variant outbound connection (malware-cnc.rules)
 * 1:27636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Likseput variant connection (malware-cnc.rules)
 * 1:27637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syhcmd variant connection (malware-cnc.rules)
 * 1:27639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epipenwa variant connection (malware-cnc.rules)
 * 1:27640 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chekafe variant connection (malware-cnc.rules)
 * 1:27641 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meilat variant connection (malware-cnc.rules)
 * 1:26946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uptime RAT beacon (malware-cnc.rules)
 * 1:27642 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downbot variant connection (malware-cnc.rules)
 * 1:27643 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Betabot variant connection (malware-cnc.rules)
 * 1:27644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Merong variant connection (malware-cnc.rules)
 * 1:27645 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Binjo variant outbound connection (malware-cnc.rules)
 * 1:27647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nelaja variant outbound connection (malware-cnc.rules)
 * 1:27648 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker.ZSL variant outbound connection (malware-cnc.rules)
 * 1:27649 <-> DISABLED <-> MALWARE-CNC Brazilian Banking Trojan data theft (malware-cnc.rules)
 * 1:27655 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Enchanim variant connection (malware-cnc.rules)
 * 1:27659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gapz variant connection (malware-cnc.rules)
 * 1:27660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reabfrus variant connection (malware-cnc.rules)
 * 1:28857 <-> DISABLED <-> MALWARE-CNC Adwind UNRECOM connnection back to cnc server (malware-cnc.rules)
 * 1:28106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload information upload (malware-cnc.rules)
 * 1:28239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tuxido outbound connection (malware-cnc.rules)
 * 1:28119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /search.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant connection (malware-cnc.rules)
 * 1:28548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.chfx variant outbound connection (malware-cnc.rules)
 * 1:28250 <-> DISABLED <-> MALWARE-CNC Security Cleaner Pro Install Confirmation (malware-cnc.rules)
 * 1:28606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Surtr variant connection (malware-cnc.rules)
 * 1:28553 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /main.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plugx outbound connection (malware-cnc.rules)
 * 1:28463 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AllAple Variant ICMP flood (malware-cnc.rules)
 * 1:28551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NXI ftp username connection (malware-cnc.rules)
 * 1:28541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess Download Headers (malware-cnc.rules)
 * 1:28807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules)
 * 1:28141 <-> DISABLED <-> MALWARE-CNC Win.Trojan.banker outbound connection (malware-cnc.rules)
 * 1:28484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delpbank variant outbound connection (malware-cnc.rules)
 * 1:28411 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner variant outbound connection (malware-cnc.rules)
 * 1:28242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KanKan variant connection (malware-cnc.rules)
 * 1:28416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker outbound connection (malware-cnc.rules)
 * 1:28858 <-> DISABLED <-> MALWARE-CNC Adwind UNRECOM connnection back to cnc server (malware-cnc.rules)
 * 1:27661 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reabfrus variant connection (malware-cnc.rules)
 * 1:28008 <-> DISABLED <-> MALWARE-CNC BLYPT installer reuse outbound traffic (malware-cnc.rules)
 * 1:27867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper outbound connection (malware-cnc.rules)
 * 1:25623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jimpime variant outbound connection (malware-cnc.rules)
 * 1:27678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Goolelo variant connection (malware-cnc.rules)
 * 1:27728 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules)
 * 1:28859 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent z00sAgent - Win.Trojan.Zbot (malware-cnc.rules)
 * 1:28861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Roxfora variant outbound connection (malware-cnc.rules)
 * 1:28864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tofsee variant outbound connection (malware-cnc.rules)
 * 1:28886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules)
 * 1:28860 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Nitedrem (malware-cnc.rules)
 * 1:25829 <-> DISABLED <-> MALWARE-CNC Trojan Banker FTC variant outbound connection (malware-cnc.rules)
 * 1:27919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus encrypted POST Data exfiltration (malware-cnc.rules)
 * 1:27970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus dropper variant connection (malware-cnc.rules)
 * 1:27966 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:27963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lolbot variant outbound connection (malware-cnc.rules)
 * 1:28010 <-> DISABLED <-> MALWARE-CNC BLYPT installer tserror outbound traffic (malware-cnc.rules)
 * 1:28147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules)
 * 1:28554 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /online.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28399 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Tsunami outbound connection (malware-cnc.rules)
 * 1:28121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /welcome.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28444 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CBgate variant outbound connection (malware-cnc.rules)
 * 1:28114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /default.htm GET Encrypted Payload (malware-cnc.rules)
 * 1:28803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector inbound connection (malware-cnc.rules)
 * 1:27980 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /botnet/adduser.php?uid= (malware-cnc.rules)
 * 1:26954 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Talsab variant outbound connection (malware-cnc.rules)
 * 1:28040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules)
 * 1:28417 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Molgomsg variant outbound connection (malware-cnc.rules)