Talos has added and modified multiple rules in the browser-webkit, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:55999 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules) * 1:56000 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules) * 1:56001 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules) * 1:56002 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CMW 100 SQL injection attempt (server-webapp.rules) * 1:56003 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant initial outbound request detected (malware-cnc.rules) * 1:56004 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CMW 100 cross site scripting attempt (server-webapp.rules) * 1:56005 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules) * 1:56006 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules) * 1:56007 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules) * 1:56008 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt (browser-webkit.rules) * 1:56009 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt (browser-webkit.rules)
* 1:33161 <-> DISABLED <-> MALWARE-CNC Win.Spyware.Rombertik outbound connection (malware-cnc.rules) * 1:33165 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poweliks outbound connection (malware-cnc.rules) * 1:33199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Sabeba outbound connection (malware-cnc.rules) * 1:33200 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pisces variant outbound connection (malware-cnc.rules) * 1:33207 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mazilla/5.0 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules) * 1:33217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuovoscor variant outbound connection (malware-cnc.rules) * 1:33218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cendode system information disclosure attempt (malware-cnc.rules) * 1:33219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue variant outbound connection (malware-cnc.rules) * 1:33220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye keylogger exfiltration attempt (malware-cnc.rules) * 1:33221 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules) * 1:33222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules) * 1:33223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules) * 1:33227 <-> DISABLED <-> MALWARE-CNC Win.Agent.BHHK variant outbound connection (malware-cnc.rules) * 1:33228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules) * 1:33230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33231 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox/5.0 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33232 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - AppUpdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33233 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-1 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33234 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2508Inst - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33235 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-2 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33236 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2808inst - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33237 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Player - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33238 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Wurst - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33239 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Installer/1.0 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33240 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - FixUpdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33242 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Explorer - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33243 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozilla - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33244 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33245 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera10 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33246 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - OperaMini - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33248 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Peers12 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33249 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SLSSoapClient - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33250 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Tintin - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33251 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - USER_CHECK - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33252 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - WATClient - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33253 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - bbbbbbbbbb - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33254 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - hi - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33255 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - iMacros - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33256 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - macrotest - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33257 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlymacros - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33258 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Updates downloader - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33259 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - testupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33260 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlyupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33282 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules) * 1:33284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.OnLineGames variant outbound connection (malware-cnc.rules) * 1:33285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bavload outbound download request attempt (malware-cnc.rules) * 1:33289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rawpos incoming backdoor connection attempt (malware-cnc.rules) * 1:33299 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foxy variant outbound connection (malware-cnc.rules) * 1:33305 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rubinurd variant outbound connection (malware-cnc.rules) * 1:33328 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules) * 1:33329 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules) * 1:33330 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules) * 1:33342 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules) * 1:33411 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules) * 1:33431 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gefetroe variant outbound connection (malware-cnc.rules) * 1:33443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:33444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules) * 1:33449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileEncoder IP geolocation checkin attempt (malware-cnc.rules) * 1:33450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileEncoder variant outbound connection (malware-cnc.rules) * 1:33453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules) * 1:33456 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules) * 1:33457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:33464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dynamer variant outbound connection (malware-cnc.rules) * 1:33481 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Xnote outbound connection (malware-cnc.rules) * 1:33482 <-> DISABLED <-> MALWARE-CNC Win.Worm.Enosch variant outbound connection (malware-cnc.rules) * 1:33496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda variant outbound connection (malware-cnc.rules) * 1:33513 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - XAgent - Operation Pawn Storm (malware-cnc.rules) * 1:33519 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ALIZER (malware-cnc.rules) * 1:33520 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy inbound CNC response (malware-cnc.rules) * 1:33521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (malware-cnc.rules) * 1:33522 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - DNS Changer (malware-cnc.rules) * 1:33523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (malware-cnc.rules) * 1:33524 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (malware-cnc.rules) * 1:33543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules) * 1:33545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules) * 1:33546 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules) * 1:33547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Turla outbound connection (malware-cnc.rules) * 1:33594 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules) * 1:33620 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.lubot outbound connection (malware-cnc.rules) * 1:33621 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.lubot outbound connection (malware-cnc.rules) * 1:33633 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Downing - Win.Trojan.Otwycal (malware-cnc.rules) * 1:33646 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:33647 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:33648 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:33649 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Google Omaha - Win.Trojan.ExtenBro (malware-cnc.rules) * 1:33650 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba outbound connection (malware-cnc.rules) * 1:33674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules) * 1:33675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules) * 1:33677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Babar outbound connection (malware-cnc.rules) * 1:33678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FannyWorm outbound connection (malware-cnc.rules) * 1:33704 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33745 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33749 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33750 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:33819 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:33820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:33821 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:33822 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:33831 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent DownloadMR - Solimba (malware-cnc.rules) * 1:33851 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules) * 1:33852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules) * 1:33854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LogPOS variant outbound connection (malware-cnc.rules) * 1:33857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PwnPOS data exfiltration attempt (malware-cnc.rules) * 1:33859 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33860 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:32175 <-> DISABLED <-> MALWARE-CNC Osx.Backdoor.iWorm variant outbound connection (malware-cnc.rules) * 1:32179 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Plugx variant outbound connection (malware-cnc.rules) * 1:32180 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.ZxShell connection incoming attempt (malware-cnc.rules) * 1:32181 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.ZxShell connection outgoing attempt (malware-cnc.rules) * 1:32192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zxshell variant outbound connection (malware-cnc.rules) * 1:32193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dubrute variant outbound connection (malware-cnc.rules) * 1:32194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dubrute variant outbound connection (malware-cnc.rules) * 1:32195 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Palebot variant outbound connection (malware-cnc.rules) * 1:32196 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules) * 1:32197 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zerolocker variant outbound connection (malware-cnc.rules) * 1:32198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mujormel outbound connection (malware-cnc.rules) * 1:32202 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Soaphrish variant outbound connection (malware-cnc.rules) * 1:32220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy download detected (malware-cnc.rules) * 1:32221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy download detected (malware-cnc.rules) * 1:32222 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Liroospu variant outbound connection (malware-cnc.rules) * 1:32225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall variant outbound connection (malware-cnc.rules) * 1:32243 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Clemint variant outbound connection (malware-cnc.rules) * 1:32250 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hydraq.variant outbound detected (malware-cnc.rules) * 1:32270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba variant outbound connection (malware-cnc.rules) * 1:32272 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Hesechca variant outbound connection (malware-cnc.rules) * 1:32285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zoxpng variant outbound connection (malware-cnc.rules) * 1:32287 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sapertilz variant outbound connection (malware-cnc.rules) * 1:32289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32291 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Acanas variant outbound connection (malware-cnc.rules) * 1:32294 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent BloodguyBrowser-_- (malware-cnc.rules) * 1:32295 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string http - Win.Trojan.Waski (malware-cnc.rules) * 1:32296 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string update - Win.Trojan.Waski (malware-cnc.rules) * 1:32310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli variant outbound connection (malware-cnc.rules) * 1:32311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rehtesyk outbound connection (malware-cnc.rules) * 1:32312 <-> DISABLED <-> MALWARE-CNC FrameworkPOS data exfiltration through DNS - beacon message (malware-cnc.rules) * 1:32328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant download request (malware-cnc.rules) * 1:32329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules) * 1:32330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules) * 1:32331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules) * 1:32332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hancitor variant outbound connection (malware-cnc.rules) * 1:32333 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string fast uax (malware-cnc.rules) * 1:32334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stantinko variant outbound connection (malware-cnc.rules) * 1:32338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ropest variant outbound connection (malware-cnc.rules) * 1:32341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cakwerd variant outbound connection (malware-cnc.rules) * 1:32343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant inbound spam attempt (malware-cnc.rules) * 1:32344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound spam attempt (malware-cnc.rules) * 1:32354 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsune variant outbound connection (malware-cnc.rules) * 1:32357 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Akaza variant outbound connection (malware-cnc.rules) * 1:32367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GameOverZeus variant outbound connection (malware-cnc.rules) * 1:32368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex variant outbound connection (malware-cnc.rules) * 1:32372 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drepitt variant outbound connection (malware-cnc.rules) * 1:32373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Broonject variant outbound connection (malware-cnc.rules) * 1:32374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules) * 1:32379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Baccamun variant outbound connection (malware-cnc.rules) * 1:32383 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - connect - Win.Backdoor.Upatre (malware-cnc.rules) * 1:32384 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - myupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:32394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules) * 1:32395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules) * 1:32396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules) * 1:32397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules) * 1:32400 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Parama attempted outbound connection (malware-cnc.rules) * 1:32401 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Kivars outbound connection (malware-cnc.rules) * 1:32402 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent globalupdate - Osx.Trojan.Wirelurker (malware-cnc.rules) * 1:32451 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backoff initial outbound connection (malware-cnc.rules) * 1:32455 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VUPHTTP - Win.Trojan.Puvespia (malware-cnc.rules) * 1:32456 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Effseart variant outbound connection (malware-cnc.rules) * 1:32457 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Effseart variant inbound connection (malware-cnc.rules) * 1:32464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker variant outbound connection (malware-cnc.rules) * 1:32469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankeiya outbound connection (malware-cnc.rules) * 1:32486 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Exadog outbound connection (malware-cnc.rules) * 1:32487 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Exadog variant outbound connection (malware-cnc.rules) * 1:32493 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA variant outbound connection (malware-cnc.rules) * 1:32494 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA variant outbound connection (malware-cnc.rules) * 1:32504 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (malware-cnc.rules) * 1:32505 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (malware-cnc.rules) * 1:32506 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Secdeskinf outbound connection (malware-cnc.rules) * 1:32510 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.PiltabeA outbound connection (malware-cnc.rules) * 1:32511 <-> DISABLED <-> MALWARE-CNC PCRat variant outbound connection (malware-cnc.rules) * 1:32512 <-> DISABLED <-> MALWARE-CNC PCRat variant outbound connection (malware-cnc.rules) * 1:32513 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Havex outbound connection (malware-cnc.rules) * 1:32521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 2.0 possible TOR client retrieval attempt (malware-cnc.rules) * 1:32529 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Vkont variant outbound connection (malware-cnc.rules) * 1:32548 <-> DISABLED <-> MALWARE-CNC Mac.Backdoor.iWorm attempted outbound connection (malware-cnc.rules) * 1:32550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Extant variant outbound connection (malware-cnc.rules) * 1:32551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coreshell variant outbound connection (malware-cnc.rules) * 1:32556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayoboiz outbound connection (malware-cnc.rules) * 1:32557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayoboiz outbound connection (malware-cnc.rules) * 1:32583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:32584 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:32585 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:32586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:32598 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad file wipe attempt (malware-cnc.rules) * 1:32599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad outbound connection (malware-cnc.rules) * 1:32600 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad file wipe attempt (malware-cnc.rules) * 1:32604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Geodo variant outbound connection (malware-cnc.rules) * 1:32605 <-> DISABLED <-> MALWARE-CNC Win.Worm.Jenxcus variant outbound connection (malware-cnc.rules) * 1:32606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral variant outbound connection (malware-cnc.rules) * 1:32607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt (malware-cnc.rules) * 1:32608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt (malware-cnc.rules) * 1:32609 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (malware-cnc.rules) * 1:32610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive (malware-cnc.rules) * 1:32613 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jadowndec attempted outbound connection (malware-cnc.rules) * 1:32614 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jadowndec attempted outbound connection (malware-cnc.rules) * 1:32621 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules) * 1:32624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules) * 1:32645 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RUpdate (malware-cnc.rules) * 1:32665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chopstick variant outbound request (malware-cnc.rules) * 1:32667 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chopstick variant outbound request (malware-cnc.rules) * 1:32674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wiper variant outbound connection (malware-cnc.rules) * 1:32677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules) * 1:32678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules) * 1:32706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules) * 1:32727 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Uclinu variant outbound connection (malware-cnc.rules) * 1:32728 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Olegb variant outbound connection (malware-cnc.rules) * 1:32734 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Typideg variant outbound connection (malware-cnc.rules) * 1:32735 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoPHP variant outbound connection (malware-cnc.rules) * 1:32736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoPHP variant outbound connection (malware-cnc.rules) * 1:32743 <-> DISABLED <-> MALWARE-CNC VGABot IRC communication attempt (malware-cnc.rules) * 1:32747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragebot variant outbound connection (malware-cnc.rules) * 1:32769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WOWCheckC Attempted CNC (malware-cnc.rules) * 1:32770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules) * 1:32776 <-> DISABLED <-> MALWARE-CNC FIN4 VBA Macro credentials upload attempt (malware-cnc.rules) * 1:32780 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (malware-cnc.rules) * 1:32781 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (malware-cnc.rules) * 1:32791 <-> DISABLED <-> MALWARE-CNC Win.Virus.Ransomlock outbound connection (malware-cnc.rules) * 1:32792 <-> DISABLED <-> MALWARE-CNC Win.Virus.Ransomlock inbound connection (malware-cnc.rules) * 1:32823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection (malware-cnc.rules) * 1:32824 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel variant outbound connection (malware-cnc.rules) * 1:32825 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection (malware-cnc.rules) * 1:32826 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel data upload attempt (malware-cnc.rules) * 1:32827 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel response connection attempt (malware-cnc.rules) * 1:32852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection (malware-cnc.rules) * 1:32853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection (malware-cnc.rules) * 1:32854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Loodir outbound connection (malware-cnc.rules) * 1:32882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ksypypro outbound connection (malware-cnc.rules) * 1:32891 <-> DISABLED <-> MALWARE-CNC Php.Malware.SoakSoakRedirect Malware traffic containing WordPress Administrator credentials (malware-cnc.rules) * 1:32892 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorLocker variant outbound connection (malware-cnc.rules) * 1:32893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Finforst outbound connection (malware-cnc.rules) * 1:32908 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules) * 1:32909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules) * 1:32910 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules) * 1:32950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bladabindi variant outbound connection (malware-cnc.rules) * 1:32956 <-> DISABLED <-> MALWARE-CNC Android.CoolReaper.Trojan outbound connection (malware-cnc.rules) * 1:32957 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound SOAP connection attempt (malware-cnc.rules) * 1:32958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot response connection attempt (malware-cnc.rules) * 1:32973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Twerket variant outbound connection (malware-cnc.rules) * 1:32976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluos variant outbound connection (malware-cnc.rules) * 1:32977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluos variant outbound connection (malware-cnc.rules) * 1:32978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules) * 1:32979 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules) * 1:32980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - multi-browser (malware-cnc.rules) * 1:32986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toopu dll embedded in png download attempt (malware-cnc.rules) * 1:32987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:32988 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:32989 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:32990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toopu outbound connection (malware-cnc.rules) * 1:33047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - realupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Joanap outbound connection (malware-cnc.rules) * 1:33058 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant inbound connection (malware-cnc.rules) * 1:33059 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant outbound connection (malware-cnc.rules) * 1:33060 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant outbound connection (malware-cnc.rules) * 1:33061 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lagulon.A outbound connection (malware-cnc.rules) * 1:33081 <-> DISABLED <-> MALWARE-CNC OnionDuke variant outbound connection (malware-cnc.rules) * 1:33082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nocpos initial outbound connection (malware-cnc.rules) * 1:33083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nocpos information disclosure attempt (malware-cnc.rules) * 1:33084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tosct variant outbound connection (malware-cnc.rules) * 1:33145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules) * 1:33148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules) * 1:33149 <-> DISABLED <-> MALWARE-CNC Win.Worm.Ultramine outbound connection (malware-cnc.rules) * 1:33152 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nurjax.A outbound connection (malware-cnc.rules) * 1:33153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Heur variant outbound connection (malware-cnc.rules) * 1:31820 <-> DISABLED <-> MALWARE-CNC Win.Banker.Delf variant outbound connection (malware-cnc.rules) * 1:31824 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules) * 1:31826 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant HTTP Response (malware-cnc.rules) * 1:31827 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules) * 1:31828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jabberbot variant outbound connection (malware-cnc.rules) * 1:31832 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pfinet outbound connection (malware-cnc.rules) * 1:31833 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chkbot outbound connection (malware-cnc.rules) * 1:31834 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Delorado variant outbound connection (malware-cnc.rules) * 1:31835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yesudac variant outbound connection (malware-cnc.rules) * 1:31836 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Seribe variant outbound connection (malware-cnc.rules) * 1:31837 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retgate variant outbound connection (malware-cnc.rules) * 1:31883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Waterspout outbound connection (malware-cnc.rules) * 1:31885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Threebyte variant outbound connection (malware-cnc.rules) * 1:31895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toupi variant outbound connection (malware-cnc.rules) * 1:31897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (malware-cnc.rules) * 1:31904 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:31907 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Honerep variant outbound connection (malware-cnc.rules) * 1:31909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Basostab variant outbound connection (malware-cnc.rules) * 1:31911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Gareme variant outbound connection (malware-cnc.rules) * 1:31913 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maozhi variant outbound connection (malware-cnc.rules) * 1:31915 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Ziyazo variant outbound connection (malware-cnc.rules) * 1:31916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:31923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant HTTP response attempt (malware-cnc.rules) * 1:31924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:31925 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Jynxkit outbound connection (malware-cnc.rules) * 1:31928 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Becontr variant outbound connection (malware-cnc.rules) * 1:31929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules) * 1:31930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules) * 1:31941 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Pedrp variant outbound connection (malware-cnc.rules) * 1:31947 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - HttpCall - Win.Trojan.Rukypee (malware-cnc.rules) * 1:31948 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MyProgramm - Win.Trojan.Rukypee (malware-cnc.rules) * 1:31949 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Skypee - Win.Trojan.Rukypee (malware-cnc.rules) * 1:31954 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules) * 1:31955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules) * 1:31957 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Torct variant outbound connection (malware-cnc.rules) * 1:31964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:31973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chebri variant outbound connection (malware-cnc.rules) * 1:31974 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zegorg variant outbound connection (malware-cnc.rules) * 1:31990 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Install - Win.Backdoor.Upatre (malware-cnc.rules) * 1:31991 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Treck - Win.Backdoor.Upatre (malware-cnc.rules) * 1:31992 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31993 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31994 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31995 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31996 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31997 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31998 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31999 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:32000 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:32001 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:32002 <-> DISABLED <-> MALWARE-CNC Win.Worm.Zorenium variant outbound connection (malware-cnc.rules) * 1:32009 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder inbound connection attempt - command (malware-cnc.rules) * 1:32010 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder outbound telnet connection attempt (malware-cnc.rules) * 1:32011 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder outbound connection (malware-cnc.rules) * 1:32012 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Bipamid variant outbound connection (malware-cnc.rules) * 1:32013 <-> DISABLED <-> MALWARE-CNC Linux.Worm.Darlloz variant outbound connection (malware-cnc.rules) * 1:32015 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zeus variant outbound connection (malware-cnc.rules) * 1:32016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Menteni variant outbound connection (malware-cnc.rules) * 1:32017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Memlog SMB file transfer (malware-cnc.rules) * 1:32018 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Hupigon.NYK variant outbound connection (malware-cnc.rules) * 1:32020 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Krompt variant outbound connection (malware-cnc.rules) * 1:32023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinpid variant outbound connection (malware-cnc.rules) * 1:32028 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Klabcon variant outbound connection (malware-cnc.rules) * 1:32030 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Decibal - Win.Trojan.Decibal (malware-cnc.rules) * 1:32031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Decibal variant outbound connection (malware-cnc.rules) * 1:32033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larosden variant outbound connection (malware-cnc.rules) * 1:32034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larefervt variant outbound connection (malware-cnc.rules) * 1:32035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boleteiro variant outbound connection (malware-cnc.rules) * 1:32036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Somoca vaniant outbound connection (malware-cnc.rules) * 1:32037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload.awt variant outbound connection (malware-cnc.rules) * 1:32048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lecpetex variant outbound connection (malware-cnc.rules) * 1:32050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Larosden variant outbound connection (malware-cnc.rules) * 1:32052 <-> DISABLED <-> MALWARE-CNC User-Agent Xsser mRAT user-agent (malware-cnc.rules) * 1:32053 <-> DISABLED <-> MALWARE-CNC Xsser mRAT GPS data upload (malware-cnc.rules) * 1:32054 <-> DISABLED <-> MALWARE-CNC Xsser mRAT file upload (malware-cnc.rules) * 1:32058 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Masatekar variant outbound connection (malware-cnc.rules) * 1:32060 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent string - httptestman - Win.Backdoor.Rabasheeta (malware-cnc.rules) * 1:32061 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Nekill variant outbound connection (malware-cnc.rules) * 1:32065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox inbound connection (malware-cnc.rules) * 1:32066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox outbound connection (malware-cnc.rules) * 1:32067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox outbound connection (malware-cnc.rules) * 1:32071 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zapchast variant outbound connection (malware-cnc.rules) * 1:32072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot configuration download attempt (malware-cnc.rules) * 1:32073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot outbound connection (malware-cnc.rules) * 1:32074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot payload download attempt (malware-cnc.rules) * 1:32075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small variant outbound connection (malware-cnc.rules) * 1:32086 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Corkow variant outbound connection (malware-cnc.rules) * 1:32090 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saaglup variant outbound connection (malware-cnc.rules) * 1:32091 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.PcertStealer variant outbound connection (malware-cnc.rules) * 1:32093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:32096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Puver variant outbound connection (malware-cnc.rules) * 1:32121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (malware-cnc.rules) * 1:32123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:32125 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - update - Win.Backdoor.Upatre (malware-cnc.rules) * 1:32126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lizarbot outbound connection (malware-cnc.rules) * 1:32129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:32130 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:33867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33868 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33872 <-> DISABLED <-> MALWARE-CNC Win.Worm.Urahu outbound connection (malware-cnc.rules) * 1:33873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tepoyx outbound connection detection (malware-cnc.rules) * 1:33876 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules) * 1:33877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules) * 1:33878 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules) * 1:33879 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules) * 1:33883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadtre variant outbound connection (malware-cnc.rules) * 1:33884 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string dolit (malware-cnc.rules) * 1:33885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules) * 1:33886 <-> DISABLED <-> MALWARE-CNC WIn.Trojan.HawkEye keylogger variant outbound connection (malware-cnc.rules) * 1:33891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Amasages variant outbound connection (malware-cnc.rules) * 1:33892 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xerq outbound connection (malware-cnc.rules) * 1:33893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:33907 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - KAIIOOOO871 - Win.Trojan.Dridex (malware-cnc.rules) * 1:33912 <-> DISABLED <-> MALWARE-CNC Cryptofortress Decryption Software Purchase Tor Website (malware-cnc.rules) * 1:33913 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Concbak outbound connection (malware-cnc.rules) * 1:33914 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Barys (malware-cnc.rules) * 1:33930 <-> DISABLED <-> MALWARE-CNC Vicepass outbound connection initial request to the CNC sending system information (malware-cnc.rules) * 1:33931 <-> DISABLED <-> MALWARE-CNC Win.Worm.Goldrv variant outbound connection (malware-cnc.rules) * 1:33932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tempedreve Samba probe (malware-cnc.rules) * 1:33933 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Penget variant outbound connection (malware-cnc.rules) * 1:33966 <-> DISABLED <-> MALWARE-CNC Win.Worm.Mafusc variant outbound connection (malware-cnc.rules) * 1:33985 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.ChinaZ outbound connection (malware-cnc.rules) * 1:33989 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules) * 1:33990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules) * 1:33992 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules) * 1:33993 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules) * 1:33994 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Beshida outbound connection (malware-cnc.rules) * 1:33996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules) * 1:33997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules) * 1:34001 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules) * 1:34002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules) * 1:34003 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules) * 1:34004 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34006 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34008 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34009 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ayuther variant outbound connection (malware-cnc.rules) * 1:34025 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules) * 1:34026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules) * 1:34028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bruecimig variant outbound connection (malware-cnc.rules) * 1:34030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34032 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banklaed variant outbound connection (malware-cnc.rules) * 1:34041 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Igliveforg variant initial outbound connection (malware-cnc.rules) * 1:34042 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Igliveforg variant outbound connection (malware-cnc.rules) * 1:34044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Exacrytion variant outbound connection (malware-cnc.rules) * 1:34045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eitenckay initial outbound connection (malware-cnc.rules) * 1:34046 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expilan variant outbound connection (malware-cnc.rules) * 1:34047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBPasswordStealer variant outbound connection (malware-cnc.rules) * 1:34049 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.EvilBunny variant outbound connection (malware-cnc.rules) * 1:34050 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nepigon variant outbound connection (malware-cnc.rules) * 1:34052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NewPos outbound connection (malware-cnc.rules) * 1:34108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarsi variant outbound connection (malware-cnc.rules) * 1:34111 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chrozil variant outbound connection (malware-cnc.rules) * 1:34113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent beacon reply attempt (malware-cnc.rules) * 1:34115 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules) * 1:34116 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules) * 1:34117 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zupdax variant outbound connection (malware-cnc.rules) * 1:34128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WIntruder outbound connection (malware-cnc.rules) * 1:34130 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:34132 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Erotimpact variant outbound connection (malware-cnc.rules) * 1:34136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant MSSQL response (malware-cnc.rules) * 1:34138 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Netkrypt inbound response (malware-cnc.rules) * 1:34140 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbound connection (malware-cnc.rules) * 1:34143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypvault outbound connection (malware-cnc.rules) * 1:34155 <-> DISABLED <-> MALWARE-CNC MacOS.Backdoor.Xslcmd outbound connection (malware-cnc.rules) * 1:34161 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Punkey outbound connection (malware-cnc.rules) * 1:34181 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:34182 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:34183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:34214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Capimac variant outbound connection (malware-cnc.rules) * 1:34216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (malware-cnc.rules) * 1:34217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aytoke variant outbound connection (malware-cnc.rules) * 1:34219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nanocore variant outbound connection (malware-cnc.rules) * 1:34223 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Yebot variant outbound connection (malware-cnc.rules) * 1:34246 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AAEH variant outbound connection (malware-cnc.rules) * 1:34261 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:34262 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:34263 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:34280 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:34281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:34282 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:34283 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:34286 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mudrop variant outbound connection (malware-cnc.rules) * 1:34289 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Plez outbound connection (malware-cnc.rules) * 1:34290 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Plez outbound connection (malware-cnc.rules) * 1:34291 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string crackim (malware-cnc.rules) * 1:34292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kraken outbound connection (malware-cnc.rules) * 1:34296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules) * 1:34297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules) * 1:34307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34308 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:40066 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.LokiBot (malware-cnc.rules) * 1:40067 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LokiBot outbound connection (malware-cnc.rules) * 1:46062 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules) * 1:46063 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules) * 1:46064 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules) * 1:48818 <-> ENABLED <-> MALWARE-CNC Js.Trojan.Agent variant outbound connection (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56007 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules) * 1:56009 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt (browser-webkit.rules) * 1:56001 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules) * 1:56006 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules) * 1:56000 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules) * 1:56004 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CMW 100 cross site scripting attempt (server-webapp.rules) * 1:56003 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant initial outbound request detected (malware-cnc.rules) * 1:55999 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules) * 1:56005 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules) * 1:56002 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CMW 100 SQL injection attempt (server-webapp.rules) * 1:56008 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt (browser-webkit.rules)
* 1:32504 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (malware-cnc.rules) * 1:33821 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:33822 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:31820 <-> DISABLED <-> MALWARE-CNC Win.Banker.Delf variant outbound connection (malware-cnc.rules) * 1:31824 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules) * 1:31826 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant HTTP Response (malware-cnc.rules) * 1:31827 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules) * 1:31828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jabberbot variant outbound connection (malware-cnc.rules) * 1:31832 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pfinet outbound connection (malware-cnc.rules) * 1:31833 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chkbot outbound connection (malware-cnc.rules) * 1:31834 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Delorado variant outbound connection (malware-cnc.rules) * 1:31835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yesudac variant outbound connection (malware-cnc.rules) * 1:31836 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Seribe variant outbound connection (malware-cnc.rules) * 1:31837 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retgate variant outbound connection (malware-cnc.rules) * 1:31883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Waterspout outbound connection (malware-cnc.rules) * 1:31885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Threebyte variant outbound connection (malware-cnc.rules) * 1:31895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toupi variant outbound connection (malware-cnc.rules) * 1:31897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (malware-cnc.rules) * 1:31904 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:31907 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Honerep variant outbound connection (malware-cnc.rules) * 1:31909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Basostab variant outbound connection (malware-cnc.rules) * 1:31911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Gareme variant outbound connection (malware-cnc.rules) * 1:31913 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maozhi variant outbound connection (malware-cnc.rules) * 1:31915 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Ziyazo variant outbound connection (malware-cnc.rules) * 1:31916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:31923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant HTTP response attempt (malware-cnc.rules) * 1:31924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:31925 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Jynxkit outbound connection (malware-cnc.rules) * 1:31928 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Becontr variant outbound connection (malware-cnc.rules) * 1:31929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules) * 1:31930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules) * 1:31941 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Pedrp variant outbound connection (malware-cnc.rules) * 1:31947 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - HttpCall - Win.Trojan.Rukypee (malware-cnc.rules) * 1:31948 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MyProgramm - Win.Trojan.Rukypee (malware-cnc.rules) * 1:31949 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Skypee - Win.Trojan.Rukypee (malware-cnc.rules) * 1:31954 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules) * 1:31955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules) * 1:31957 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Torct variant outbound connection (malware-cnc.rules) * 1:31964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:31973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chebri variant outbound connection (malware-cnc.rules) * 1:31974 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zegorg variant outbound connection (malware-cnc.rules) * 1:31990 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Install - Win.Backdoor.Upatre (malware-cnc.rules) * 1:31991 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Treck - Win.Backdoor.Upatre (malware-cnc.rules) * 1:31992 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31993 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31994 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31995 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31996 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31997 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31998 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31999 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:32000 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:32001 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:32002 <-> DISABLED <-> MALWARE-CNC Win.Worm.Zorenium variant outbound connection (malware-cnc.rules) * 1:32009 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder inbound connection attempt - command (malware-cnc.rules) * 1:32010 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder outbound telnet connection attempt (malware-cnc.rules) * 1:32011 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder outbound connection (malware-cnc.rules) * 1:32012 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Bipamid variant outbound connection (malware-cnc.rules) * 1:32013 <-> DISABLED <-> MALWARE-CNC Linux.Worm.Darlloz variant outbound connection (malware-cnc.rules) * 1:32015 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zeus variant outbound connection (malware-cnc.rules) * 1:32016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Menteni variant outbound connection (malware-cnc.rules) * 1:32017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Memlog SMB file transfer (malware-cnc.rules) * 1:32018 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Hupigon.NYK variant outbound connection (malware-cnc.rules) * 1:32020 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Krompt variant outbound connection (malware-cnc.rules) * 1:32023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinpid variant outbound connection (malware-cnc.rules) * 1:32028 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Klabcon variant outbound connection (malware-cnc.rules) * 1:32030 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Decibal - Win.Trojan.Decibal (malware-cnc.rules) * 1:32031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Decibal variant outbound connection (malware-cnc.rules) * 1:32033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larosden variant outbound connection (malware-cnc.rules) * 1:32034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larefervt variant outbound connection (malware-cnc.rules) * 1:32035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boleteiro variant outbound connection (malware-cnc.rules) * 1:32036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Somoca vaniant outbound connection (malware-cnc.rules) * 1:32037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload.awt variant outbound connection (malware-cnc.rules) * 1:32048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lecpetex variant outbound connection (malware-cnc.rules) * 1:32050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Larosden variant outbound connection (malware-cnc.rules) * 1:32052 <-> DISABLED <-> MALWARE-CNC User-Agent Xsser mRAT user-agent (malware-cnc.rules) * 1:32053 <-> DISABLED <-> MALWARE-CNC Xsser mRAT GPS data upload (malware-cnc.rules) * 1:32054 <-> DISABLED <-> MALWARE-CNC Xsser mRAT file upload (malware-cnc.rules) * 1:32058 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Masatekar variant outbound connection (malware-cnc.rules) * 1:32060 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent string - httptestman - Win.Backdoor.Rabasheeta (malware-cnc.rules) * 1:32061 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Nekill variant outbound connection (malware-cnc.rules) * 1:32065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox inbound connection (malware-cnc.rules) * 1:32066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox outbound connection (malware-cnc.rules) * 1:32067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox outbound connection (malware-cnc.rules) * 1:32071 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zapchast variant outbound connection (malware-cnc.rules) * 1:32072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot configuration download attempt (malware-cnc.rules) * 1:32073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot outbound connection (malware-cnc.rules) * 1:32074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot payload download attempt (malware-cnc.rules) * 1:32075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small variant outbound connection (malware-cnc.rules) * 1:32086 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Corkow variant outbound connection (malware-cnc.rules) * 1:32090 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saaglup variant outbound connection (malware-cnc.rules) * 1:32091 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.PcertStealer variant outbound connection (malware-cnc.rules) * 1:32093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:32096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Puver variant outbound connection (malware-cnc.rules) * 1:32121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (malware-cnc.rules) * 1:32123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:32125 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - update - Win.Backdoor.Upatre (malware-cnc.rules) * 1:32126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lizarbot outbound connection (malware-cnc.rules) * 1:32129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:32130 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:32175 <-> DISABLED <-> MALWARE-CNC Osx.Backdoor.iWorm variant outbound connection (malware-cnc.rules) * 1:32179 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Plugx variant outbound connection (malware-cnc.rules) * 1:32180 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.ZxShell connection incoming attempt (malware-cnc.rules) * 1:32181 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.ZxShell connection outgoing attempt (malware-cnc.rules) * 1:32192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zxshell variant outbound connection (malware-cnc.rules) * 1:32193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dubrute variant outbound connection (malware-cnc.rules) * 1:32194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dubrute variant outbound connection (malware-cnc.rules) * 1:32195 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Palebot variant outbound connection (malware-cnc.rules) * 1:32196 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules) * 1:32197 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zerolocker variant outbound connection (malware-cnc.rules) * 1:32198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mujormel outbound connection (malware-cnc.rules) * 1:32202 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Soaphrish variant outbound connection (malware-cnc.rules) * 1:32220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy download detected (malware-cnc.rules) * 1:32221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy download detected (malware-cnc.rules) * 1:32222 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Liroospu variant outbound connection (malware-cnc.rules) * 1:32225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall variant outbound connection (malware-cnc.rules) * 1:32243 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Clemint variant outbound connection (malware-cnc.rules) * 1:32250 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hydraq.variant outbound detected (malware-cnc.rules) * 1:32270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba variant outbound connection (malware-cnc.rules) * 1:32272 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Hesechca variant outbound connection (malware-cnc.rules) * 1:32285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zoxpng variant outbound connection (malware-cnc.rules) * 1:32287 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sapertilz variant outbound connection (malware-cnc.rules) * 1:32289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32291 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Acanas variant outbound connection (malware-cnc.rules) * 1:32294 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent BloodguyBrowser-_- (malware-cnc.rules) * 1:32295 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string http - Win.Trojan.Waski (malware-cnc.rules) * 1:32296 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string update - Win.Trojan.Waski (malware-cnc.rules) * 1:32310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli variant outbound connection (malware-cnc.rules) * 1:32311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rehtesyk outbound connection (malware-cnc.rules) * 1:32312 <-> DISABLED <-> MALWARE-CNC FrameworkPOS data exfiltration through DNS - beacon message (malware-cnc.rules) * 1:32328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant download request (malware-cnc.rules) * 1:32329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules) * 1:32330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules) * 1:32331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules) * 1:32332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hancitor variant outbound connection (malware-cnc.rules) * 1:32333 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string fast uax (malware-cnc.rules) * 1:32334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stantinko variant outbound connection (malware-cnc.rules) * 1:32338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ropest variant outbound connection (malware-cnc.rules) * 1:32341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cakwerd variant outbound connection (malware-cnc.rules) * 1:32343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant inbound spam attempt (malware-cnc.rules) * 1:32344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound spam attempt (malware-cnc.rules) * 1:32354 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsune variant outbound connection (malware-cnc.rules) * 1:32357 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Akaza variant outbound connection (malware-cnc.rules) * 1:32367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GameOverZeus variant outbound connection (malware-cnc.rules) * 1:32368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex variant outbound connection (malware-cnc.rules) * 1:32372 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drepitt variant outbound connection (malware-cnc.rules) * 1:32373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Broonject variant outbound connection (malware-cnc.rules) * 1:32374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules) * 1:32379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Baccamun variant outbound connection (malware-cnc.rules) * 1:32383 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - connect - Win.Backdoor.Upatre (malware-cnc.rules) * 1:32384 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - myupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:32394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules) * 1:32395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules) * 1:32396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules) * 1:32397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules) * 1:32400 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Parama attempted outbound connection (malware-cnc.rules) * 1:32401 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Kivars outbound connection (malware-cnc.rules) * 1:32402 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent globalupdate - Osx.Trojan.Wirelurker (malware-cnc.rules) * 1:32451 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backoff initial outbound connection (malware-cnc.rules) * 1:32455 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VUPHTTP - Win.Trojan.Puvespia (malware-cnc.rules) * 1:32456 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Effseart variant outbound connection (malware-cnc.rules) * 1:32457 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Effseart variant inbound connection (malware-cnc.rules) * 1:32464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker variant outbound connection (malware-cnc.rules) * 1:32469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankeiya outbound connection (malware-cnc.rules) * 1:32486 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Exadog outbound connection (malware-cnc.rules) * 1:32487 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Exadog variant outbound connection (malware-cnc.rules) * 1:32493 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA variant outbound connection (malware-cnc.rules) * 1:32494 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA variant outbound connection (malware-cnc.rules) * 1:33867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33868 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33872 <-> DISABLED <-> MALWARE-CNC Win.Worm.Urahu outbound connection (malware-cnc.rules) * 1:33873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tepoyx outbound connection detection (malware-cnc.rules) * 1:33876 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules) * 1:33877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules) * 1:33878 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules) * 1:33879 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules) * 1:33883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadtre variant outbound connection (malware-cnc.rules) * 1:33884 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string dolit (malware-cnc.rules) * 1:33885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules) * 1:33886 <-> DISABLED <-> MALWARE-CNC WIn.Trojan.HawkEye keylogger variant outbound connection (malware-cnc.rules) * 1:33891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Amasages variant outbound connection (malware-cnc.rules) * 1:33892 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xerq outbound connection (malware-cnc.rules) * 1:33893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:33907 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - KAIIOOOO871 - Win.Trojan.Dridex (malware-cnc.rules) * 1:33912 <-> DISABLED <-> MALWARE-CNC Cryptofortress Decryption Software Purchase Tor Website (malware-cnc.rules) * 1:33913 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Concbak outbound connection (malware-cnc.rules) * 1:33914 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Barys (malware-cnc.rules) * 1:33930 <-> DISABLED <-> MALWARE-CNC Vicepass outbound connection initial request to the CNC sending system information (malware-cnc.rules) * 1:33931 <-> DISABLED <-> MALWARE-CNC Win.Worm.Goldrv variant outbound connection (malware-cnc.rules) * 1:33932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tempedreve Samba probe (malware-cnc.rules) * 1:33933 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Penget variant outbound connection (malware-cnc.rules) * 1:33966 <-> DISABLED <-> MALWARE-CNC Win.Worm.Mafusc variant outbound connection (malware-cnc.rules) * 1:33985 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.ChinaZ outbound connection (malware-cnc.rules) * 1:33989 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules) * 1:33990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules) * 1:33992 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules) * 1:33993 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules) * 1:33994 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Beshida outbound connection (malware-cnc.rules) * 1:33996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules) * 1:33997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules) * 1:34001 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules) * 1:34002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules) * 1:34003 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules) * 1:34004 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34006 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34008 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34009 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:32505 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (malware-cnc.rules) * 1:32506 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Secdeskinf outbound connection (malware-cnc.rules) * 1:32510 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.PiltabeA outbound connection (malware-cnc.rules) * 1:32511 <-> DISABLED <-> MALWARE-CNC PCRat variant outbound connection (malware-cnc.rules) * 1:32512 <-> DISABLED <-> MALWARE-CNC PCRat variant outbound connection (malware-cnc.rules) * 1:32513 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Havex outbound connection (malware-cnc.rules) * 1:32521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 2.0 possible TOR client retrieval attempt (malware-cnc.rules) * 1:32529 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Vkont variant outbound connection (malware-cnc.rules) * 1:32548 <-> DISABLED <-> MALWARE-CNC Mac.Backdoor.iWorm attempted outbound connection (malware-cnc.rules) * 1:32550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Extant variant outbound connection (malware-cnc.rules) * 1:32551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coreshell variant outbound connection (malware-cnc.rules) * 1:32556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayoboiz outbound connection (malware-cnc.rules) * 1:32557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayoboiz outbound connection (malware-cnc.rules) * 1:32583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:32584 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:32585 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:32586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:32598 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad file wipe attempt (malware-cnc.rules) * 1:32599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad outbound connection (malware-cnc.rules) * 1:32600 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad file wipe attempt (malware-cnc.rules) * 1:32604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Geodo variant outbound connection (malware-cnc.rules) * 1:32605 <-> DISABLED <-> MALWARE-CNC Win.Worm.Jenxcus variant outbound connection (malware-cnc.rules) * 1:32606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral variant outbound connection (malware-cnc.rules) * 1:32607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt (malware-cnc.rules) * 1:32608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt (malware-cnc.rules) * 1:32609 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (malware-cnc.rules) * 1:32610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive (malware-cnc.rules) * 1:32613 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jadowndec attempted outbound connection (malware-cnc.rules) * 1:32614 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jadowndec attempted outbound connection (malware-cnc.rules) * 1:32621 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules) * 1:32624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules) * 1:32645 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RUpdate (malware-cnc.rules) * 1:32665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chopstick variant outbound request (malware-cnc.rules) * 1:32667 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chopstick variant outbound request (malware-cnc.rules) * 1:32674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wiper variant outbound connection (malware-cnc.rules) * 1:32677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules) * 1:32678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules) * 1:32706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules) * 1:32727 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Uclinu variant outbound connection (malware-cnc.rules) * 1:32728 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Olegb variant outbound connection (malware-cnc.rules) * 1:32734 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Typideg variant outbound connection (malware-cnc.rules) * 1:32735 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoPHP variant outbound connection (malware-cnc.rules) * 1:32736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoPHP variant outbound connection (malware-cnc.rules) * 1:32743 <-> DISABLED <-> MALWARE-CNC VGABot IRC communication attempt (malware-cnc.rules) * 1:32747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragebot variant outbound connection (malware-cnc.rules) * 1:32769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WOWCheckC Attempted CNC (malware-cnc.rules) * 1:32770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules) * 1:32776 <-> DISABLED <-> MALWARE-CNC FIN4 VBA Macro credentials upload attempt (malware-cnc.rules) * 1:32780 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (malware-cnc.rules) * 1:32781 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (malware-cnc.rules) * 1:32791 <-> DISABLED <-> MALWARE-CNC Win.Virus.Ransomlock outbound connection (malware-cnc.rules) * 1:32792 <-> DISABLED <-> MALWARE-CNC Win.Virus.Ransomlock inbound connection (malware-cnc.rules) * 1:32823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection (malware-cnc.rules) * 1:32824 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel variant outbound connection (malware-cnc.rules) * 1:32825 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection (malware-cnc.rules) * 1:32826 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel data upload attempt (malware-cnc.rules) * 1:32827 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel response connection attempt (malware-cnc.rules) * 1:32852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection (malware-cnc.rules) * 1:32853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection (malware-cnc.rules) * 1:32854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Loodir outbound connection (malware-cnc.rules) * 1:32882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ksypypro outbound connection (malware-cnc.rules) * 1:32891 <-> DISABLED <-> MALWARE-CNC Php.Malware.SoakSoakRedirect Malware traffic containing WordPress Administrator credentials (malware-cnc.rules) * 1:32892 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorLocker variant outbound connection (malware-cnc.rules) * 1:32893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Finforst outbound connection (malware-cnc.rules) * 1:32908 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules) * 1:32909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules) * 1:32910 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules) * 1:32950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bladabindi variant outbound connection (malware-cnc.rules) * 1:32956 <-> DISABLED <-> MALWARE-CNC Android.CoolReaper.Trojan outbound connection (malware-cnc.rules) * 1:32957 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound SOAP connection attempt (malware-cnc.rules) * 1:32958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot response connection attempt (malware-cnc.rules) * 1:32973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Twerket variant outbound connection (malware-cnc.rules) * 1:32976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluos variant outbound connection (malware-cnc.rules) * 1:32977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluos variant outbound connection (malware-cnc.rules) * 1:32978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules) * 1:32979 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules) * 1:32980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - multi-browser (malware-cnc.rules) * 1:32986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toopu dll embedded in png download attempt (malware-cnc.rules) * 1:32987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:32988 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:32989 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:32990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toopu outbound connection (malware-cnc.rules) * 1:33047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - realupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Joanap outbound connection (malware-cnc.rules) * 1:33058 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant inbound connection (malware-cnc.rules) * 1:33059 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant outbound connection (malware-cnc.rules) * 1:33060 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant outbound connection (malware-cnc.rules) * 1:33061 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lagulon.A outbound connection (malware-cnc.rules) * 1:33081 <-> DISABLED <-> MALWARE-CNC OnionDuke variant outbound connection (malware-cnc.rules) * 1:33082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nocpos initial outbound connection (malware-cnc.rules) * 1:33083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nocpos information disclosure attempt (malware-cnc.rules) * 1:33084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tosct variant outbound connection (malware-cnc.rules) * 1:33145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules) * 1:33148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules) * 1:33149 <-> DISABLED <-> MALWARE-CNC Win.Worm.Ultramine outbound connection (malware-cnc.rules) * 1:33152 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nurjax.A outbound connection (malware-cnc.rules) * 1:33153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Heur variant outbound connection (malware-cnc.rules) * 1:33161 <-> DISABLED <-> MALWARE-CNC Win.Spyware.Rombertik outbound connection (malware-cnc.rules) * 1:33165 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poweliks outbound connection (malware-cnc.rules) * 1:33199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Sabeba outbound connection (malware-cnc.rules) * 1:33200 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pisces variant outbound connection (malware-cnc.rules) * 1:33207 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mazilla/5.0 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules) * 1:33217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuovoscor variant outbound connection (malware-cnc.rules) * 1:33218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cendode system information disclosure attempt (malware-cnc.rules) * 1:33219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue variant outbound connection (malware-cnc.rules) * 1:33220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye keylogger exfiltration attempt (malware-cnc.rules) * 1:33221 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules) * 1:33222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules) * 1:33223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules) * 1:33227 <-> DISABLED <-> MALWARE-CNC Win.Agent.BHHK variant outbound connection (malware-cnc.rules) * 1:33228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules) * 1:33230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33231 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox/5.0 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33232 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - AppUpdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33233 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-1 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33234 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2508Inst - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33235 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-2 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33236 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2808inst - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33237 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Player - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33238 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Wurst - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33239 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Installer/1.0 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33240 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - FixUpdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33242 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Explorer - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33243 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozilla - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33244 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33245 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera10 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33246 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - OperaMini - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33248 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Peers12 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33249 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SLSSoapClient - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33250 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Tintin - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33251 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - USER_CHECK - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33252 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - WATClient - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33253 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - bbbbbbbbbb - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33254 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - hi - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33255 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - iMacros - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33256 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - macrotest - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33257 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlymacros - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33258 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Updates downloader - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33259 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - testupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33260 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlyupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33282 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules) * 1:33284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.OnLineGames variant outbound connection (malware-cnc.rules) * 1:33285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bavload outbound download request attempt (malware-cnc.rules) * 1:33289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rawpos incoming backdoor connection attempt (malware-cnc.rules) * 1:33299 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foxy variant outbound connection (malware-cnc.rules) * 1:33305 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rubinurd variant outbound connection (malware-cnc.rules) * 1:33328 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules) * 1:33329 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules) * 1:33330 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules) * 1:33342 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules) * 1:33411 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules) * 1:33431 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gefetroe variant outbound connection (malware-cnc.rules) * 1:33443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:33444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules) * 1:33449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileEncoder IP geolocation checkin attempt (malware-cnc.rules) * 1:33450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileEncoder variant outbound connection (malware-cnc.rules) * 1:33453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules) * 1:33456 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules) * 1:33457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:33464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dynamer variant outbound connection (malware-cnc.rules) * 1:33481 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Xnote outbound connection (malware-cnc.rules) * 1:33482 <-> DISABLED <-> MALWARE-CNC Win.Worm.Enosch variant outbound connection (malware-cnc.rules) * 1:33496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda variant outbound connection (malware-cnc.rules) * 1:33513 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - XAgent - Operation Pawn Storm (malware-cnc.rules) * 1:33519 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ALIZER (malware-cnc.rules) * 1:33520 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy inbound CNC response (malware-cnc.rules) * 1:33521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (malware-cnc.rules) * 1:33522 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - DNS Changer (malware-cnc.rules) * 1:33523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (malware-cnc.rules) * 1:33524 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (malware-cnc.rules) * 1:33543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules) * 1:33545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules) * 1:33546 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules) * 1:33547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Turla outbound connection (malware-cnc.rules) * 1:33594 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules) * 1:33620 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.lubot outbound connection (malware-cnc.rules) * 1:33621 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.lubot outbound connection (malware-cnc.rules) * 1:33633 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Downing - Win.Trojan.Otwycal (malware-cnc.rules) * 1:33646 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:33647 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:33648 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:33649 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Google Omaha - Win.Trojan.ExtenBro (malware-cnc.rules) * 1:33650 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba outbound connection (malware-cnc.rules) * 1:33674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules) * 1:33675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules) * 1:33677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Babar outbound connection (malware-cnc.rules) * 1:33678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FannyWorm outbound connection (malware-cnc.rules) * 1:33704 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33745 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33749 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33750 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:33819 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:33831 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent DownloadMR - Solimba (malware-cnc.rules) * 1:33851 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules) * 1:33852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules) * 1:33854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LogPOS variant outbound connection (malware-cnc.rules) * 1:33857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PwnPOS data exfiltration attempt (malware-cnc.rules) * 1:33859 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33860 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:34011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ayuther variant outbound connection (malware-cnc.rules) * 1:34025 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules) * 1:34026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules) * 1:34028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bruecimig variant outbound connection (malware-cnc.rules) * 1:34030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34032 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banklaed variant outbound connection (malware-cnc.rules) * 1:34041 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Igliveforg variant initial outbound connection (malware-cnc.rules) * 1:34042 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Igliveforg variant outbound connection (malware-cnc.rules) * 1:34044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Exacrytion variant outbound connection (malware-cnc.rules) * 1:34045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eitenckay initial outbound connection (malware-cnc.rules) * 1:34046 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expilan variant outbound connection (malware-cnc.rules) * 1:34047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBPasswordStealer variant outbound connection (malware-cnc.rules) * 1:34049 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.EvilBunny variant outbound connection (malware-cnc.rules) * 1:34050 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nepigon variant outbound connection (malware-cnc.rules) * 1:34052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NewPos outbound connection (malware-cnc.rules) * 1:34108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarsi variant outbound connection (malware-cnc.rules) * 1:34111 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chrozil variant outbound connection (malware-cnc.rules) * 1:34113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent beacon reply attempt (malware-cnc.rules) * 1:34115 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules) * 1:34116 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules) * 1:34117 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zupdax variant outbound connection (malware-cnc.rules) * 1:34128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WIntruder outbound connection (malware-cnc.rules) * 1:34130 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:34132 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Erotimpact variant outbound connection (malware-cnc.rules) * 1:34136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant MSSQL response (malware-cnc.rules) * 1:34138 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Netkrypt inbound response (malware-cnc.rules) * 1:34140 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbound connection (malware-cnc.rules) * 1:34143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypvault outbound connection (malware-cnc.rules) * 1:34155 <-> DISABLED <-> MALWARE-CNC MacOS.Backdoor.Xslcmd outbound connection (malware-cnc.rules) * 1:34161 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Punkey outbound connection (malware-cnc.rules) * 1:34181 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:34182 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:34183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:34214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Capimac variant outbound connection (malware-cnc.rules) * 1:34216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (malware-cnc.rules) * 1:34217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aytoke variant outbound connection (malware-cnc.rules) * 1:34219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nanocore variant outbound connection (malware-cnc.rules) * 1:34223 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Yebot variant outbound connection (malware-cnc.rules) * 1:34246 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AAEH variant outbound connection (malware-cnc.rules) * 1:34261 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:34262 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:34263 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:34280 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:34281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:34282 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:34283 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:34286 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mudrop variant outbound connection (malware-cnc.rules) * 1:34289 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Plez outbound connection (malware-cnc.rules) * 1:34290 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Plez outbound connection (malware-cnc.rules) * 1:34291 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string crackim (malware-cnc.rules) * 1:34292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kraken outbound connection (malware-cnc.rules) * 1:34296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules) * 1:34297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules) * 1:34307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34308 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:40066 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.LokiBot (malware-cnc.rules) * 1:40067 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LokiBot outbound connection (malware-cnc.rules) * 1:46062 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules) * 1:46063 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules) * 1:46064 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules) * 1:48818 <-> ENABLED <-> MALWARE-CNC Js.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:33820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56003 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant initial outbound request detected (malware-cnc.rules) * 1:56009 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt (browser-webkit.rules) * 1:56006 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules) * 1:56007 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules) * 1:56000 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules) * 1:56005 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules) * 1:56002 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CMW 100 SQL injection attempt (server-webapp.rules) * 1:56001 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules) * 1:56004 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CMW 100 cross site scripting attempt (server-webapp.rules) * 1:55999 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules) * 1:56008 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt (browser-webkit.rules)
* 1:33821 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:33891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Amasages variant outbound connection (malware-cnc.rules) * 1:33892 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xerq outbound connection (malware-cnc.rules) * 1:33893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:33907 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - KAIIOOOO871 - Win.Trojan.Dridex (malware-cnc.rules) * 1:33851 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules) * 1:33863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33912 <-> DISABLED <-> MALWARE-CNC Cryptofortress Decryption Software Purchase Tor Website (malware-cnc.rules) * 1:33913 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Concbak outbound connection (malware-cnc.rules) * 1:33914 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Barys (malware-cnc.rules) * 1:33930 <-> DISABLED <-> MALWARE-CNC Vicepass outbound connection initial request to the CNC sending system information (malware-cnc.rules) * 1:33931 <-> DISABLED <-> MALWARE-CNC Win.Worm.Goldrv variant outbound connection (malware-cnc.rules) * 1:33932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tempedreve Samba probe (malware-cnc.rules) * 1:33933 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Penget variant outbound connection (malware-cnc.rules) * 1:33966 <-> DISABLED <-> MALWARE-CNC Win.Worm.Mafusc variant outbound connection (malware-cnc.rules) * 1:33985 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.ChinaZ outbound connection (malware-cnc.rules) * 1:33989 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules) * 1:33990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules) * 1:33992 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules) * 1:33993 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules) * 1:33994 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Beshida outbound connection (malware-cnc.rules) * 1:33996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules) * 1:33997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules) * 1:34001 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules) * 1:34002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules) * 1:34003 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules) * 1:34004 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34006 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34008 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34009 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ayuther variant outbound connection (malware-cnc.rules) * 1:34025 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules) * 1:34026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules) * 1:34028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bruecimig variant outbound connection (malware-cnc.rules) * 1:34030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34032 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banklaed variant outbound connection (malware-cnc.rules) * 1:34041 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Igliveforg variant initial outbound connection (malware-cnc.rules) * 1:34042 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Igliveforg variant outbound connection (malware-cnc.rules) * 1:34044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Exacrytion variant outbound connection (malware-cnc.rules) * 1:34045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eitenckay initial outbound connection (malware-cnc.rules) * 1:34046 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expilan variant outbound connection (malware-cnc.rules) * 1:34047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBPasswordStealer variant outbound connection (malware-cnc.rules) * 1:34049 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.EvilBunny variant outbound connection (malware-cnc.rules) * 1:34050 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nepigon variant outbound connection (malware-cnc.rules) * 1:34052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NewPos outbound connection (malware-cnc.rules) * 1:34108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarsi variant outbound connection (malware-cnc.rules) * 1:34111 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chrozil variant outbound connection (malware-cnc.rules) * 1:34113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent beacon reply attempt (malware-cnc.rules) * 1:34115 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules) * 1:34116 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules) * 1:34117 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zupdax variant outbound connection (malware-cnc.rules) * 1:34128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WIntruder outbound connection (malware-cnc.rules) * 1:34130 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:34132 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Erotimpact variant outbound connection (malware-cnc.rules) * 1:34136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant MSSQL response (malware-cnc.rules) * 1:34138 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Netkrypt inbound response (malware-cnc.rules) * 1:34140 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbound connection (malware-cnc.rules) * 1:34143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypvault outbound connection (malware-cnc.rules) * 1:34155 <-> DISABLED <-> MALWARE-CNC MacOS.Backdoor.Xslcmd outbound connection (malware-cnc.rules) * 1:34161 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Punkey outbound connection (malware-cnc.rules) * 1:34181 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:34182 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:33867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33868 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33831 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent DownloadMR - Solimba (malware-cnc.rules) * 1:33852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules) * 1:33872 <-> DISABLED <-> MALWARE-CNC Win.Worm.Urahu outbound connection (malware-cnc.rules) * 1:33854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LogPOS variant outbound connection (malware-cnc.rules) * 1:33857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PwnPOS data exfiltration attempt (malware-cnc.rules) * 1:33859 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tepoyx outbound connection detection (malware-cnc.rules) * 1:33860 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33876 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules) * 1:33866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules) * 1:33878 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules) * 1:33879 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules) * 1:33883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadtre variant outbound connection (malware-cnc.rules) * 1:33884 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string dolit (malware-cnc.rules) * 1:33885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules) * 1:33886 <-> DISABLED <-> MALWARE-CNC WIn.Trojan.HawkEye keylogger variant outbound connection (malware-cnc.rules) * 1:31820 <-> DISABLED <-> MALWARE-CNC Win.Banker.Delf variant outbound connection (malware-cnc.rules) * 1:31824 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules) * 1:31826 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant HTTP Response (malware-cnc.rules) * 1:31827 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules) * 1:31828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jabberbot variant outbound connection (malware-cnc.rules) * 1:31832 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pfinet outbound connection (malware-cnc.rules) * 1:31833 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chkbot outbound connection (malware-cnc.rules) * 1:31834 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Delorado variant outbound connection (malware-cnc.rules) * 1:31835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yesudac variant outbound connection (malware-cnc.rules) * 1:31836 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Seribe variant outbound connection (malware-cnc.rules) * 1:31837 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retgate variant outbound connection (malware-cnc.rules) * 1:31883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Waterspout outbound connection (malware-cnc.rules) * 1:31885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Threebyte variant outbound connection (malware-cnc.rules) * 1:31895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toupi variant outbound connection (malware-cnc.rules) * 1:31897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (malware-cnc.rules) * 1:31904 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:31907 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Honerep variant outbound connection (malware-cnc.rules) * 1:31909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Basostab variant outbound connection (malware-cnc.rules) * 1:31911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Gareme variant outbound connection (malware-cnc.rules) * 1:31913 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maozhi variant outbound connection (malware-cnc.rules) * 1:31915 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Ziyazo variant outbound connection (malware-cnc.rules) * 1:31916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:31923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant HTTP response attempt (malware-cnc.rules) * 1:31924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:31925 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Jynxkit outbound connection (malware-cnc.rules) * 1:31928 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Becontr variant outbound connection (malware-cnc.rules) * 1:31929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules) * 1:31930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules) * 1:31941 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Pedrp variant outbound connection (malware-cnc.rules) * 1:31947 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - HttpCall - Win.Trojan.Rukypee (malware-cnc.rules) * 1:31948 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MyProgramm - Win.Trojan.Rukypee (malware-cnc.rules) * 1:31949 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Skypee - Win.Trojan.Rukypee (malware-cnc.rules) * 1:31954 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules) * 1:31955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules) * 1:31957 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Torct variant outbound connection (malware-cnc.rules) * 1:31964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:31973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chebri variant outbound connection (malware-cnc.rules) * 1:31974 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zegorg variant outbound connection (malware-cnc.rules) * 1:31990 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Install - Win.Backdoor.Upatre (malware-cnc.rules) * 1:31991 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Treck - Win.Backdoor.Upatre (malware-cnc.rules) * 1:31992 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31993 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31994 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31995 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31996 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31997 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31998 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31999 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:32000 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:32001 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:32002 <-> DISABLED <-> MALWARE-CNC Win.Worm.Zorenium variant outbound connection (malware-cnc.rules) * 1:32009 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder inbound connection attempt - command (malware-cnc.rules) * 1:32010 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder outbound telnet connection attempt (malware-cnc.rules) * 1:32011 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder outbound connection (malware-cnc.rules) * 1:32012 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Bipamid variant outbound connection (malware-cnc.rules) * 1:32013 <-> DISABLED <-> MALWARE-CNC Linux.Worm.Darlloz variant outbound connection (malware-cnc.rules) * 1:32015 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zeus variant outbound connection (malware-cnc.rules) * 1:32016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Menteni variant outbound connection (malware-cnc.rules) * 1:32017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Memlog SMB file transfer (malware-cnc.rules) * 1:32018 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Hupigon.NYK variant outbound connection (malware-cnc.rules) * 1:32020 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Krompt variant outbound connection (malware-cnc.rules) * 1:32023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinpid variant outbound connection (malware-cnc.rules) * 1:32028 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Klabcon variant outbound connection (malware-cnc.rules) * 1:32030 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Decibal - Win.Trojan.Decibal (malware-cnc.rules) * 1:32031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Decibal variant outbound connection (malware-cnc.rules) * 1:32033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larosden variant outbound connection (malware-cnc.rules) * 1:32034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larefervt variant outbound connection (malware-cnc.rules) * 1:32035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boleteiro variant outbound connection (malware-cnc.rules) * 1:32036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Somoca vaniant outbound connection (malware-cnc.rules) * 1:32037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload.awt variant outbound connection (malware-cnc.rules) * 1:32048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lecpetex variant outbound connection (malware-cnc.rules) * 1:32050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Larosden variant outbound connection (malware-cnc.rules) * 1:32052 <-> DISABLED <-> MALWARE-CNC User-Agent Xsser mRAT user-agent (malware-cnc.rules) * 1:32053 <-> DISABLED <-> MALWARE-CNC Xsser mRAT GPS data upload (malware-cnc.rules) * 1:32054 <-> DISABLED <-> MALWARE-CNC Xsser mRAT file upload (malware-cnc.rules) * 1:32058 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Masatekar variant outbound connection (malware-cnc.rules) * 1:32060 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent string - httptestman - Win.Backdoor.Rabasheeta (malware-cnc.rules) * 1:32061 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Nekill variant outbound connection (malware-cnc.rules) * 1:32065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox inbound connection (malware-cnc.rules) * 1:32066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox outbound connection (malware-cnc.rules) * 1:32067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox outbound connection (malware-cnc.rules) * 1:32071 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zapchast variant outbound connection (malware-cnc.rules) * 1:32072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot configuration download attempt (malware-cnc.rules) * 1:32073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot outbound connection (malware-cnc.rules) * 1:32074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot payload download attempt (malware-cnc.rules) * 1:32075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small variant outbound connection (malware-cnc.rules) * 1:32086 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Corkow variant outbound connection (malware-cnc.rules) * 1:34183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:34214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Capimac variant outbound connection (malware-cnc.rules) * 1:34216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (malware-cnc.rules) * 1:34217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aytoke variant outbound connection (malware-cnc.rules) * 1:34219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nanocore variant outbound connection (malware-cnc.rules) * 1:34223 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Yebot variant outbound connection (malware-cnc.rules) * 1:34246 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AAEH variant outbound connection (malware-cnc.rules) * 1:34261 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:34262 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:34263 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:34280 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:34281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:34282 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:34283 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:34286 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mudrop variant outbound connection (malware-cnc.rules) * 1:34289 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Plez outbound connection (malware-cnc.rules) * 1:34290 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Plez outbound connection (malware-cnc.rules) * 1:34291 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string crackim (malware-cnc.rules) * 1:34292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kraken outbound connection (malware-cnc.rules) * 1:34296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules) * 1:34297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules) * 1:34307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34308 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:40066 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.LokiBot (malware-cnc.rules) * 1:40067 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LokiBot outbound connection (malware-cnc.rules) * 1:46062 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules) * 1:46063 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules) * 1:46064 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules) * 1:48818 <-> ENABLED <-> MALWARE-CNC Js.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:32090 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saaglup variant outbound connection (malware-cnc.rules) * 1:32091 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.PcertStealer variant outbound connection (malware-cnc.rules) * 1:32093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:32096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Puver variant outbound connection (malware-cnc.rules) * 1:32121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (malware-cnc.rules) * 1:32123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:32125 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - update - Win.Backdoor.Upatre (malware-cnc.rules) * 1:32126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lizarbot outbound connection (malware-cnc.rules) * 1:32129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:32130 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:32175 <-> DISABLED <-> MALWARE-CNC Osx.Backdoor.iWorm variant outbound connection (malware-cnc.rules) * 1:32179 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Plugx variant outbound connection (malware-cnc.rules) * 1:32180 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.ZxShell connection incoming attempt (malware-cnc.rules) * 1:32181 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.ZxShell connection outgoing attempt (malware-cnc.rules) * 1:32192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zxshell variant outbound connection (malware-cnc.rules) * 1:32193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dubrute variant outbound connection (malware-cnc.rules) * 1:32194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dubrute variant outbound connection (malware-cnc.rules) * 1:32195 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Palebot variant outbound connection (malware-cnc.rules) * 1:32196 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules) * 1:32197 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zerolocker variant outbound connection (malware-cnc.rules) * 1:32198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mujormel outbound connection (malware-cnc.rules) * 1:32202 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Soaphrish variant outbound connection (malware-cnc.rules) * 1:32220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy download detected (malware-cnc.rules) * 1:32221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy download detected (malware-cnc.rules) * 1:32222 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Liroospu variant outbound connection (malware-cnc.rules) * 1:32225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall variant outbound connection (malware-cnc.rules) * 1:32243 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Clemint variant outbound connection (malware-cnc.rules) * 1:32250 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hydraq.variant outbound detected (malware-cnc.rules) * 1:32270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba variant outbound connection (malware-cnc.rules) * 1:32272 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Hesechca variant outbound connection (malware-cnc.rules) * 1:32285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zoxpng variant outbound connection (malware-cnc.rules) * 1:32287 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sapertilz variant outbound connection (malware-cnc.rules) * 1:32289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32291 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Acanas variant outbound connection (malware-cnc.rules) * 1:32294 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent BloodguyBrowser-_- (malware-cnc.rules) * 1:32295 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string http - Win.Trojan.Waski (malware-cnc.rules) * 1:32296 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string update - Win.Trojan.Waski (malware-cnc.rules) * 1:32310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli variant outbound connection (malware-cnc.rules) * 1:32311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rehtesyk outbound connection (malware-cnc.rules) * 1:32312 <-> DISABLED <-> MALWARE-CNC FrameworkPOS data exfiltration through DNS - beacon message (malware-cnc.rules) * 1:32328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant download request (malware-cnc.rules) * 1:32329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules) * 1:32330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules) * 1:32331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules) * 1:32332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hancitor variant outbound connection (malware-cnc.rules) * 1:32333 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string fast uax (malware-cnc.rules) * 1:32334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stantinko variant outbound connection (malware-cnc.rules) * 1:32338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ropest variant outbound connection (malware-cnc.rules) * 1:32341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cakwerd variant outbound connection (malware-cnc.rules) * 1:32343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant inbound spam attempt (malware-cnc.rules) * 1:32344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound spam attempt (malware-cnc.rules) * 1:32354 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsune variant outbound connection (malware-cnc.rules) * 1:32357 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Akaza variant outbound connection (malware-cnc.rules) * 1:32367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GameOverZeus variant outbound connection (malware-cnc.rules) * 1:32368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex variant outbound connection (malware-cnc.rules) * 1:32372 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drepitt variant outbound connection (malware-cnc.rules) * 1:32373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Broonject variant outbound connection (malware-cnc.rules) * 1:32374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules) * 1:32379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Baccamun variant outbound connection (malware-cnc.rules) * 1:32383 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - connect - Win.Backdoor.Upatre (malware-cnc.rules) * 1:32384 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - myupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:32394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules) * 1:32395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules) * 1:32396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules) * 1:32397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules) * 1:32400 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Parama attempted outbound connection (malware-cnc.rules) * 1:32401 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Kivars outbound connection (malware-cnc.rules) * 1:32402 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent globalupdate - Osx.Trojan.Wirelurker (malware-cnc.rules) * 1:32451 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backoff initial outbound connection (malware-cnc.rules) * 1:32455 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VUPHTTP - Win.Trojan.Puvespia (malware-cnc.rules) * 1:32456 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Effseart variant outbound connection (malware-cnc.rules) * 1:32457 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Effseart variant inbound connection (malware-cnc.rules) * 1:32464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker variant outbound connection (malware-cnc.rules) * 1:32469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankeiya outbound connection (malware-cnc.rules) * 1:32486 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Exadog outbound connection (malware-cnc.rules) * 1:32487 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Exadog variant outbound connection (malware-cnc.rules) * 1:32493 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA variant outbound connection (malware-cnc.rules) * 1:32494 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA variant outbound connection (malware-cnc.rules) * 1:32504 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (malware-cnc.rules) * 1:32505 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (malware-cnc.rules) * 1:32506 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Secdeskinf outbound connection (malware-cnc.rules) * 1:32510 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.PiltabeA outbound connection (malware-cnc.rules) * 1:32511 <-> DISABLED <-> MALWARE-CNC PCRat variant outbound connection (malware-cnc.rules) * 1:32512 <-> DISABLED <-> MALWARE-CNC PCRat variant outbound connection (malware-cnc.rules) * 1:32513 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Havex outbound connection (malware-cnc.rules) * 1:32521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 2.0 possible TOR client retrieval attempt (malware-cnc.rules) * 1:32529 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Vkont variant outbound connection (malware-cnc.rules) * 1:32548 <-> DISABLED <-> MALWARE-CNC Mac.Backdoor.iWorm attempted outbound connection (malware-cnc.rules) * 1:32550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Extant variant outbound connection (malware-cnc.rules) * 1:32551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coreshell variant outbound connection (malware-cnc.rules) * 1:32556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayoboiz outbound connection (malware-cnc.rules) * 1:32557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayoboiz outbound connection (malware-cnc.rules) * 1:32583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:32584 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:32585 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:32586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:32598 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad file wipe attempt (malware-cnc.rules) * 1:32599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad outbound connection (malware-cnc.rules) * 1:32600 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad file wipe attempt (malware-cnc.rules) * 1:32604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Geodo variant outbound connection (malware-cnc.rules) * 1:32605 <-> DISABLED <-> MALWARE-CNC Win.Worm.Jenxcus variant outbound connection (malware-cnc.rules) * 1:32606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral variant outbound connection (malware-cnc.rules) * 1:32607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt (malware-cnc.rules) * 1:32608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt (malware-cnc.rules) * 1:32609 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (malware-cnc.rules) * 1:32610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive (malware-cnc.rules) * 1:32613 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jadowndec attempted outbound connection (malware-cnc.rules) * 1:32614 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jadowndec attempted outbound connection (malware-cnc.rules) * 1:32621 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules) * 1:32624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules) * 1:32645 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RUpdate (malware-cnc.rules) * 1:32665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chopstick variant outbound request (malware-cnc.rules) * 1:32667 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chopstick variant outbound request (malware-cnc.rules) * 1:32674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wiper variant outbound connection (malware-cnc.rules) * 1:32677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules) * 1:32678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules) * 1:32706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules) * 1:32727 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Uclinu variant outbound connection (malware-cnc.rules) * 1:32728 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Olegb variant outbound connection (malware-cnc.rules) * 1:32734 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Typideg variant outbound connection (malware-cnc.rules) * 1:32735 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoPHP variant outbound connection (malware-cnc.rules) * 1:32736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoPHP variant outbound connection (malware-cnc.rules) * 1:32743 <-> DISABLED <-> MALWARE-CNC VGABot IRC communication attempt (malware-cnc.rules) * 1:32747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragebot variant outbound connection (malware-cnc.rules) * 1:32769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WOWCheckC Attempted CNC (malware-cnc.rules) * 1:32770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules) * 1:32776 <-> DISABLED <-> MALWARE-CNC FIN4 VBA Macro credentials upload attempt (malware-cnc.rules) * 1:32780 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (malware-cnc.rules) * 1:32781 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (malware-cnc.rules) * 1:32791 <-> DISABLED <-> MALWARE-CNC Win.Virus.Ransomlock outbound connection (malware-cnc.rules) * 1:32792 <-> DISABLED <-> MALWARE-CNC Win.Virus.Ransomlock inbound connection (malware-cnc.rules) * 1:32823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection (malware-cnc.rules) * 1:32824 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel variant outbound connection (malware-cnc.rules) * 1:32825 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection (malware-cnc.rules) * 1:32826 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel data upload attempt (malware-cnc.rules) * 1:32827 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel response connection attempt (malware-cnc.rules) * 1:32852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection (malware-cnc.rules) * 1:32853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection (malware-cnc.rules) * 1:32854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Loodir outbound connection (malware-cnc.rules) * 1:32882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ksypypro outbound connection (malware-cnc.rules) * 1:32891 <-> DISABLED <-> MALWARE-CNC Php.Malware.SoakSoakRedirect Malware traffic containing WordPress Administrator credentials (malware-cnc.rules) * 1:32892 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorLocker variant outbound connection (malware-cnc.rules) * 1:32893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Finforst outbound connection (malware-cnc.rules) * 1:32908 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules) * 1:32909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules) * 1:32910 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules) * 1:32950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bladabindi variant outbound connection (malware-cnc.rules) * 1:32956 <-> DISABLED <-> MALWARE-CNC Android.CoolReaper.Trojan outbound connection (malware-cnc.rules) * 1:32957 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound SOAP connection attempt (malware-cnc.rules) * 1:32958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot response connection attempt (malware-cnc.rules) * 1:32973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Twerket variant outbound connection (malware-cnc.rules) * 1:32976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluos variant outbound connection (malware-cnc.rules) * 1:32977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluos variant outbound connection (malware-cnc.rules) * 1:32978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules) * 1:32979 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules) * 1:32980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - multi-browser (malware-cnc.rules) * 1:32986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toopu dll embedded in png download attempt (malware-cnc.rules) * 1:32987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:32988 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:32989 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:32990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toopu outbound connection (malware-cnc.rules) * 1:33047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - realupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Joanap outbound connection (malware-cnc.rules) * 1:33058 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant inbound connection (malware-cnc.rules) * 1:33059 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant outbound connection (malware-cnc.rules) * 1:33060 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant outbound connection (malware-cnc.rules) * 1:33061 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lagulon.A outbound connection (malware-cnc.rules) * 1:33081 <-> DISABLED <-> MALWARE-CNC OnionDuke variant outbound connection (malware-cnc.rules) * 1:33082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nocpos initial outbound connection (malware-cnc.rules) * 1:33083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nocpos information disclosure attempt (malware-cnc.rules) * 1:33084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tosct variant outbound connection (malware-cnc.rules) * 1:33145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules) * 1:33148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules) * 1:33149 <-> DISABLED <-> MALWARE-CNC Win.Worm.Ultramine outbound connection (malware-cnc.rules) * 1:33152 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nurjax.A outbound connection (malware-cnc.rules) * 1:33153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Heur variant outbound connection (malware-cnc.rules) * 1:33161 <-> DISABLED <-> MALWARE-CNC Win.Spyware.Rombertik outbound connection (malware-cnc.rules) * 1:33165 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poweliks outbound connection (malware-cnc.rules) * 1:33199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Sabeba outbound connection (malware-cnc.rules) * 1:33200 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pisces variant outbound connection (malware-cnc.rules) * 1:33207 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mazilla/5.0 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules) * 1:33217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuovoscor variant outbound connection (malware-cnc.rules) * 1:33218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cendode system information disclosure attempt (malware-cnc.rules) * 1:33219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue variant outbound connection (malware-cnc.rules) * 1:33220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye keylogger exfiltration attempt (malware-cnc.rules) * 1:33221 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules) * 1:33222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules) * 1:33223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules) * 1:33227 <-> DISABLED <-> MALWARE-CNC Win.Agent.BHHK variant outbound connection (malware-cnc.rules) * 1:33228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules) * 1:33230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33231 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox/5.0 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33232 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - AppUpdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33233 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-1 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33234 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2508Inst - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33235 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-2 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33236 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2808inst - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33237 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Player - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33238 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Wurst - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33239 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Installer/1.0 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33240 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - FixUpdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33242 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Explorer - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33244 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33246 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - OperaMini - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33245 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera10 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33248 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Peers12 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33249 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SLSSoapClient - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33250 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Tintin - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33251 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - USER_CHECK - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33252 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - WATClient - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33253 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - bbbbbbbbbb - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33254 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - hi - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33255 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - iMacros - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33256 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - macrotest - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33257 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlymacros - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33258 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Updates downloader - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33259 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - testupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33260 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlyupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33282 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules) * 1:33284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.OnLineGames variant outbound connection (malware-cnc.rules) * 1:33285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bavload outbound download request attempt (malware-cnc.rules) * 1:33289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rawpos incoming backdoor connection attempt (malware-cnc.rules) * 1:33299 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foxy variant outbound connection (malware-cnc.rules) * 1:33305 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rubinurd variant outbound connection (malware-cnc.rules) * 1:33328 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules) * 1:33329 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules) * 1:33330 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules) * 1:33342 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules) * 1:33411 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules) * 1:33431 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gefetroe variant outbound connection (malware-cnc.rules) * 1:33443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:33444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules) * 1:33449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileEncoder IP geolocation checkin attempt (malware-cnc.rules) * 1:33450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileEncoder variant outbound connection (malware-cnc.rules) * 1:33453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules) * 1:33456 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules) * 1:33457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:33464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dynamer variant outbound connection (malware-cnc.rules) * 1:33481 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Xnote outbound connection (malware-cnc.rules) * 1:33482 <-> DISABLED <-> MALWARE-CNC Win.Worm.Enosch variant outbound connection (malware-cnc.rules) * 1:33496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda variant outbound connection (malware-cnc.rules) * 1:33513 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - XAgent - Operation Pawn Storm (malware-cnc.rules) * 1:33519 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ALIZER (malware-cnc.rules) * 1:33520 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy inbound CNC response (malware-cnc.rules) * 1:33521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (malware-cnc.rules) * 1:33522 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - DNS Changer (malware-cnc.rules) * 1:33523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (malware-cnc.rules) * 1:33524 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (malware-cnc.rules) * 1:33543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules) * 1:33545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules) * 1:33546 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules) * 1:33547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Turla outbound connection (malware-cnc.rules) * 1:33594 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules) * 1:33620 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.lubot outbound connection (malware-cnc.rules) * 1:33621 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.lubot outbound connection (malware-cnc.rules) * 1:33633 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Downing - Win.Trojan.Otwycal (malware-cnc.rules) * 1:33646 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:33647 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:33648 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:33649 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Google Omaha - Win.Trojan.ExtenBro (malware-cnc.rules) * 1:33650 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba outbound connection (malware-cnc.rules) * 1:33674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules) * 1:33675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules) * 1:33677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Babar outbound connection (malware-cnc.rules) * 1:33678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FannyWorm outbound connection (malware-cnc.rules) * 1:33704 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33745 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33749 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33750 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:33819 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:33820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:33243 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozilla - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33822 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56000 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules) * 1:56007 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules) * 1:56009 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt (browser-webkit.rules) * 1:55999 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules) * 1:56002 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CMW 100 SQL injection attempt (server-webapp.rules) * 1:56001 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules) * 1:56004 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CMW 100 cross site scripting attempt (server-webapp.rules) * 1:56005 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules) * 1:56006 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules) * 1:56008 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt (browser-webkit.rules) * 1:56003 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant initial outbound request detected (malware-cnc.rules)
* 1:34289 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Plez outbound connection (malware-cnc.rules) * 1:34290 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Plez outbound connection (malware-cnc.rules) * 1:34291 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string crackim (malware-cnc.rules) * 1:34292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kraken outbound connection (malware-cnc.rules) * 1:34296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules) * 1:34297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules) * 1:34307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34308 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:40066 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.LokiBot (malware-cnc.rules) * 1:40067 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LokiBot outbound connection (malware-cnc.rules) * 1:46062 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules) * 1:46063 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules) * 1:46064 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules) * 1:48818 <-> ENABLED <-> MALWARE-CNC Js.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:34028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bruecimig variant outbound connection (malware-cnc.rules) * 1:34136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant MSSQL response (malware-cnc.rules) * 1:34117 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zupdax variant outbound connection (malware-cnc.rules) * 1:34039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banklaed variant outbound connection (malware-cnc.rules) * 1:34030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules) * 1:33885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules) * 1:34052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NewPos outbound connection (malware-cnc.rules) * 1:33863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:34026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules) * 1:33859 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33931 <-> DISABLED <-> MALWARE-CNC Win.Worm.Goldrv variant outbound connection (malware-cnc.rules) * 1:34143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypvault outbound connection (malware-cnc.rules) * 1:34041 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Igliveforg variant initial outbound connection (malware-cnc.rules) * 1:34031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34130 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:34007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34032 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34025 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules) * 1:33990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules) * 1:34006 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:33893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:33868 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:34108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarsi variant outbound connection (malware-cnc.rules) * 1:33914 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Barys (malware-cnc.rules) * 1:33860 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:34033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:33872 <-> DISABLED <-> MALWARE-CNC Win.Worm.Urahu outbound connection (malware-cnc.rules) * 1:33992 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules) * 1:33994 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Beshida outbound connection (malware-cnc.rules) * 1:34111 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chrozil variant outbound connection (malware-cnc.rules) * 1:33867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:34049 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.EvilBunny variant outbound connection (malware-cnc.rules) * 1:34155 <-> DISABLED <-> MALWARE-CNC MacOS.Backdoor.Xslcmd outbound connection (malware-cnc.rules) * 1:33851 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules) * 1:34035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34181 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:34044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Exacrytion variant outbound connection (malware-cnc.rules) * 1:33996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules) * 1:34045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eitenckay initial outbound connection (malware-cnc.rules) * 1:34038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:33861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33892 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xerq outbound connection (malware-cnc.rules) * 1:34182 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:34115 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules) * 1:33857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PwnPOS data exfiltration attempt (malware-cnc.rules) * 1:34011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34138 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Netkrypt inbound response (malware-cnc.rules) * 1:33878 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules) * 1:33997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules) * 1:33930 <-> DISABLED <-> MALWARE-CNC Vicepass outbound connection initial request to the CNC sending system information (malware-cnc.rules) * 1:33993 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules) * 1:33852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules) * 1:33907 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - KAIIOOOO871 - Win.Trojan.Dridex (malware-cnc.rules) * 1:34004 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34008 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34009 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:33866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:34214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Capimac variant outbound connection (malware-cnc.rules) * 1:33985 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.ChinaZ outbound connection (malware-cnc.rules) * 1:33864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:34140 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbound connection (malware-cnc.rules) * 1:33932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tempedreve Samba probe (malware-cnc.rules) * 1:34046 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expilan variant outbound connection (malware-cnc.rules) * 1:34010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34003 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules) * 1:33891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Amasages variant outbound connection (malware-cnc.rules) * 1:33831 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent DownloadMR - Solimba (malware-cnc.rules) * 1:33933 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Penget variant outbound connection (malware-cnc.rules) * 1:33862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:34113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent beacon reply attempt (malware-cnc.rules) * 1:34132 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Erotimpact variant outbound connection (malware-cnc.rules) * 1:34128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WIntruder outbound connection (malware-cnc.rules) * 1:33883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadtre variant outbound connection (malware-cnc.rules) * 1:34261 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:33821 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:34281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:33865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:34246 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AAEH variant outbound connection (malware-cnc.rules) * 1:34263 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:34282 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:34280 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:34283 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:33244 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera - Win.Backdoor.Upatre (malware-cnc.rules) * 1:34262 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:33854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LogPOS variant outbound connection (malware-cnc.rules) * 1:34013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ayuther variant outbound connection (malware-cnc.rules) * 1:33989 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules) * 1:34161 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Punkey outbound connection (malware-cnc.rules) * 1:34034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:33912 <-> DISABLED <-> MALWARE-CNC Cryptofortress Decryption Software Purchase Tor Website (malware-cnc.rules) * 1:34042 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Igliveforg variant outbound connection (malware-cnc.rules) * 1:33879 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules) * 1:33877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules) * 1:34036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:33876 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules) * 1:34219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nanocore variant outbound connection (malware-cnc.rules) * 1:33873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tepoyx outbound connection detection (malware-cnc.rules) * 1:34037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBPasswordStealer variant outbound connection (malware-cnc.rules) * 1:34012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:33886 <-> DISABLED <-> MALWARE-CNC WIn.Trojan.HawkEye keylogger variant outbound connection (malware-cnc.rules) * 1:34005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34116 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules) * 1:34183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:34217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aytoke variant outbound connection (malware-cnc.rules) * 1:33884 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string dolit (malware-cnc.rules) * 1:34001 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules) * 1:34223 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Yebot variant outbound connection (malware-cnc.rules) * 1:33913 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Concbak outbound connection (malware-cnc.rules) * 1:34216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (malware-cnc.rules) * 1:33966 <-> DISABLED <-> MALWARE-CNC Win.Worm.Mafusc variant outbound connection (malware-cnc.rules) * 1:34050 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nepigon variant outbound connection (malware-cnc.rules) * 1:33256 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - macrotest - Win.Backdoor.Upatre (malware-cnc.rules) * 1:31907 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Honerep variant outbound connection (malware-cnc.rules) * 1:31909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Basostab variant outbound connection (malware-cnc.rules) * 1:31911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Gareme variant outbound connection (malware-cnc.rules) * 1:31913 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maozhi variant outbound connection (malware-cnc.rules) * 1:31915 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Ziyazo variant outbound connection (malware-cnc.rules) * 1:31916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:31923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant HTTP response attempt (malware-cnc.rules) * 1:31924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:31925 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Jynxkit outbound connection (malware-cnc.rules) * 1:31928 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Becontr variant outbound connection (malware-cnc.rules) * 1:31929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules) * 1:31930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules) * 1:31941 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Pedrp variant outbound connection (malware-cnc.rules) * 1:31947 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - HttpCall - Win.Trojan.Rukypee (malware-cnc.rules) * 1:31948 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MyProgramm - Win.Trojan.Rukypee (malware-cnc.rules) * 1:31949 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Skypee - Win.Trojan.Rukypee (malware-cnc.rules) * 1:31954 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules) * 1:31955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules) * 1:31957 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Torct variant outbound connection (malware-cnc.rules) * 1:31964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:31973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chebri variant outbound connection (malware-cnc.rules) * 1:31974 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zegorg variant outbound connection (malware-cnc.rules) * 1:31990 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Install - Win.Backdoor.Upatre (malware-cnc.rules) * 1:31991 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Treck - Win.Backdoor.Upatre (malware-cnc.rules) * 1:31992 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31993 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31994 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31995 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31996 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31997 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31998 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31999 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:32000 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:32001 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:32002 <-> DISABLED <-> MALWARE-CNC Win.Worm.Zorenium variant outbound connection (malware-cnc.rules) * 1:32009 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder inbound connection attempt - command (malware-cnc.rules) * 1:32010 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder outbound telnet connection attempt (malware-cnc.rules) * 1:32011 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder outbound connection (malware-cnc.rules) * 1:32012 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Bipamid variant outbound connection (malware-cnc.rules) * 1:32013 <-> DISABLED <-> MALWARE-CNC Linux.Worm.Darlloz variant outbound connection (malware-cnc.rules) * 1:32015 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zeus variant outbound connection (malware-cnc.rules) * 1:32016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Menteni variant outbound connection (malware-cnc.rules) * 1:32018 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Hupigon.NYK variant outbound connection (malware-cnc.rules) * 1:32020 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Krompt variant outbound connection (malware-cnc.rules) * 1:32023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinpid variant outbound connection (malware-cnc.rules) * 1:32028 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Klabcon variant outbound connection (malware-cnc.rules) * 1:32030 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Decibal - Win.Trojan.Decibal (malware-cnc.rules) * 1:32031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Decibal variant outbound connection (malware-cnc.rules) * 1:32033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larosden variant outbound connection (malware-cnc.rules) * 1:32034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larefervt variant outbound connection (malware-cnc.rules) * 1:32035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boleteiro variant outbound connection (malware-cnc.rules) * 1:32036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Somoca vaniant outbound connection (malware-cnc.rules) * 1:32037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload.awt variant outbound connection (malware-cnc.rules) * 1:32048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lecpetex variant outbound connection (malware-cnc.rules) * 1:32050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Larosden variant outbound connection (malware-cnc.rules) * 1:32052 <-> DISABLED <-> MALWARE-CNC User-Agent Xsser mRAT user-agent (malware-cnc.rules) * 1:32053 <-> DISABLED <-> MALWARE-CNC Xsser mRAT GPS data upload (malware-cnc.rules) * 1:32054 <-> DISABLED <-> MALWARE-CNC Xsser mRAT file upload (malware-cnc.rules) * 1:32058 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Masatekar variant outbound connection (malware-cnc.rules) * 1:32060 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent string - httptestman - Win.Backdoor.Rabasheeta (malware-cnc.rules) * 1:32061 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Nekill variant outbound connection (malware-cnc.rules) * 1:32065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox inbound connection (malware-cnc.rules) * 1:32066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox outbound connection (malware-cnc.rules) * 1:32067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox outbound connection (malware-cnc.rules) * 1:32071 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zapchast variant outbound connection (malware-cnc.rules) * 1:32072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot configuration download attempt (malware-cnc.rules) * 1:32073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot outbound connection (malware-cnc.rules) * 1:32074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot payload download attempt (malware-cnc.rules) * 1:32075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small variant outbound connection (malware-cnc.rules) * 1:32086 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Corkow variant outbound connection (malware-cnc.rules) * 1:32090 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saaglup variant outbound connection (malware-cnc.rules) * 1:33246 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - OperaMini - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33245 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera10 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33248 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Peers12 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33249 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SLSSoapClient - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33250 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Tintin - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33251 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - USER_CHECK - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33252 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - WATClient - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33253 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - bbbbbbbbbb - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33254 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - hi - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33255 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - iMacros - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33257 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlymacros - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33258 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Updates downloader - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33259 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - testupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33260 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlyupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33282 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules) * 1:33284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.OnLineGames variant outbound connection (malware-cnc.rules) * 1:33285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bavload outbound download request attempt (malware-cnc.rules) * 1:33289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rawpos incoming backdoor connection attempt (malware-cnc.rules) * 1:33299 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foxy variant outbound connection (malware-cnc.rules) * 1:33305 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rubinurd variant outbound connection (malware-cnc.rules) * 1:33328 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules) * 1:33329 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules) * 1:33330 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules) * 1:33342 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules) * 1:33411 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules) * 1:33431 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gefetroe variant outbound connection (malware-cnc.rules) * 1:33443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:33444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules) * 1:33449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileEncoder IP geolocation checkin attempt (malware-cnc.rules) * 1:33450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileEncoder variant outbound connection (malware-cnc.rules) * 1:33453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules) * 1:33456 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules) * 1:33457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:33464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dynamer variant outbound connection (malware-cnc.rules) * 1:33481 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Xnote outbound connection (malware-cnc.rules) * 1:33482 <-> DISABLED <-> MALWARE-CNC Win.Worm.Enosch variant outbound connection (malware-cnc.rules) * 1:33496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda variant outbound connection (malware-cnc.rules) * 1:33513 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - XAgent - Operation Pawn Storm (malware-cnc.rules) * 1:33519 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ALIZER (malware-cnc.rules) * 1:33520 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy inbound CNC response (malware-cnc.rules) * 1:33521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (malware-cnc.rules) * 1:33522 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - DNS Changer (malware-cnc.rules) * 1:33523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (malware-cnc.rules) * 1:33524 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (malware-cnc.rules) * 1:33543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules) * 1:33545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules) * 1:33546 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules) * 1:33547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Turla outbound connection (malware-cnc.rules) * 1:33594 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules) * 1:33620 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.lubot outbound connection (malware-cnc.rules) * 1:33621 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.lubot outbound connection (malware-cnc.rules) * 1:33633 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Downing - Win.Trojan.Otwycal (malware-cnc.rules) * 1:33646 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:33647 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:33648 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:33649 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Google Omaha - Win.Trojan.ExtenBro (malware-cnc.rules) * 1:33650 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba outbound connection (malware-cnc.rules) * 1:33674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules) * 1:33675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules) * 1:33677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Babar outbound connection (malware-cnc.rules) * 1:33678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FannyWorm outbound connection (malware-cnc.rules) * 1:33704 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33745 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33749 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33750 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:33819 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:34286 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mudrop variant outbound connection (malware-cnc.rules) * 1:33822 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:31820 <-> DISABLED <-> MALWARE-CNC Win.Banker.Delf variant outbound connection (malware-cnc.rules) * 1:31824 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules) * 1:31826 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant HTTP Response (malware-cnc.rules) * 1:31827 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules) * 1:31828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jabberbot variant outbound connection (malware-cnc.rules) * 1:31832 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pfinet outbound connection (malware-cnc.rules) * 1:31833 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chkbot outbound connection (malware-cnc.rules) * 1:31834 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Delorado variant outbound connection (malware-cnc.rules) * 1:31835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yesudac variant outbound connection (malware-cnc.rules) * 1:31836 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Seribe variant outbound connection (malware-cnc.rules) * 1:31837 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retgate variant outbound connection (malware-cnc.rules) * 1:31883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Waterspout outbound connection (malware-cnc.rules) * 1:31885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Threebyte variant outbound connection (malware-cnc.rules) * 1:31895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toupi variant outbound connection (malware-cnc.rules) * 1:31897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (malware-cnc.rules) * 1:31904 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:32017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Memlog SMB file transfer (malware-cnc.rules) * 1:32091 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.PcertStealer variant outbound connection (malware-cnc.rules) * 1:32093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:32096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Puver variant outbound connection (malware-cnc.rules) * 1:32121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (malware-cnc.rules) * 1:32123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:32125 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - update - Win.Backdoor.Upatre (malware-cnc.rules) * 1:32126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lizarbot outbound connection (malware-cnc.rules) * 1:32129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:32130 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:32175 <-> DISABLED <-> MALWARE-CNC Osx.Backdoor.iWorm variant outbound connection (malware-cnc.rules) * 1:32179 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Plugx variant outbound connection (malware-cnc.rules) * 1:32180 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.ZxShell connection incoming attempt (malware-cnc.rules) * 1:32181 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.ZxShell connection outgoing attempt (malware-cnc.rules) * 1:32192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zxshell variant outbound connection (malware-cnc.rules) * 1:32193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dubrute variant outbound connection (malware-cnc.rules) * 1:32194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dubrute variant outbound connection (malware-cnc.rules) * 1:32195 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Palebot variant outbound connection (malware-cnc.rules) * 1:32196 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules) * 1:32197 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zerolocker variant outbound connection (malware-cnc.rules) * 1:32198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mujormel outbound connection (malware-cnc.rules) * 1:32202 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Soaphrish variant outbound connection (malware-cnc.rules) * 1:32220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy download detected (malware-cnc.rules) * 1:32221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy download detected (malware-cnc.rules) * 1:32222 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Liroospu variant outbound connection (malware-cnc.rules) * 1:32225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall variant outbound connection (malware-cnc.rules) * 1:32243 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Clemint variant outbound connection (malware-cnc.rules) * 1:32250 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hydraq.variant outbound detected (malware-cnc.rules) * 1:32270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba variant outbound connection (malware-cnc.rules) * 1:32272 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Hesechca variant outbound connection (malware-cnc.rules) * 1:32285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zoxpng variant outbound connection (malware-cnc.rules) * 1:32287 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sapertilz variant outbound connection (malware-cnc.rules) * 1:32289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32291 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Acanas variant outbound connection (malware-cnc.rules) * 1:32294 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent BloodguyBrowser-_- (malware-cnc.rules) * 1:32295 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string http - Win.Trojan.Waski (malware-cnc.rules) * 1:32296 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string update - Win.Trojan.Waski (malware-cnc.rules) * 1:32310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli variant outbound connection (malware-cnc.rules) * 1:32311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rehtesyk outbound connection (malware-cnc.rules) * 1:32312 <-> DISABLED <-> MALWARE-CNC FrameworkPOS data exfiltration through DNS - beacon message (malware-cnc.rules) * 1:32328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant download request (malware-cnc.rules) * 1:32329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules) * 1:32330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules) * 1:32331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules) * 1:32332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hancitor variant outbound connection (malware-cnc.rules) * 1:32333 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string fast uax (malware-cnc.rules) * 1:32334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stantinko variant outbound connection (malware-cnc.rules) * 1:32338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ropest variant outbound connection (malware-cnc.rules) * 1:32341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cakwerd variant outbound connection (malware-cnc.rules) * 1:32343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant inbound spam attempt (malware-cnc.rules) * 1:32344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound spam attempt (malware-cnc.rules) * 1:32354 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsune variant outbound connection (malware-cnc.rules) * 1:32357 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Akaza variant outbound connection (malware-cnc.rules) * 1:32367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GameOverZeus variant outbound connection (malware-cnc.rules) * 1:32368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex variant outbound connection (malware-cnc.rules) * 1:32372 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drepitt variant outbound connection (malware-cnc.rules) * 1:32373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Broonject variant outbound connection (malware-cnc.rules) * 1:32374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules) * 1:32379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Baccamun variant outbound connection (malware-cnc.rules) * 1:32383 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - connect - Win.Backdoor.Upatre (malware-cnc.rules) * 1:32384 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - myupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:32394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules) * 1:32395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules) * 1:32396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules) * 1:32397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules) * 1:32400 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Parama attempted outbound connection (malware-cnc.rules) * 1:32401 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Kivars outbound connection (malware-cnc.rules) * 1:32402 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent globalupdate - Osx.Trojan.Wirelurker (malware-cnc.rules) * 1:32451 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backoff initial outbound connection (malware-cnc.rules) * 1:32455 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VUPHTTP - Win.Trojan.Puvespia (malware-cnc.rules) * 1:32456 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Effseart variant outbound connection (malware-cnc.rules) * 1:32457 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Effseart variant inbound connection (malware-cnc.rules) * 1:32464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker variant outbound connection (malware-cnc.rules) * 1:32469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankeiya outbound connection (malware-cnc.rules) * 1:32486 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Exadog outbound connection (malware-cnc.rules) * 1:32487 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Exadog variant outbound connection (malware-cnc.rules) * 1:32493 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA variant outbound connection (malware-cnc.rules) * 1:32494 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA variant outbound connection (malware-cnc.rules) * 1:32504 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (malware-cnc.rules) * 1:32505 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (malware-cnc.rules) * 1:32506 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Secdeskinf outbound connection (malware-cnc.rules) * 1:32510 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.PiltabeA outbound connection (malware-cnc.rules) * 1:32511 <-> DISABLED <-> MALWARE-CNC PCRat variant outbound connection (malware-cnc.rules) * 1:32512 <-> DISABLED <-> MALWARE-CNC PCRat variant outbound connection (malware-cnc.rules) * 1:32513 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Havex outbound connection (malware-cnc.rules) * 1:32521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 2.0 possible TOR client retrieval attempt (malware-cnc.rules) * 1:32529 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Vkont variant outbound connection (malware-cnc.rules) * 1:32548 <-> DISABLED <-> MALWARE-CNC Mac.Backdoor.iWorm attempted outbound connection (malware-cnc.rules) * 1:32550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Extant variant outbound connection (malware-cnc.rules) * 1:32551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coreshell variant outbound connection (malware-cnc.rules) * 1:32556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayoboiz outbound connection (malware-cnc.rules) * 1:32557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayoboiz outbound connection (malware-cnc.rules) * 1:32583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:32584 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:32585 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:32586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:32598 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad file wipe attempt (malware-cnc.rules) * 1:32599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad outbound connection (malware-cnc.rules) * 1:32600 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad file wipe attempt (malware-cnc.rules) * 1:32604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Geodo variant outbound connection (malware-cnc.rules) * 1:32605 <-> DISABLED <-> MALWARE-CNC Win.Worm.Jenxcus variant outbound connection (malware-cnc.rules) * 1:32606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral variant outbound connection (malware-cnc.rules) * 1:32607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt (malware-cnc.rules) * 1:32608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt (malware-cnc.rules) * 1:32609 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (malware-cnc.rules) * 1:32610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive (malware-cnc.rules) * 1:32613 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jadowndec attempted outbound connection (malware-cnc.rules) * 1:32614 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jadowndec attempted outbound connection (malware-cnc.rules) * 1:32621 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules) * 1:32624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules) * 1:32645 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RUpdate (malware-cnc.rules) * 1:32665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chopstick variant outbound request (malware-cnc.rules) * 1:32667 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chopstick variant outbound request (malware-cnc.rules) * 1:32674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wiper variant outbound connection (malware-cnc.rules) * 1:32677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules) * 1:32678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules) * 1:32706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules) * 1:32727 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Uclinu variant outbound connection (malware-cnc.rules) * 1:32728 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Olegb variant outbound connection (malware-cnc.rules) * 1:32734 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Typideg variant outbound connection (malware-cnc.rules) * 1:32735 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoPHP variant outbound connection (malware-cnc.rules) * 1:32736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoPHP variant outbound connection (malware-cnc.rules) * 1:32743 <-> DISABLED <-> MALWARE-CNC VGABot IRC communication attempt (malware-cnc.rules) * 1:32747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragebot variant outbound connection (malware-cnc.rules) * 1:32769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WOWCheckC Attempted CNC (malware-cnc.rules) * 1:32770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules) * 1:32776 <-> DISABLED <-> MALWARE-CNC FIN4 VBA Macro credentials upload attempt (malware-cnc.rules) * 1:32780 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (malware-cnc.rules) * 1:32781 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (malware-cnc.rules) * 1:32791 <-> DISABLED <-> MALWARE-CNC Win.Virus.Ransomlock outbound connection (malware-cnc.rules) * 1:32792 <-> DISABLED <-> MALWARE-CNC Win.Virus.Ransomlock inbound connection (malware-cnc.rules) * 1:32823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection (malware-cnc.rules) * 1:32824 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel variant outbound connection (malware-cnc.rules) * 1:32825 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection (malware-cnc.rules) * 1:32826 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel data upload attempt (malware-cnc.rules) * 1:32827 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel response connection attempt (malware-cnc.rules) * 1:32852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection (malware-cnc.rules) * 1:32853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection (malware-cnc.rules) * 1:32854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Loodir outbound connection (malware-cnc.rules) * 1:32882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ksypypro outbound connection (malware-cnc.rules) * 1:32891 <-> DISABLED <-> MALWARE-CNC Php.Malware.SoakSoakRedirect Malware traffic containing WordPress Administrator credentials (malware-cnc.rules) * 1:32892 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorLocker variant outbound connection (malware-cnc.rules) * 1:32893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Finforst outbound connection (malware-cnc.rules) * 1:32908 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules) * 1:32909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules) * 1:32910 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules) * 1:32950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bladabindi variant outbound connection (malware-cnc.rules) * 1:32956 <-> DISABLED <-> MALWARE-CNC Android.CoolReaper.Trojan outbound connection (malware-cnc.rules) * 1:32957 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound SOAP connection attempt (malware-cnc.rules) * 1:32958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot response connection attempt (malware-cnc.rules) * 1:32973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Twerket variant outbound connection (malware-cnc.rules) * 1:32976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluos variant outbound connection (malware-cnc.rules) * 1:32977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluos variant outbound connection (malware-cnc.rules) * 1:32978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules) * 1:32979 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules) * 1:32980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - multi-browser (malware-cnc.rules) * 1:32986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toopu dll embedded in png download attempt (malware-cnc.rules) * 1:32987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:32988 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:32989 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:32990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toopu outbound connection (malware-cnc.rules) * 1:33047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - realupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Joanap outbound connection (malware-cnc.rules) * 1:33058 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant inbound connection (malware-cnc.rules) * 1:33059 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant outbound connection (malware-cnc.rules) * 1:33060 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant outbound connection (malware-cnc.rules) * 1:33061 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lagulon.A outbound connection (malware-cnc.rules) * 1:33081 <-> DISABLED <-> MALWARE-CNC OnionDuke variant outbound connection (malware-cnc.rules) * 1:33082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nocpos initial outbound connection (malware-cnc.rules) * 1:33083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nocpos information disclosure attempt (malware-cnc.rules) * 1:33084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tosct variant outbound connection (malware-cnc.rules) * 1:33145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules) * 1:33148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules) * 1:33149 <-> DISABLED <-> MALWARE-CNC Win.Worm.Ultramine outbound connection (malware-cnc.rules) * 1:33152 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nurjax.A outbound connection (malware-cnc.rules) * 1:33153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Heur variant outbound connection (malware-cnc.rules) * 1:33161 <-> DISABLED <-> MALWARE-CNC Win.Spyware.Rombertik outbound connection (malware-cnc.rules) * 1:33165 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poweliks outbound connection (malware-cnc.rules) * 1:33199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Sabeba outbound connection (malware-cnc.rules) * 1:33200 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pisces variant outbound connection (malware-cnc.rules) * 1:33207 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mazilla/5.0 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules) * 1:33217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuovoscor variant outbound connection (malware-cnc.rules) * 1:33218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cendode system information disclosure attempt (malware-cnc.rules) * 1:33219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue variant outbound connection (malware-cnc.rules) * 1:33220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye keylogger exfiltration attempt (malware-cnc.rules) * 1:33221 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules) * 1:33222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules) * 1:33223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules) * 1:33227 <-> DISABLED <-> MALWARE-CNC Win.Agent.BHHK variant outbound connection (malware-cnc.rules) * 1:33228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules) * 1:33230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33231 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox/5.0 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33232 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - AppUpdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33233 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-1 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33234 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2508Inst - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33235 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-2 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33236 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2808inst - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33237 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Player - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33238 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Wurst - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33239 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Installer/1.0 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33240 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - FixUpdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33242 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Explorer - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33243 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozilla - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56004 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CMW 100 cross site scripting attempt (server-webapp.rules) * 1:56003 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant initial outbound request detected (malware-cnc.rules) * 1:55999 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules) * 1:56008 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt (browser-webkit.rules) * 1:56007 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules) * 1:56006 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules) * 1:56000 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules) * 1:56005 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules) * 1:56002 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CMW 100 SQL injection attempt (server-webapp.rules) * 1:56001 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules) * 1:56009 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt (browser-webkit.rules)
* 1:34002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules) * 1:33865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33821 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:34282 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:34263 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:34246 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AAEH variant outbound connection (malware-cnc.rules) * 1:34038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:33885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules) * 1:34217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aytoke variant outbound connection (malware-cnc.rules) * 1:34181 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:33990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules) * 1:33852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules) * 1:33862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33966 <-> DISABLED <-> MALWARE-CNC Win.Worm.Mafusc variant outbound connection (malware-cnc.rules) * 1:34005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBPasswordStealer variant outbound connection (malware-cnc.rules) * 1:33851 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules) * 1:34136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant MSSQL response (malware-cnc.rules) * 1:34003 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules) * 1:34223 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Yebot variant outbound connection (malware-cnc.rules) * 1:33997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules) * 1:33857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PwnPOS data exfiltration attempt (malware-cnc.rules) * 1:33913 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Concbak outbound connection (malware-cnc.rules) * 1:34161 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Punkey outbound connection (malware-cnc.rules) * 1:34028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bruecimig variant outbound connection (malware-cnc.rules) * 1:34214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Capimac variant outbound connection (malware-cnc.rules) * 1:34050 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nepigon variant outbound connection (malware-cnc.rules) * 1:33891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Amasages variant outbound connection (malware-cnc.rules) * 1:34111 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chrozil variant outbound connection (malware-cnc.rules) * 1:34262 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:34216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (malware-cnc.rules) * 1:33863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33868 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:34032 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:33931 <-> DISABLED <-> MALWARE-CNC Win.Worm.Goldrv variant outbound connection (malware-cnc.rules) * 1:34011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:33992 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules) * 1:33933 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Penget variant outbound connection (malware-cnc.rules) * 1:34030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34049 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.EvilBunny variant outbound connection (malware-cnc.rules) * 1:33884 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string dolit (malware-cnc.rules) * 1:33912 <-> DISABLED <-> MALWARE-CNC Cryptofortress Decryption Software Purchase Tor Website (malware-cnc.rules) * 1:34143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypvault outbound connection (malware-cnc.rules) * 1:33930 <-> DISABLED <-> MALWARE-CNC Vicepass outbound connection initial request to the CNC sending system information (malware-cnc.rules) * 1:33886 <-> DISABLED <-> MALWARE-CNC WIn.Trojan.HawkEye keylogger variant outbound connection (malware-cnc.rules) * 1:33831 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent DownloadMR - Solimba (malware-cnc.rules) * 1:34036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:33864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:34128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WIntruder outbound connection (malware-cnc.rules) * 1:33859 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:34013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ayuther variant outbound connection (malware-cnc.rules) * 1:34009 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34138 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Netkrypt inbound response (malware-cnc.rules) * 1:34052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NewPos outbound connection (malware-cnc.rules) * 1:34117 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zupdax variant outbound connection (malware-cnc.rules) * 1:34045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eitenckay initial outbound connection (malware-cnc.rules) * 1:33907 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - KAIIOOOO871 - Win.Trojan.Dridex (malware-cnc.rules) * 1:33861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:34004 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34025 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules) * 1:33985 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.ChinaZ outbound connection (malware-cnc.rules) * 1:33876 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules) * 1:33878 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules) * 1:33994 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Beshida outbound connection (malware-cnc.rules) * 1:33877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules) * 1:34116 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules) * 1:34041 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Igliveforg variant initial outbound connection (malware-cnc.rules) * 1:34140 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbound connection (malware-cnc.rules) * 1:34182 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:33893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:33866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:34001 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules) * 1:34037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nanocore variant outbound connection (malware-cnc.rules) * 1:34035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:33883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadtre variant outbound connection (malware-cnc.rules) * 1:33932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tempedreve Samba probe (malware-cnc.rules) * 1:34010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:33867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:34034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules) * 1:34130 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:34155 <-> DISABLED <-> MALWARE-CNC MacOS.Backdoor.Xslcmd outbound connection (malware-cnc.rules) * 1:33989 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules) * 1:33873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tepoyx outbound connection detection (malware-cnc.rules) * 1:34044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Exacrytion variant outbound connection (malware-cnc.rules) * 1:32397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules) * 1:34008 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:33914 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Barys (malware-cnc.rules) * 1:33993 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules) * 1:34183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:33854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LogPOS variant outbound connection (malware-cnc.rules) * 1:34042 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Igliveforg variant outbound connection (malware-cnc.rules) * 1:33892 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xerq outbound connection (malware-cnc.rules) * 1:34108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarsi variant outbound connection (malware-cnc.rules) * 1:34033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34046 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expilan variant outbound connection (malware-cnc.rules) * 1:33872 <-> DISABLED <-> MALWARE-CNC Win.Worm.Urahu outbound connection (malware-cnc.rules) * 1:34132 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Erotimpact variant outbound connection (malware-cnc.rules) * 1:33996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules) * 1:34039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banklaed variant outbound connection (malware-cnc.rules) * 1:34115 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules) * 1:34113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent beacon reply attempt (malware-cnc.rules) * 1:33860 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:34283 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:34261 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:34006 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:33879 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules) * 1:34007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34280 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:31820 <-> DISABLED <-> MALWARE-CNC Win.Banker.Delf variant outbound connection (malware-cnc.rules) * 1:34286 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mudrop variant outbound connection (malware-cnc.rules) * 1:33822 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:32400 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Parama attempted outbound connection (malware-cnc.rules) * 1:32401 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Kivars outbound connection (malware-cnc.rules) * 1:32402 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent globalupdate - Osx.Trojan.Wirelurker (malware-cnc.rules) * 1:32451 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backoff initial outbound connection (malware-cnc.rules) * 1:32455 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VUPHTTP - Win.Trojan.Puvespia (malware-cnc.rules) * 1:32456 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Effseart variant outbound connection (malware-cnc.rules) * 1:32457 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Effseart variant inbound connection (malware-cnc.rules) * 1:32464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker variant outbound connection (malware-cnc.rules) * 1:32469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankeiya outbound connection (malware-cnc.rules) * 1:32486 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Exadog outbound connection (malware-cnc.rules) * 1:32487 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Exadog variant outbound connection (malware-cnc.rules) * 1:32493 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA variant outbound connection (malware-cnc.rules) * 1:32494 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA variant outbound connection (malware-cnc.rules) * 1:32504 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (malware-cnc.rules) * 1:32505 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (malware-cnc.rules) * 1:32506 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Secdeskinf outbound connection (malware-cnc.rules) * 1:31826 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant HTTP Response (malware-cnc.rules) * 1:31827 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules) * 1:31828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jabberbot variant outbound connection (malware-cnc.rules) * 1:31832 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pfinet outbound connection (malware-cnc.rules) * 1:31833 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chkbot outbound connection (malware-cnc.rules) * 1:31834 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Delorado variant outbound connection (malware-cnc.rules) * 1:31835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yesudac variant outbound connection (malware-cnc.rules) * 1:31836 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Seribe variant outbound connection (malware-cnc.rules) * 1:31837 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retgate variant outbound connection (malware-cnc.rules) * 1:31883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Waterspout outbound connection (malware-cnc.rules) * 1:31885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Threebyte variant outbound connection (malware-cnc.rules) * 1:31895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toupi variant outbound connection (malware-cnc.rules) * 1:31897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (malware-cnc.rules) * 1:31904 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:31907 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Honerep variant outbound connection (malware-cnc.rules) * 1:31909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Basostab variant outbound connection (malware-cnc.rules) * 1:31911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Gareme variant outbound connection (malware-cnc.rules) * 1:31913 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maozhi variant outbound connection (malware-cnc.rules) * 1:31915 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Ziyazo variant outbound connection (malware-cnc.rules) * 1:31916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:31923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant HTTP response attempt (malware-cnc.rules) * 1:31924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:31925 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Jynxkit outbound connection (malware-cnc.rules) * 1:31928 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Becontr variant outbound connection (malware-cnc.rules) * 1:31929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules) * 1:31930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules) * 1:31941 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Pedrp variant outbound connection (malware-cnc.rules) * 1:31947 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - HttpCall - Win.Trojan.Rukypee (malware-cnc.rules) * 1:31948 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MyProgramm - Win.Trojan.Rukypee (malware-cnc.rules) * 1:31949 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Skypee - Win.Trojan.Rukypee (malware-cnc.rules) * 1:31954 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules) * 1:31955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules) * 1:31957 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Torct variant outbound connection (malware-cnc.rules) * 1:31964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:31973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chebri variant outbound connection (malware-cnc.rules) * 1:31974 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zegorg variant outbound connection (malware-cnc.rules) * 1:31990 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Install - Win.Backdoor.Upatre (malware-cnc.rules) * 1:31991 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Treck - Win.Backdoor.Upatre (malware-cnc.rules) * 1:31992 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31993 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31994 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:32510 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.PiltabeA outbound connection (malware-cnc.rules) * 1:31996 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31997 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31998 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31999 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:32000 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:32001 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:32002 <-> DISABLED <-> MALWARE-CNC Win.Worm.Zorenium variant outbound connection (malware-cnc.rules) * 1:32009 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder inbound connection attempt - command (malware-cnc.rules) * 1:32010 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder outbound telnet connection attempt (malware-cnc.rules) * 1:32011 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder outbound connection (malware-cnc.rules) * 1:32012 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Bipamid variant outbound connection (malware-cnc.rules) * 1:32013 <-> DISABLED <-> MALWARE-CNC Linux.Worm.Darlloz variant outbound connection (malware-cnc.rules) * 1:32015 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zeus variant outbound connection (malware-cnc.rules) * 1:32016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Menteni variant outbound connection (malware-cnc.rules) * 1:32017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Memlog SMB file transfer (malware-cnc.rules) * 1:32018 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Hupigon.NYK variant outbound connection (malware-cnc.rules) * 1:32020 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Krompt variant outbound connection (malware-cnc.rules) * 1:32023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinpid variant outbound connection (malware-cnc.rules) * 1:32028 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Klabcon variant outbound connection (malware-cnc.rules) * 1:32030 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Decibal - Win.Trojan.Decibal (malware-cnc.rules) * 1:32031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Decibal variant outbound connection (malware-cnc.rules) * 1:32033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larosden variant outbound connection (malware-cnc.rules) * 1:32034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larefervt variant outbound connection (malware-cnc.rules) * 1:32035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boleteiro variant outbound connection (malware-cnc.rules) * 1:32036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Somoca vaniant outbound connection (malware-cnc.rules) * 1:32037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload.awt variant outbound connection (malware-cnc.rules) * 1:32048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lecpetex variant outbound connection (malware-cnc.rules) * 1:32050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Larosden variant outbound connection (malware-cnc.rules) * 1:31995 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:32052 <-> DISABLED <-> MALWARE-CNC User-Agent Xsser mRAT user-agent (malware-cnc.rules) * 1:32511 <-> DISABLED <-> MALWARE-CNC PCRat variant outbound connection (malware-cnc.rules) * 1:32512 <-> DISABLED <-> MALWARE-CNC PCRat variant outbound connection (malware-cnc.rules) * 1:32513 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Havex outbound connection (malware-cnc.rules) * 1:32521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 2.0 possible TOR client retrieval attempt (malware-cnc.rules) * 1:32529 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Vkont variant outbound connection (malware-cnc.rules) * 1:32548 <-> DISABLED <-> MALWARE-CNC Mac.Backdoor.iWorm attempted outbound connection (malware-cnc.rules) * 1:32550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Extant variant outbound connection (malware-cnc.rules) * 1:32551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coreshell variant outbound connection (malware-cnc.rules) * 1:32556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayoboiz outbound connection (malware-cnc.rules) * 1:32557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayoboiz outbound connection (malware-cnc.rules) * 1:32583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:32584 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:32585 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:32586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:32598 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad file wipe attempt (malware-cnc.rules) * 1:32599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad outbound connection (malware-cnc.rules) * 1:32600 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad file wipe attempt (malware-cnc.rules) * 1:32604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Geodo variant outbound connection (malware-cnc.rules) * 1:32605 <-> DISABLED <-> MALWARE-CNC Win.Worm.Jenxcus variant outbound connection (malware-cnc.rules) * 1:32606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral variant outbound connection (malware-cnc.rules) * 1:32607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt (malware-cnc.rules) * 1:32608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt (malware-cnc.rules) * 1:32609 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (malware-cnc.rules) * 1:32610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive (malware-cnc.rules) * 1:32613 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jadowndec attempted outbound connection (malware-cnc.rules) * 1:32614 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jadowndec attempted outbound connection (malware-cnc.rules) * 1:32621 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules) * 1:32624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules) * 1:32645 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RUpdate (malware-cnc.rules) * 1:32665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chopstick variant outbound request (malware-cnc.rules) * 1:32667 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chopstick variant outbound request (malware-cnc.rules) * 1:32674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wiper variant outbound connection (malware-cnc.rules) * 1:32677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules) * 1:32678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules) * 1:32706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules) * 1:32727 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Uclinu variant outbound connection (malware-cnc.rules) * 1:32728 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Olegb variant outbound connection (malware-cnc.rules) * 1:32734 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Typideg variant outbound connection (malware-cnc.rules) * 1:32735 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoPHP variant outbound connection (malware-cnc.rules) * 1:32736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoPHP variant outbound connection (malware-cnc.rules) * 1:32743 <-> DISABLED <-> MALWARE-CNC VGABot IRC communication attempt (malware-cnc.rules) * 1:32747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragebot variant outbound connection (malware-cnc.rules) * 1:32769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WOWCheckC Attempted CNC (malware-cnc.rules) * 1:32770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules) * 1:32776 <-> DISABLED <-> MALWARE-CNC FIN4 VBA Macro credentials upload attempt (malware-cnc.rules) * 1:32780 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (malware-cnc.rules) * 1:32781 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (malware-cnc.rules) * 1:32791 <-> DISABLED <-> MALWARE-CNC Win.Virus.Ransomlock outbound connection (malware-cnc.rules) * 1:32792 <-> DISABLED <-> MALWARE-CNC Win.Virus.Ransomlock inbound connection (malware-cnc.rules) * 1:32823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection (malware-cnc.rules) * 1:32824 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel variant outbound connection (malware-cnc.rules) * 1:32825 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection (malware-cnc.rules) * 1:32826 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel data upload attempt (malware-cnc.rules) * 1:32827 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel response connection attempt (malware-cnc.rules) * 1:32852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection (malware-cnc.rules) * 1:32853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection (malware-cnc.rules) * 1:32854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Loodir outbound connection (malware-cnc.rules) * 1:32882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ksypypro outbound connection (malware-cnc.rules) * 1:32891 <-> DISABLED <-> MALWARE-CNC Php.Malware.SoakSoakRedirect Malware traffic containing WordPress Administrator credentials (malware-cnc.rules) * 1:32892 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorLocker variant outbound connection (malware-cnc.rules) * 1:32893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Finforst outbound connection (malware-cnc.rules) * 1:32908 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules) * 1:32909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules) * 1:32910 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules) * 1:32950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bladabindi variant outbound connection (malware-cnc.rules) * 1:32956 <-> DISABLED <-> MALWARE-CNC Android.CoolReaper.Trojan outbound connection (malware-cnc.rules) * 1:32957 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound SOAP connection attempt (malware-cnc.rules) * 1:32958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot response connection attempt (malware-cnc.rules) * 1:32973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Twerket variant outbound connection (malware-cnc.rules) * 1:32976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluos variant outbound connection (malware-cnc.rules) * 1:32977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluos variant outbound connection (malware-cnc.rules) * 1:32978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules) * 1:32979 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules) * 1:32980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - multi-browser (malware-cnc.rules) * 1:32986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toopu dll embedded in png download attempt (malware-cnc.rules) * 1:32987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:32988 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:32989 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:32990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toopu outbound connection (malware-cnc.rules) * 1:33047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - realupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Joanap outbound connection (malware-cnc.rules) * 1:33058 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant inbound connection (malware-cnc.rules) * 1:33059 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant outbound connection (malware-cnc.rules) * 1:33060 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant outbound connection (malware-cnc.rules) * 1:33061 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lagulon.A outbound connection (malware-cnc.rules) * 1:33081 <-> DISABLED <-> MALWARE-CNC OnionDuke variant outbound connection (malware-cnc.rules) * 1:33082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nocpos initial outbound connection (malware-cnc.rules) * 1:33083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nocpos information disclosure attempt (malware-cnc.rules) * 1:33084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tosct variant outbound connection (malware-cnc.rules) * 1:33145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules) * 1:33148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules) * 1:33149 <-> DISABLED <-> MALWARE-CNC Win.Worm.Ultramine outbound connection (malware-cnc.rules) * 1:33152 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nurjax.A outbound connection (malware-cnc.rules) * 1:33153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Heur variant outbound connection (malware-cnc.rules) * 1:33161 <-> DISABLED <-> MALWARE-CNC Win.Spyware.Rombertik outbound connection (malware-cnc.rules) * 1:33165 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poweliks outbound connection (malware-cnc.rules) * 1:33199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Sabeba outbound connection (malware-cnc.rules) * 1:33200 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pisces variant outbound connection (malware-cnc.rules) * 1:33207 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mazilla/5.0 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules) * 1:33217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuovoscor variant outbound connection (malware-cnc.rules) * 1:33218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cendode system information disclosure attempt (malware-cnc.rules) * 1:33219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue variant outbound connection (malware-cnc.rules) * 1:33220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye keylogger exfiltration attempt (malware-cnc.rules) * 1:33221 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules) * 1:33222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules) * 1:33223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules) * 1:33227 <-> DISABLED <-> MALWARE-CNC Win.Agent.BHHK variant outbound connection (malware-cnc.rules) * 1:33228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules) * 1:33230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33231 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox/5.0 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33232 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - AppUpdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33233 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-1 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33234 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2508Inst - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33235 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-2 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33236 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2808inst - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33237 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Player - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33238 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Wurst - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33239 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Installer/1.0 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33240 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - FixUpdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33242 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Explorer - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33243 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozilla - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33244 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33245 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera10 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33246 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - OperaMini - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33248 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Peers12 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33249 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SLSSoapClient - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33250 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Tintin - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33251 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - USER_CHECK - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33252 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - WATClient - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33253 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - bbbbbbbbbb - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33254 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - hi - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33255 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - iMacros - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33256 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - macrotest - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33257 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlymacros - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33258 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Updates downloader - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33259 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - testupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33260 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlyupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33282 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules) * 1:33284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.OnLineGames variant outbound connection (malware-cnc.rules) * 1:33285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bavload outbound download request attempt (malware-cnc.rules) * 1:33289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rawpos incoming backdoor connection attempt (malware-cnc.rules) * 1:33299 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foxy variant outbound connection (malware-cnc.rules) * 1:33305 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rubinurd variant outbound connection (malware-cnc.rules) * 1:33328 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules) * 1:33329 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules) * 1:33330 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules) * 1:33342 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules) * 1:33411 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules) * 1:33431 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gefetroe variant outbound connection (malware-cnc.rules) * 1:33443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:33444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules) * 1:33449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileEncoder IP geolocation checkin attempt (malware-cnc.rules) * 1:33450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileEncoder variant outbound connection (malware-cnc.rules) * 1:33453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules) * 1:33456 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules) * 1:33457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:33464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dynamer variant outbound connection (malware-cnc.rules) * 1:33481 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Xnote outbound connection (malware-cnc.rules) * 1:33482 <-> DISABLED <-> MALWARE-CNC Win.Worm.Enosch variant outbound connection (malware-cnc.rules) * 1:33496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda variant outbound connection (malware-cnc.rules) * 1:33513 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - XAgent - Operation Pawn Storm (malware-cnc.rules) * 1:33519 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ALIZER (malware-cnc.rules) * 1:33520 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy inbound CNC response (malware-cnc.rules) * 1:33521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (malware-cnc.rules) * 1:33522 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - DNS Changer (malware-cnc.rules) * 1:33523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (malware-cnc.rules) * 1:33524 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (malware-cnc.rules) * 1:33543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules) * 1:33545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules) * 1:33546 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules) * 1:33547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Turla outbound connection (malware-cnc.rules) * 1:33594 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules) * 1:33620 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.lubot outbound connection (malware-cnc.rules) * 1:33621 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.lubot outbound connection (malware-cnc.rules) * 1:33633 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Downing - Win.Trojan.Otwycal (malware-cnc.rules) * 1:33646 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:33647 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:33648 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:33649 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Google Omaha - Win.Trojan.ExtenBro (malware-cnc.rules) * 1:33650 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba outbound connection (malware-cnc.rules) * 1:33674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules) * 1:33675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules) * 1:33677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Babar outbound connection (malware-cnc.rules) * 1:33678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FannyWorm outbound connection (malware-cnc.rules) * 1:33704 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33745 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33749 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33750 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:33819 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:33820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:32054 <-> DISABLED <-> MALWARE-CNC Xsser mRAT file upload (malware-cnc.rules) * 1:32053 <-> DISABLED <-> MALWARE-CNC Xsser mRAT GPS data upload (malware-cnc.rules) * 1:32058 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Masatekar variant outbound connection (malware-cnc.rules) * 1:32060 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent string - httptestman - Win.Backdoor.Rabasheeta (malware-cnc.rules) * 1:32061 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Nekill variant outbound connection (malware-cnc.rules) * 1:32065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox inbound connection (malware-cnc.rules) * 1:32066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox outbound connection (malware-cnc.rules) * 1:32067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox outbound connection (malware-cnc.rules) * 1:32071 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zapchast variant outbound connection (malware-cnc.rules) * 1:32072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot configuration download attempt (malware-cnc.rules) * 1:31824 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules) * 1:32073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot outbound connection (malware-cnc.rules) * 1:32074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot payload download attempt (malware-cnc.rules) * 1:32075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small variant outbound connection (malware-cnc.rules) * 1:32086 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Corkow variant outbound connection (malware-cnc.rules) * 1:32090 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saaglup variant outbound connection (malware-cnc.rules) * 1:32091 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.PcertStealer variant outbound connection (malware-cnc.rules) * 1:32093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:32096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Puver variant outbound connection (malware-cnc.rules) * 1:32121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (malware-cnc.rules) * 1:32123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:32125 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - update - Win.Backdoor.Upatre (malware-cnc.rules) * 1:32126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lizarbot outbound connection (malware-cnc.rules) * 1:32129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:32130 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:32175 <-> DISABLED <-> MALWARE-CNC Osx.Backdoor.iWorm variant outbound connection (malware-cnc.rules) * 1:32179 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Plugx variant outbound connection (malware-cnc.rules) * 1:32180 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.ZxShell connection incoming attempt (malware-cnc.rules) * 1:32181 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.ZxShell connection outgoing attempt (malware-cnc.rules) * 1:32192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zxshell variant outbound connection (malware-cnc.rules) * 1:32193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dubrute variant outbound connection (malware-cnc.rules) * 1:32194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dubrute variant outbound connection (malware-cnc.rules) * 1:32195 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Palebot variant outbound connection (malware-cnc.rules) * 1:32196 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules) * 1:32197 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zerolocker variant outbound connection (malware-cnc.rules) * 1:32198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mujormel outbound connection (malware-cnc.rules) * 1:32202 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Soaphrish variant outbound connection (malware-cnc.rules) * 1:32220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy download detected (malware-cnc.rules) * 1:32221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy download detected (malware-cnc.rules) * 1:32222 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Liroospu variant outbound connection (malware-cnc.rules) * 1:32225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall variant outbound connection (malware-cnc.rules) * 1:32243 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Clemint variant outbound connection (malware-cnc.rules) * 1:32250 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hydraq.variant outbound detected (malware-cnc.rules) * 1:32270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba variant outbound connection (malware-cnc.rules) * 1:32272 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Hesechca variant outbound connection (malware-cnc.rules) * 1:32285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zoxpng variant outbound connection (malware-cnc.rules) * 1:32287 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sapertilz variant outbound connection (malware-cnc.rules) * 1:32289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32291 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Acanas variant outbound connection (malware-cnc.rules) * 1:32294 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent BloodguyBrowser-_- (malware-cnc.rules) * 1:32295 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string http - Win.Trojan.Waski (malware-cnc.rules) * 1:32296 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string update - Win.Trojan.Waski (malware-cnc.rules) * 1:32310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli variant outbound connection (malware-cnc.rules) * 1:32311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rehtesyk outbound connection (malware-cnc.rules) * 1:32312 <-> DISABLED <-> MALWARE-CNC FrameworkPOS data exfiltration through DNS - beacon message (malware-cnc.rules) * 1:32328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant download request (malware-cnc.rules) * 1:32329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules) * 1:32330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules) * 1:32331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules) * 1:32332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hancitor variant outbound connection (malware-cnc.rules) * 1:32333 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string fast uax (malware-cnc.rules) * 1:32334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stantinko variant outbound connection (malware-cnc.rules) * 1:32338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ropest variant outbound connection (malware-cnc.rules) * 1:32341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cakwerd variant outbound connection (malware-cnc.rules) * 1:32343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant inbound spam attempt (malware-cnc.rules) * 1:32344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound spam attempt (malware-cnc.rules) * 1:32354 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsune variant outbound connection (malware-cnc.rules) * 1:32357 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Akaza variant outbound connection (malware-cnc.rules) * 1:32367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GameOverZeus variant outbound connection (malware-cnc.rules) * 1:32368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex variant outbound connection (malware-cnc.rules) * 1:32372 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drepitt variant outbound connection (malware-cnc.rules) * 1:32373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Broonject variant outbound connection (malware-cnc.rules) * 1:32374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules) * 1:32379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Baccamun variant outbound connection (malware-cnc.rules) * 1:32383 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - connect - Win.Backdoor.Upatre (malware-cnc.rules) * 1:32384 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - myupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:32394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules) * 1:34281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:32396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules) * 1:34289 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Plez outbound connection (malware-cnc.rules) * 1:34290 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Plez outbound connection (malware-cnc.rules) * 1:34291 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string crackim (malware-cnc.rules) * 1:34292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kraken outbound connection (malware-cnc.rules) * 1:34296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules) * 1:34297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules) * 1:34307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34308 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:40066 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.LokiBot (malware-cnc.rules) * 1:40067 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LokiBot outbound connection (malware-cnc.rules) * 1:46062 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules) * 1:46063 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules) * 1:46064 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules) * 1:48818 <-> ENABLED <-> MALWARE-CNC Js.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:32395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56000 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules) * 1:56007 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules) * 1:56005 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules) * 1:56006 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules) * 1:56009 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt (browser-webkit.rules) * 1:56008 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt (browser-webkit.rules) * 1:55999 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules) * 1:56003 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant initial outbound request detected (malware-cnc.rules) * 1:56002 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CMW 100 SQL injection attempt (server-webapp.rules) * 1:56004 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CMW 100 cross site scripting attempt (server-webapp.rules) * 1:56001 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules)
* 1:34283 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:33851 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules) * 1:33864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33886 <-> DISABLED <-> MALWARE-CNC WIn.Trojan.HawkEye keylogger variant outbound connection (malware-cnc.rules) * 1:34009 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ayuther variant outbound connection (malware-cnc.rules) * 1:34138 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Netkrypt inbound response (malware-cnc.rules) * 1:34117 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zupdax variant outbound connection (malware-cnc.rules) * 1:34217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aytoke variant outbound connection (malware-cnc.rules) * 1:34038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:33990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules) * 1:34214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Capimac variant outbound connection (malware-cnc.rules) * 1:34008 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:33860 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules) * 1:34003 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules) * 1:33913 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Concbak outbound connection (malware-cnc.rules) * 1:34136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant MSSQL response (malware-cnc.rules) * 1:33931 <-> DISABLED <-> MALWARE-CNC Win.Worm.Goldrv variant outbound connection (malware-cnc.rules) * 1:34223 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Yebot variant outbound connection (malware-cnc.rules) * 1:34161 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Punkey outbound connection (malware-cnc.rules) * 1:34111 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chrozil variant outbound connection (malware-cnc.rules) * 1:34216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (malware-cnc.rules) * 1:33891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Amasages variant outbound connection (malware-cnc.rules) * 1:33879 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules) * 1:34002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules) * 1:34007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34006 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:33932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tempedreve Samba probe (malware-cnc.rules) * 1:34010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:33966 <-> DISABLED <-> MALWARE-CNC Win.Worm.Mafusc variant outbound connection (malware-cnc.rules) * 1:34012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34050 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nepigon variant outbound connection (malware-cnc.rules) * 1:34130 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:34155 <-> DISABLED <-> MALWARE-CNC MacOS.Backdoor.Xslcmd outbound connection (malware-cnc.rules) * 1:33873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tepoyx outbound connection detection (malware-cnc.rules) * 1:33989 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules) * 1:33884 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string dolit (malware-cnc.rules) * 1:34044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Exacrytion variant outbound connection (malware-cnc.rules) * 1:34183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:34042 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Igliveforg variant outbound connection (malware-cnc.rules) * 1:34047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBPasswordStealer variant outbound connection (malware-cnc.rules) * 1:34113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent beacon reply attempt (malware-cnc.rules) * 1:33862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules) * 1:34039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banklaed variant outbound connection (malware-cnc.rules) * 1:34132 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Erotimpact variant outbound connection (malware-cnc.rules) * 1:34128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WIntruder outbound connection (malware-cnc.rules) * 1:34026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules) * 1:33859 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:34045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eitenckay initial outbound connection (malware-cnc.rules) * 1:34025 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules) * 1:34004 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:33985 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.ChinaZ outbound connection (malware-cnc.rules) * 1:34049 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.EvilBunny variant outbound connection (malware-cnc.rules) * 1:33878 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules) * 1:33872 <-> DISABLED <-> MALWARE-CNC Win.Worm.Urahu outbound connection (malware-cnc.rules) * 1:34181 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:34041 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Igliveforg variant initial outbound connection (malware-cnc.rules) * 1:34140 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbound connection (malware-cnc.rules) * 1:34116 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules) * 1:34031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34001 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules) * 1:33863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadtre variant outbound connection (malware-cnc.rules) * 1:34261 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:33914 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Barys (malware-cnc.rules) * 1:34262 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:33745 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:34046 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expilan variant outbound connection (malware-cnc.rules) * 1:34280 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:34246 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AAEH variant outbound connection (malware-cnc.rules) * 1:34263 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:34282 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:33876 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules) * 1:33930 <-> DISABLED <-> MALWARE-CNC Vicepass outbound connection initial request to the CNC sending system information (malware-cnc.rules) * 1:34030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:33933 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Penget variant outbound connection (malware-cnc.rules) * 1:33912 <-> DISABLED <-> MALWARE-CNC Cryptofortress Decryption Software Purchase Tor Website (malware-cnc.rules) * 1:34108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarsi variant outbound connection (malware-cnc.rules) * 1:33868 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:34011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:33857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PwnPOS data exfiltration attempt (malware-cnc.rules) * 1:33893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:34035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypvault outbound connection (malware-cnc.rules) * 1:34219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nanocore variant outbound connection (malware-cnc.rules) * 1:33704 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33992 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules) * 1:33861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33821 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:33865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:34281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:33746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33749 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33750 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:33819 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:33820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:34286 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mudrop variant outbound connection (malware-cnc.rules) * 1:34289 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Plez outbound connection (malware-cnc.rules) * 1:34290 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Plez outbound connection (malware-cnc.rules) * 1:34291 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string crackim (malware-cnc.rules) * 1:34292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kraken outbound connection (malware-cnc.rules) * 1:34296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules) * 1:34297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules) * 1:34307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34308 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:40066 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.LokiBot (malware-cnc.rules) * 1:40067 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LokiBot outbound connection (malware-cnc.rules) * 1:46062 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules) * 1:46063 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules) * 1:46064 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules) * 1:48818 <-> ENABLED <-> MALWARE-CNC Js.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:33822 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:31820 <-> DISABLED <-> MALWARE-CNC Win.Banker.Delf variant outbound connection (malware-cnc.rules) * 1:31824 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules) * 1:31826 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant HTTP Response (malware-cnc.rules) * 1:31827 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules) * 1:33242 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Explorer - Win.Backdoor.Upatre (malware-cnc.rules) * 1:31832 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pfinet outbound connection (malware-cnc.rules) * 1:31833 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chkbot outbound connection (malware-cnc.rules) * 1:31834 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Delorado variant outbound connection (malware-cnc.rules) * 1:31835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yesudac variant outbound connection (malware-cnc.rules) * 1:31836 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Seribe variant outbound connection (malware-cnc.rules) * 1:31837 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retgate variant outbound connection (malware-cnc.rules) * 1:31883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Waterspout outbound connection (malware-cnc.rules) * 1:31885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Threebyte variant outbound connection (malware-cnc.rules) * 1:31895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toupi variant outbound connection (malware-cnc.rules) * 1:31897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (malware-cnc.rules) * 1:31904 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:31907 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Honerep variant outbound connection (malware-cnc.rules) * 1:31909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Basostab variant outbound connection (malware-cnc.rules) * 1:31911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Gareme variant outbound connection (malware-cnc.rules) * 1:31913 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maozhi variant outbound connection (malware-cnc.rules) * 1:31915 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Ziyazo variant outbound connection (malware-cnc.rules) * 1:31916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:31923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant HTTP response attempt (malware-cnc.rules) * 1:31924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:31925 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Jynxkit outbound connection (malware-cnc.rules) * 1:31928 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Becontr variant outbound connection (malware-cnc.rules) * 1:31929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules) * 1:31930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules) * 1:31941 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Pedrp variant outbound connection (malware-cnc.rules) * 1:31947 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - HttpCall - Win.Trojan.Rukypee (malware-cnc.rules) * 1:31948 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MyProgramm - Win.Trojan.Rukypee (malware-cnc.rules) * 1:31949 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Skypee - Win.Trojan.Rukypee (malware-cnc.rules) * 1:31954 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules) * 1:31955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules) * 1:31957 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Torct variant outbound connection (malware-cnc.rules) * 1:31964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:31973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chebri variant outbound connection (malware-cnc.rules) * 1:31974 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zegorg variant outbound connection (malware-cnc.rules) * 1:31990 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Install - Win.Backdoor.Upatre (malware-cnc.rules) * 1:31991 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Treck - Win.Backdoor.Upatre (malware-cnc.rules) * 1:31992 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31993 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31994 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31995 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31996 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31997 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jabberbot variant outbound connection (malware-cnc.rules) * 1:32058 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Masatekar variant outbound connection (malware-cnc.rules) * 1:31999 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:32000 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:32001 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:32002 <-> DISABLED <-> MALWARE-CNC Win.Worm.Zorenium variant outbound connection (malware-cnc.rules) * 1:32009 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder inbound connection attempt - command (malware-cnc.rules) * 1:32010 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder outbound telnet connection attempt (malware-cnc.rules) * 1:32011 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder outbound connection (malware-cnc.rules) * 1:32012 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Bipamid variant outbound connection (malware-cnc.rules) * 1:32013 <-> DISABLED <-> MALWARE-CNC Linux.Worm.Darlloz variant outbound connection (malware-cnc.rules) * 1:32015 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zeus variant outbound connection (malware-cnc.rules) * 1:32016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Menteni variant outbound connection (malware-cnc.rules) * 1:32017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Memlog SMB file transfer (malware-cnc.rules) * 1:32018 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Hupigon.NYK variant outbound connection (malware-cnc.rules) * 1:32020 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Krompt variant outbound connection (malware-cnc.rules) * 1:32023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinpid variant outbound connection (malware-cnc.rules) * 1:32028 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Klabcon variant outbound connection (malware-cnc.rules) * 1:32030 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Decibal - Win.Trojan.Decibal (malware-cnc.rules) * 1:32031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Decibal variant outbound connection (malware-cnc.rules) * 1:32033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larosden variant outbound connection (malware-cnc.rules) * 1:32034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larefervt variant outbound connection (malware-cnc.rules) * 1:32035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boleteiro variant outbound connection (malware-cnc.rules) * 1:32036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Somoca vaniant outbound connection (malware-cnc.rules) * 1:32037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload.awt variant outbound connection (malware-cnc.rules) * 1:32048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lecpetex variant outbound connection (malware-cnc.rules) * 1:32050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Larosden variant outbound connection (malware-cnc.rules) * 1:32052 <-> DISABLED <-> MALWARE-CNC User-Agent Xsser mRAT user-agent (malware-cnc.rules) * 1:32053 <-> DISABLED <-> MALWARE-CNC Xsser mRAT GPS data upload (malware-cnc.rules) * 1:32054 <-> DISABLED <-> MALWARE-CNC Xsser mRAT file upload (malware-cnc.rules) * 1:31998 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:32061 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Nekill variant outbound connection (malware-cnc.rules) * 1:32065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox inbound connection (malware-cnc.rules) * 1:32066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox outbound connection (malware-cnc.rules) * 1:32067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox outbound connection (malware-cnc.rules) * 1:32071 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zapchast variant outbound connection (malware-cnc.rules) * 1:32072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot configuration download attempt (malware-cnc.rules) * 1:32073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot outbound connection (malware-cnc.rules) * 1:32074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot payload download attempt (malware-cnc.rules) * 1:32075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small variant outbound connection (malware-cnc.rules) * 1:32086 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Corkow variant outbound connection (malware-cnc.rules) * 1:32090 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saaglup variant outbound connection (malware-cnc.rules) * 1:32091 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.PcertStealer variant outbound connection (malware-cnc.rules) * 1:32093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:32096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Puver variant outbound connection (malware-cnc.rules) * 1:32121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (malware-cnc.rules) * 1:32123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:32125 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - update - Win.Backdoor.Upatre (malware-cnc.rules) * 1:32126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lizarbot outbound connection (malware-cnc.rules) * 1:32129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:32130 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:32175 <-> DISABLED <-> MALWARE-CNC Osx.Backdoor.iWorm variant outbound connection (malware-cnc.rules) * 1:32179 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Plugx variant outbound connection (malware-cnc.rules) * 1:32180 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.ZxShell connection incoming attempt (malware-cnc.rules) * 1:32181 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.ZxShell connection outgoing attempt (malware-cnc.rules) * 1:32192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zxshell variant outbound connection (malware-cnc.rules) * 1:32193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dubrute variant outbound connection (malware-cnc.rules) * 1:32194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dubrute variant outbound connection (malware-cnc.rules) * 1:32195 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Palebot variant outbound connection (malware-cnc.rules) * 1:32196 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules) * 1:32197 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zerolocker variant outbound connection (malware-cnc.rules) * 1:32198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mujormel outbound connection (malware-cnc.rules) * 1:32202 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Soaphrish variant outbound connection (malware-cnc.rules) * 1:32220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy download detected (malware-cnc.rules) * 1:32221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy download detected (malware-cnc.rules) * 1:32222 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Liroospu variant outbound connection (malware-cnc.rules) * 1:32225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall variant outbound connection (malware-cnc.rules) * 1:32243 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Clemint variant outbound connection (malware-cnc.rules) * 1:32250 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hydraq.variant outbound detected (malware-cnc.rules) * 1:32270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba variant outbound connection (malware-cnc.rules) * 1:32272 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Hesechca variant outbound connection (malware-cnc.rules) * 1:32285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zoxpng variant outbound connection (malware-cnc.rules) * 1:32287 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sapertilz variant outbound connection (malware-cnc.rules) * 1:32289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32291 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Acanas variant outbound connection (malware-cnc.rules) * 1:32294 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent BloodguyBrowser-_- (malware-cnc.rules) * 1:32295 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string http - Win.Trojan.Waski (malware-cnc.rules) * 1:32296 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string update - Win.Trojan.Waski (malware-cnc.rules) * 1:32310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli variant outbound connection (malware-cnc.rules) * 1:32311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rehtesyk outbound connection (malware-cnc.rules) * 1:32312 <-> DISABLED <-> MALWARE-CNC FrameworkPOS data exfiltration through DNS - beacon message (malware-cnc.rules) * 1:32328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant download request (malware-cnc.rules) * 1:32329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules) * 1:32330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules) * 1:32331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules) * 1:32332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hancitor variant outbound connection (malware-cnc.rules) * 1:32333 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string fast uax (malware-cnc.rules) * 1:32334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stantinko variant outbound connection (malware-cnc.rules) * 1:32338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ropest variant outbound connection (malware-cnc.rules) * 1:32341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cakwerd variant outbound connection (malware-cnc.rules) * 1:32343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant inbound spam attempt (malware-cnc.rules) * 1:32344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound spam attempt (malware-cnc.rules) * 1:32354 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsune variant outbound connection (malware-cnc.rules) * 1:32357 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Akaza variant outbound connection (malware-cnc.rules) * 1:32367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GameOverZeus variant outbound connection (malware-cnc.rules) * 1:32368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex variant outbound connection (malware-cnc.rules) * 1:32372 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drepitt variant outbound connection (malware-cnc.rules) * 1:32373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Broonject variant outbound connection (malware-cnc.rules) * 1:32374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules) * 1:32379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Baccamun variant outbound connection (malware-cnc.rules) * 1:32383 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - connect - Win.Backdoor.Upatre (malware-cnc.rules) * 1:32384 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - myupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:32394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules) * 1:32395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules) * 1:32396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules) * 1:32397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules) * 1:32400 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Parama attempted outbound connection (malware-cnc.rules) * 1:32401 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Kivars outbound connection (malware-cnc.rules) * 1:32402 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent globalupdate - Osx.Trojan.Wirelurker (malware-cnc.rules) * 1:32451 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backoff initial outbound connection (malware-cnc.rules) * 1:32455 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VUPHTTP - Win.Trojan.Puvespia (malware-cnc.rules) * 1:32456 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Effseart variant outbound connection (malware-cnc.rules) * 1:32457 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Effseart variant inbound connection (malware-cnc.rules) * 1:32464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker variant outbound connection (malware-cnc.rules) * 1:32469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankeiya outbound connection (malware-cnc.rules) * 1:32486 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Exadog outbound connection (malware-cnc.rules) * 1:32487 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Exadog variant outbound connection (malware-cnc.rules) * 1:32493 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA variant outbound connection (malware-cnc.rules) * 1:32494 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA variant outbound connection (malware-cnc.rules) * 1:32504 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (malware-cnc.rules) * 1:32505 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (malware-cnc.rules) * 1:32506 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Secdeskinf outbound connection (malware-cnc.rules) * 1:32510 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.PiltabeA outbound connection (malware-cnc.rules) * 1:32511 <-> DISABLED <-> MALWARE-CNC PCRat variant outbound connection (malware-cnc.rules) * 1:32512 <-> DISABLED <-> MALWARE-CNC PCRat variant outbound connection (malware-cnc.rules) * 1:32513 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Havex outbound connection (malware-cnc.rules) * 1:32521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 2.0 possible TOR client retrieval attempt (malware-cnc.rules) * 1:32529 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Vkont variant outbound connection (malware-cnc.rules) * 1:32548 <-> DISABLED <-> MALWARE-CNC Mac.Backdoor.iWorm attempted outbound connection (malware-cnc.rules) * 1:32550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Extant variant outbound connection (malware-cnc.rules) * 1:32551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coreshell variant outbound connection (malware-cnc.rules) * 1:32556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayoboiz outbound connection (malware-cnc.rules) * 1:32557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayoboiz outbound connection (malware-cnc.rules) * 1:32583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:32584 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:32585 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:32586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:32598 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad file wipe attempt (malware-cnc.rules) * 1:32599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad outbound connection (malware-cnc.rules) * 1:32600 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad file wipe attempt (malware-cnc.rules) * 1:32604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Geodo variant outbound connection (malware-cnc.rules) * 1:32605 <-> DISABLED <-> MALWARE-CNC Win.Worm.Jenxcus variant outbound connection (malware-cnc.rules) * 1:32606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral variant outbound connection (malware-cnc.rules) * 1:32607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt (malware-cnc.rules) * 1:32608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt (malware-cnc.rules) * 1:32609 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (malware-cnc.rules) * 1:32610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive (malware-cnc.rules) * 1:32613 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jadowndec attempted outbound connection (malware-cnc.rules) * 1:32614 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jadowndec attempted outbound connection (malware-cnc.rules) * 1:32621 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules) * 1:32624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules) * 1:32645 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RUpdate (malware-cnc.rules) * 1:32665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chopstick variant outbound request (malware-cnc.rules) * 1:32667 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chopstick variant outbound request (malware-cnc.rules) * 1:32674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wiper variant outbound connection (malware-cnc.rules) * 1:32677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules) * 1:32678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules) * 1:32706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules) * 1:32727 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Uclinu variant outbound connection (malware-cnc.rules) * 1:32728 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Olegb variant outbound connection (malware-cnc.rules) * 1:32734 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Typideg variant outbound connection (malware-cnc.rules) * 1:32735 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoPHP variant outbound connection (malware-cnc.rules) * 1:32736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoPHP variant outbound connection (malware-cnc.rules) * 1:32743 <-> DISABLED <-> MALWARE-CNC VGABot IRC communication attempt (malware-cnc.rules) * 1:32747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragebot variant outbound connection (malware-cnc.rules) * 1:32769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WOWCheckC Attempted CNC (malware-cnc.rules) * 1:32770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules) * 1:32776 <-> DISABLED <-> MALWARE-CNC FIN4 VBA Macro credentials upload attempt (malware-cnc.rules) * 1:32780 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (malware-cnc.rules) * 1:32781 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (malware-cnc.rules) * 1:32791 <-> DISABLED <-> MALWARE-CNC Win.Virus.Ransomlock outbound connection (malware-cnc.rules) * 1:32792 <-> DISABLED <-> MALWARE-CNC Win.Virus.Ransomlock inbound connection (malware-cnc.rules) * 1:32823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection (malware-cnc.rules) * 1:32824 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel variant outbound connection (malware-cnc.rules) * 1:32825 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection (malware-cnc.rules) * 1:32826 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel data upload attempt (malware-cnc.rules) * 1:32827 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel response connection attempt (malware-cnc.rules) * 1:32852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection (malware-cnc.rules) * 1:32853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection (malware-cnc.rules) * 1:32854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Loodir outbound connection (malware-cnc.rules) * 1:32882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ksypypro outbound connection (malware-cnc.rules) * 1:32891 <-> DISABLED <-> MALWARE-CNC Php.Malware.SoakSoakRedirect Malware traffic containing WordPress Administrator credentials (malware-cnc.rules) * 1:32892 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorLocker variant outbound connection (malware-cnc.rules) * 1:32893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Finforst outbound connection (malware-cnc.rules) * 1:32908 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules) * 1:32909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules) * 1:32910 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules) * 1:32950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bladabindi variant outbound connection (malware-cnc.rules) * 1:32956 <-> DISABLED <-> MALWARE-CNC Android.CoolReaper.Trojan outbound connection (malware-cnc.rules) * 1:32957 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound SOAP connection attempt (malware-cnc.rules) * 1:32958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot response connection attempt (malware-cnc.rules) * 1:32973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Twerket variant outbound connection (malware-cnc.rules) * 1:32976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluos variant outbound connection (malware-cnc.rules) * 1:32977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluos variant outbound connection (malware-cnc.rules) * 1:32978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules) * 1:32979 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules) * 1:32980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - multi-browser (malware-cnc.rules) * 1:32986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toopu dll embedded in png download attempt (malware-cnc.rules) * 1:32987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:32988 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:32989 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:32990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toopu outbound connection (malware-cnc.rules) * 1:33047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - realupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Joanap outbound connection (malware-cnc.rules) * 1:33058 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant inbound connection (malware-cnc.rules) * 1:33059 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant outbound connection (malware-cnc.rules) * 1:33060 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant outbound connection (malware-cnc.rules) * 1:33061 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lagulon.A outbound connection (malware-cnc.rules) * 1:33081 <-> DISABLED <-> MALWARE-CNC OnionDuke variant outbound connection (malware-cnc.rules) * 1:33082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nocpos initial outbound connection (malware-cnc.rules) * 1:33083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nocpos information disclosure attempt (malware-cnc.rules) * 1:33084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tosct variant outbound connection (malware-cnc.rules) * 1:33145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules) * 1:33148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules) * 1:33149 <-> DISABLED <-> MALWARE-CNC Win.Worm.Ultramine outbound connection (malware-cnc.rules) * 1:33152 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nurjax.A outbound connection (malware-cnc.rules) * 1:33153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Heur variant outbound connection (malware-cnc.rules) * 1:33161 <-> DISABLED <-> MALWARE-CNC Win.Spyware.Rombertik outbound connection (malware-cnc.rules) * 1:33165 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poweliks outbound connection (malware-cnc.rules) * 1:33199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Sabeba outbound connection (malware-cnc.rules) * 1:33200 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pisces variant outbound connection (malware-cnc.rules) * 1:33207 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mazilla/5.0 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules) * 1:33217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuovoscor variant outbound connection (malware-cnc.rules) * 1:33218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cendode system information disclosure attempt (malware-cnc.rules) * 1:33219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue variant outbound connection (malware-cnc.rules) * 1:33220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye keylogger exfiltration attempt (malware-cnc.rules) * 1:33221 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules) * 1:33222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules) * 1:33223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules) * 1:33227 <-> DISABLED <-> MALWARE-CNC Win.Agent.BHHK variant outbound connection (malware-cnc.rules) * 1:33228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules) * 1:33994 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Beshida outbound connection (malware-cnc.rules) * 1:34037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:33232 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - AppUpdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:32060 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent string - httptestman - Win.Backdoor.Rabasheeta (malware-cnc.rules) * 1:33231 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox/5.0 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33233 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-1 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33234 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2508Inst - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33235 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-2 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33236 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2808inst - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33237 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Player - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33238 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Wurst - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33239 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Installer/1.0 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33240 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - FixUpdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33243 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozilla - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33244 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33245 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera10 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33246 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - OperaMini - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33248 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Peers12 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33249 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SLSSoapClient - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33250 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Tintin - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33251 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - USER_CHECK - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33252 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - WATClient - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33253 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - bbbbbbbbbb - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33254 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - hi - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33255 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - iMacros - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33256 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - macrotest - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33257 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlymacros - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33258 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Updates downloader - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33259 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - testupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33260 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlyupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33282 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules) * 1:33284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.OnLineGames variant outbound connection (malware-cnc.rules) * 1:33285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bavload outbound download request attempt (malware-cnc.rules) * 1:33289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rawpos incoming backdoor connection attempt (malware-cnc.rules) * 1:33299 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foxy variant outbound connection (malware-cnc.rules) * 1:33305 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rubinurd variant outbound connection (malware-cnc.rules) * 1:33328 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules) * 1:33329 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules) * 1:33330 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules) * 1:33342 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules) * 1:33411 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules) * 1:33431 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gefetroe variant outbound connection (malware-cnc.rules) * 1:33443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:33444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules) * 1:33449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileEncoder IP geolocation checkin attempt (malware-cnc.rules) * 1:33450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileEncoder variant outbound connection (malware-cnc.rules) * 1:33453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules) * 1:33456 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules) * 1:33457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:33464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dynamer variant outbound connection (malware-cnc.rules) * 1:33481 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Xnote outbound connection (malware-cnc.rules) * 1:33482 <-> DISABLED <-> MALWARE-CNC Win.Worm.Enosch variant outbound connection (malware-cnc.rules) * 1:33496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda variant outbound connection (malware-cnc.rules) * 1:33513 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - XAgent - Operation Pawn Storm (malware-cnc.rules) * 1:33519 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ALIZER (malware-cnc.rules) * 1:33520 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy inbound CNC response (malware-cnc.rules) * 1:33521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (malware-cnc.rules) * 1:33522 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - DNS Changer (malware-cnc.rules) * 1:33523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (malware-cnc.rules) * 1:33524 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (malware-cnc.rules) * 1:33543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules) * 1:33545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules) * 1:33546 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules) * 1:33547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Turla outbound connection (malware-cnc.rules) * 1:33594 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules) * 1:33620 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.lubot outbound connection (malware-cnc.rules) * 1:33621 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.lubot outbound connection (malware-cnc.rules) * 1:33633 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Downing - Win.Trojan.Otwycal (malware-cnc.rules) * 1:33646 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:33647 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:33648 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:33649 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Google Omaha - Win.Trojan.ExtenBro (malware-cnc.rules) * 1:33650 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba outbound connection (malware-cnc.rules) * 1:33674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules) * 1:33675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules) * 1:33677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Babar outbound connection (malware-cnc.rules) * 1:33678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FannyWorm outbound connection (malware-cnc.rules) * 1:33230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox - Win.Backdoor.Upatre (malware-cnc.rules) * 1:34036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NewPos outbound connection (malware-cnc.rules) * 1:33885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules) * 1:34032 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:33997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules) * 1:33831 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent DownloadMR - Solimba (malware-cnc.rules) * 1:34028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bruecimig variant outbound connection (malware-cnc.rules) * 1:33854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LogPOS variant outbound connection (malware-cnc.rules) * 1:33867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:34115 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules) * 1:34033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:33892 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xerq outbound connection (malware-cnc.rules) * 1:33993 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules) * 1:33907 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - KAIIOOOO871 - Win.Trojan.Dridex (malware-cnc.rules) * 1:34005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:33877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules) * 1:34182 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:55999 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules) * 1:56008 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt (browser-webkit.rules) * 1:56005 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules) * 1:56007 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules) * 1:56004 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CMW 100 cross site scripting attempt (server-webapp.rules) * 1:56006 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules) * 1:56009 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt (browser-webkit.rules) * 1:56001 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules) * 1:56000 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules) * 1:56003 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant initial outbound request detected (malware-cnc.rules) * 1:56002 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CMW 100 SQL injection attempt (server-webapp.rules)
* 1:33912 <-> DISABLED <-> MALWARE-CNC Cryptofortress Decryption Software Purchase Tor Website (malware-cnc.rules) * 1:33820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:33746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules) * 1:33704 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33819 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:33865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:34246 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AAEH variant outbound connection (malware-cnc.rules) * 1:33747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33851 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules) * 1:33745 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:33755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33876 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules) * 1:34297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules) * 1:34161 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Punkey outbound connection (malware-cnc.rules) * 1:34308 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:40066 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.LokiBot (malware-cnc.rules) * 1:34217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aytoke variant outbound connection (malware-cnc.rules) * 1:34292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kraken outbound connection (malware-cnc.rules) * 1:34117 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zupdax variant outbound connection (malware-cnc.rules) * 1:33879 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules) * 1:48818 <-> ENABLED <-> MALWARE-CNC Js.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:33931 <-> DISABLED <-> MALWARE-CNC Win.Worm.Goldrv variant outbound connection (malware-cnc.rules) * 1:34037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ayuther variant outbound connection (malware-cnc.rules) * 1:46062 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules) * 1:33873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tepoyx outbound connection detection (malware-cnc.rules) * 1:33877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules) * 1:33854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LogPOS variant outbound connection (malware-cnc.rules) * 1:40067 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LokiBot outbound connection (malware-cnc.rules) * 1:34033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:33749 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:34262 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:33821 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:33677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Babar outbound connection (malware-cnc.rules) * 1:46063 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules) * 1:33748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:34012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:33753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:34181 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:46064 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules) * 1:34007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34286 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mudrop variant outbound connection (malware-cnc.rules) * 1:34290 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Plez outbound connection (malware-cnc.rules) * 1:33989 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules) * 1:34289 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Plez outbound connection (malware-cnc.rules) * 1:34296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules) * 1:34219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nanocore variant outbound connection (malware-cnc.rules) * 1:34283 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:34291 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string crackim (malware-cnc.rules) * 1:34036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:33822 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:34001 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules) * 1:34111 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chrozil variant outbound connection (malware-cnc.rules) * 1:34008 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules) * 1:34030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NewPos outbound connection (malware-cnc.rules) * 1:33966 <-> DISABLED <-> MALWARE-CNC Win.Worm.Mafusc variant outbound connection (malware-cnc.rules) * 1:34031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (malware-cnc.rules) * 1:33913 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Concbak outbound connection (malware-cnc.rules) * 1:34050 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nepigon variant outbound connection (malware-cnc.rules) * 1:34025 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules) * 1:34130 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:33893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:34041 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Igliveforg variant initial outbound connection (malware-cnc.rules) * 1:33867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33994 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Beshida outbound connection (malware-cnc.rules) * 1:34155 <-> DISABLED <-> MALWARE-CNC MacOS.Backdoor.Xslcmd outbound connection (malware-cnc.rules) * 1:34108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarsi variant outbound connection (malware-cnc.rules) * 1:33861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:34182 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:34011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34115 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules) * 1:33831 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent DownloadMR - Solimba (malware-cnc.rules) * 1:33872 <-> DISABLED <-> MALWARE-CNC Win.Worm.Urahu outbound connection (malware-cnc.rules) * 1:33866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:34042 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Igliveforg variant outbound connection (malware-cnc.rules) * 1:33907 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - KAIIOOOO871 - Win.Trojan.Dridex (malware-cnc.rules) * 1:33932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tempedreve Samba probe (malware-cnc.rules) * 1:33997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules) * 1:33878 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules) * 1:34138 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Netkrypt inbound response (malware-cnc.rules) * 1:33863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:34010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:33933 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Penget variant outbound connection (malware-cnc.rules) * 1:33891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Amasages variant outbound connection (malware-cnc.rules) * 1:34281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:33240 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - FixUpdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:31996 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31827 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules) * 1:31828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jabberbot variant outbound connection (malware-cnc.rules) * 1:31832 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pfinet outbound connection (malware-cnc.rules) * 1:31833 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chkbot outbound connection (malware-cnc.rules) * 1:31834 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Delorado variant outbound connection (malware-cnc.rules) * 1:31835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yesudac variant outbound connection (malware-cnc.rules) * 1:31836 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Seribe variant outbound connection (malware-cnc.rules) * 1:31837 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retgate variant outbound connection (malware-cnc.rules) * 1:31883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Waterspout outbound connection (malware-cnc.rules) * 1:31885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Threebyte variant outbound connection (malware-cnc.rules) * 1:31895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toupi variant outbound connection (malware-cnc.rules) * 1:31897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (malware-cnc.rules) * 1:31904 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:31907 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Honerep variant outbound connection (malware-cnc.rules) * 1:31909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Basostab variant outbound connection (malware-cnc.rules) * 1:31911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Gareme variant outbound connection (malware-cnc.rules) * 1:31913 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maozhi variant outbound connection (malware-cnc.rules) * 1:31915 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Ziyazo variant outbound connection (malware-cnc.rules) * 1:31916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:31923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant HTTP response attempt (malware-cnc.rules) * 1:31924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:31925 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Jynxkit outbound connection (malware-cnc.rules) * 1:31928 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Becontr variant outbound connection (malware-cnc.rules) * 1:31929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules) * 1:31930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules) * 1:31941 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Pedrp variant outbound connection (malware-cnc.rules) * 1:31947 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - HttpCall - Win.Trojan.Rukypee (malware-cnc.rules) * 1:31948 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MyProgramm - Win.Trojan.Rukypee (malware-cnc.rules) * 1:31949 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Skypee - Win.Trojan.Rukypee (malware-cnc.rules) * 1:31954 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules) * 1:31955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules) * 1:31957 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Torct variant outbound connection (malware-cnc.rules) * 1:31964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:31973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chebri variant outbound connection (malware-cnc.rules) * 1:31974 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zegorg variant outbound connection (malware-cnc.rules) * 1:31990 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Install - Win.Backdoor.Upatre (malware-cnc.rules) * 1:31991 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Treck - Win.Backdoor.Upatre (malware-cnc.rules) * 1:31992 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31993 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31994 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:34280 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:32053 <-> DISABLED <-> MALWARE-CNC Xsser mRAT GPS data upload (malware-cnc.rules) * 1:32054 <-> DISABLED <-> MALWARE-CNC Xsser mRAT file upload (malware-cnc.rules) * 1:31998 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31999 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:32000 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:32001 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:32002 <-> DISABLED <-> MALWARE-CNC Win.Worm.Zorenium variant outbound connection (malware-cnc.rules) * 1:32009 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder inbound connection attempt - command (malware-cnc.rules) * 1:32010 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder outbound telnet connection attempt (malware-cnc.rules) * 1:32011 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder outbound connection (malware-cnc.rules) * 1:32012 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Bipamid variant outbound connection (malware-cnc.rules) * 1:32013 <-> DISABLED <-> MALWARE-CNC Linux.Worm.Darlloz variant outbound connection (malware-cnc.rules) * 1:32015 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zeus variant outbound connection (malware-cnc.rules) * 1:32016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Menteni variant outbound connection (malware-cnc.rules) * 1:32017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Memlog SMB file transfer (malware-cnc.rules) * 1:32018 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Hupigon.NYK variant outbound connection (malware-cnc.rules) * 1:32020 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Krompt variant outbound connection (malware-cnc.rules) * 1:32023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinpid variant outbound connection (malware-cnc.rules) * 1:32028 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Klabcon variant outbound connection (malware-cnc.rules) * 1:32030 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Decibal - Win.Trojan.Decibal (malware-cnc.rules) * 1:32031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Decibal variant outbound connection (malware-cnc.rules) * 1:32033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larosden variant outbound connection (malware-cnc.rules) * 1:32034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larefervt variant outbound connection (malware-cnc.rules) * 1:32035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boleteiro variant outbound connection (malware-cnc.rules) * 1:32036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Somoca vaniant outbound connection (malware-cnc.rules) * 1:32037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload.awt variant outbound connection (malware-cnc.rules) * 1:32048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lecpetex variant outbound connection (malware-cnc.rules) * 1:32050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Larosden variant outbound connection (malware-cnc.rules) * 1:32052 <-> DISABLED <-> MALWARE-CNC User-Agent Xsser mRAT user-agent (malware-cnc.rules) * 1:34183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:31997 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:33232 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - AppUpdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FannyWorm outbound connection (malware-cnc.rules) * 1:33230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33233 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-1 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33234 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2508Inst - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33235 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-2 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33236 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2808inst - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33237 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Player - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33238 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Wurst - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33239 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Installer/1.0 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:31826 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant HTTP Response (malware-cnc.rules) * 1:33242 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Explorer - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33243 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozilla - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33244 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33245 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera10 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33246 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - OperaMini - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33248 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Peers12 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33249 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SLSSoapClient - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33250 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Tintin - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33251 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - USER_CHECK - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33252 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - WATClient - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33253 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - bbbbbbbbbb - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33254 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - hi - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33255 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - iMacros - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33256 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - macrotest - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33257 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlymacros - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33258 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Updates downloader - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33259 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - testupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33260 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlyupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33282 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules) * 1:33284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.OnLineGames variant outbound connection (malware-cnc.rules) * 1:33285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bavload outbound download request attempt (malware-cnc.rules) * 1:33289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rawpos incoming backdoor connection attempt (malware-cnc.rules) * 1:33299 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foxy variant outbound connection (malware-cnc.rules) * 1:33305 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rubinurd variant outbound connection (malware-cnc.rules) * 1:33328 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules) * 1:33329 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules) * 1:33330 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules) * 1:33342 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules) * 1:33411 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules) * 1:33431 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gefetroe variant outbound connection (malware-cnc.rules) * 1:33443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:33444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules) * 1:33449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileEncoder IP geolocation checkin attempt (malware-cnc.rules) * 1:33450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileEncoder variant outbound connection (malware-cnc.rules) * 1:33453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules) * 1:33456 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules) * 1:33457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:33464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dynamer variant outbound connection (malware-cnc.rules) * 1:33481 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Xnote outbound connection (malware-cnc.rules) * 1:33482 <-> DISABLED <-> MALWARE-CNC Win.Worm.Enosch variant outbound connection (malware-cnc.rules) * 1:33496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda variant outbound connection (malware-cnc.rules) * 1:33513 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - XAgent - Operation Pawn Storm (malware-cnc.rules) * 1:33519 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ALIZER (malware-cnc.rules) * 1:33520 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy inbound CNC response (malware-cnc.rules) * 1:33521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (malware-cnc.rules) * 1:33522 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - DNS Changer (malware-cnc.rules) * 1:33523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (malware-cnc.rules) * 1:33524 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (malware-cnc.rules) * 1:33543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules) * 1:33545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules) * 1:33546 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules) * 1:33547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Turla outbound connection (malware-cnc.rules) * 1:33594 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules) * 1:33620 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.lubot outbound connection (malware-cnc.rules) * 1:33621 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.lubot outbound connection (malware-cnc.rules) * 1:33633 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Downing - Win.Trojan.Otwycal (malware-cnc.rules) * 1:33646 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:33647 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:33648 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:33649 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Google Omaha - Win.Trojan.ExtenBro (malware-cnc.rules) * 1:33650 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba outbound connection (malware-cnc.rules) * 1:33674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules) * 1:33675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules) * 1:33223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules) * 1:33884 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string dolit (malware-cnc.rules) * 1:33886 <-> DISABLED <-> MALWARE-CNC WIn.Trojan.HawkEye keylogger variant outbound connection (malware-cnc.rules) * 1:34116 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules) * 1:33885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules) * 1:34143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypvault outbound connection (malware-cnc.rules) * 1:34049 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.EvilBunny variant outbound connection (malware-cnc.rules) * 1:33862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:34136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant MSSQL response (malware-cnc.rules) * 1:34028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bruecimig variant outbound connection (malware-cnc.rules) * 1:34032 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:33990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules) * 1:34038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:33996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules) * 1:34005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:33868 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33860 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:34044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Exacrytion variant outbound connection (malware-cnc.rules) * 1:33857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PwnPOS data exfiltration attempt (malware-cnc.rules) * 1:34004 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34140 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbound connection (malware-cnc.rules) * 1:33864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:34214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Capimac variant outbound connection (malware-cnc.rules) * 1:34039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banklaed variant outbound connection (malware-cnc.rules) * 1:33883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadtre variant outbound connection (malware-cnc.rules) * 1:33859 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:34113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent beacon reply attempt (malware-cnc.rules) * 1:33750 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33227 <-> DISABLED <-> MALWARE-CNC Win.Agent.BHHK variant outbound connection (malware-cnc.rules) * 1:34282 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:34263 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:34026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules) * 1:34223 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Yebot variant outbound connection (malware-cnc.rules) * 1:33892 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xerq outbound connection (malware-cnc.rules) * 1:33992 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules) * 1:34006 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:33914 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Barys (malware-cnc.rules) * 1:34045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eitenckay initial outbound connection (malware-cnc.rules) * 1:34035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:33930 <-> DISABLED <-> MALWARE-CNC Vicepass outbound connection initial request to the CNC sending system information (malware-cnc.rules) * 1:34009 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:33985 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.ChinaZ outbound connection (malware-cnc.rules) * 1:33852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules) * 1:34047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBPasswordStealer variant outbound connection (malware-cnc.rules) * 1:33993 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules) * 1:34128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WIntruder outbound connection (malware-cnc.rules) * 1:34003 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules) * 1:34046 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expilan variant outbound connection (malware-cnc.rules) * 1:34132 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Erotimpact variant outbound connection (malware-cnc.rules) * 1:34261 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:31820 <-> DISABLED <-> MALWARE-CNC Win.Banker.Delf variant outbound connection (malware-cnc.rules) * 1:31824 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules) * 1:31995 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:33231 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox/5.0 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:32058 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Masatekar variant outbound connection (malware-cnc.rules) * 1:32060 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent string - httptestman - Win.Backdoor.Rabasheeta (malware-cnc.rules) * 1:32061 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Nekill variant outbound connection (malware-cnc.rules) * 1:32065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox inbound connection (malware-cnc.rules) * 1:32066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox outbound connection (malware-cnc.rules) * 1:32067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox outbound connection (malware-cnc.rules) * 1:32071 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zapchast variant outbound connection (malware-cnc.rules) * 1:32072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot configuration download attempt (malware-cnc.rules) * 1:32073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot outbound connection (malware-cnc.rules) * 1:32074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot payload download attempt (malware-cnc.rules) * 1:32075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small variant outbound connection (malware-cnc.rules) * 1:32086 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Corkow variant outbound connection (malware-cnc.rules) * 1:32090 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saaglup variant outbound connection (malware-cnc.rules) * 1:32091 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.PcertStealer variant outbound connection (malware-cnc.rules) * 1:32093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:32096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Puver variant outbound connection (malware-cnc.rules) * 1:32121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (malware-cnc.rules) * 1:32123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:32125 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - update - Win.Backdoor.Upatre (malware-cnc.rules) * 1:32126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lizarbot outbound connection (malware-cnc.rules) * 1:32129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:32130 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:32175 <-> DISABLED <-> MALWARE-CNC Osx.Backdoor.iWorm variant outbound connection (malware-cnc.rules) * 1:32179 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Plugx variant outbound connection (malware-cnc.rules) * 1:32180 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.ZxShell connection incoming attempt (malware-cnc.rules) * 1:32181 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.ZxShell connection outgoing attempt (malware-cnc.rules) * 1:32192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zxshell variant outbound connection (malware-cnc.rules) * 1:32193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dubrute variant outbound connection (malware-cnc.rules) * 1:32194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dubrute variant outbound connection (malware-cnc.rules) * 1:32195 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Palebot variant outbound connection (malware-cnc.rules) * 1:32196 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules) * 1:32197 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zerolocker variant outbound connection (malware-cnc.rules) * 1:32198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mujormel outbound connection (malware-cnc.rules) * 1:32202 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Soaphrish variant outbound connection (malware-cnc.rules) * 1:32220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy download detected (malware-cnc.rules) * 1:32221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy download detected (malware-cnc.rules) * 1:32222 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Liroospu variant outbound connection (malware-cnc.rules) * 1:32225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall variant outbound connection (malware-cnc.rules) * 1:32243 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Clemint variant outbound connection (malware-cnc.rules) * 1:32250 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hydraq.variant outbound detected (malware-cnc.rules) * 1:32270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba variant outbound connection (malware-cnc.rules) * 1:32272 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Hesechca variant outbound connection (malware-cnc.rules) * 1:32285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zoxpng variant outbound connection (malware-cnc.rules) * 1:32287 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sapertilz variant outbound connection (malware-cnc.rules) * 1:32289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32291 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Acanas variant outbound connection (malware-cnc.rules) * 1:32294 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent BloodguyBrowser-_- (malware-cnc.rules) * 1:32295 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string http - Win.Trojan.Waski (malware-cnc.rules) * 1:32296 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string update - Win.Trojan.Waski (malware-cnc.rules) * 1:32310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli variant outbound connection (malware-cnc.rules) * 1:32311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rehtesyk outbound connection (malware-cnc.rules) * 1:32312 <-> DISABLED <-> MALWARE-CNC FrameworkPOS data exfiltration through DNS - beacon message (malware-cnc.rules) * 1:32328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant download request (malware-cnc.rules) * 1:32329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules) * 1:32330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules) * 1:32331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules) * 1:32332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hancitor variant outbound connection (malware-cnc.rules) * 1:32333 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string fast uax (malware-cnc.rules) * 1:32334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stantinko variant outbound connection (malware-cnc.rules) * 1:32338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ropest variant outbound connection (malware-cnc.rules) * 1:32341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cakwerd variant outbound connection (malware-cnc.rules) * 1:32343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant inbound spam attempt (malware-cnc.rules) * 1:32344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound spam attempt (malware-cnc.rules) * 1:32354 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsune variant outbound connection (malware-cnc.rules) * 1:32357 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Akaza variant outbound connection (malware-cnc.rules) * 1:32367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GameOverZeus variant outbound connection (malware-cnc.rules) * 1:32368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex variant outbound connection (malware-cnc.rules) * 1:32372 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drepitt variant outbound connection (malware-cnc.rules) * 1:32373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Broonject variant outbound connection (malware-cnc.rules) * 1:32374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules) * 1:32379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Baccamun variant outbound connection (malware-cnc.rules) * 1:32383 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - connect - Win.Backdoor.Upatre (malware-cnc.rules) * 1:32384 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - myupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:32394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules) * 1:32395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules) * 1:32396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules) * 1:32397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules) * 1:32400 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Parama attempted outbound connection (malware-cnc.rules) * 1:32401 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Kivars outbound connection (malware-cnc.rules) * 1:32402 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent globalupdate - Osx.Trojan.Wirelurker (malware-cnc.rules) * 1:32451 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backoff initial outbound connection (malware-cnc.rules) * 1:32455 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VUPHTTP - Win.Trojan.Puvespia (malware-cnc.rules) * 1:32456 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Effseart variant outbound connection (malware-cnc.rules) * 1:32457 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Effseart variant inbound connection (malware-cnc.rules) * 1:32464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker variant outbound connection (malware-cnc.rules) * 1:32469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankeiya outbound connection (malware-cnc.rules) * 1:32486 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Exadog outbound connection (malware-cnc.rules) * 1:32487 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Exadog variant outbound connection (malware-cnc.rules) * 1:32493 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA variant outbound connection (malware-cnc.rules) * 1:32494 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA variant outbound connection (malware-cnc.rules) * 1:32504 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (malware-cnc.rules) * 1:32505 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (malware-cnc.rules) * 1:32506 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Secdeskinf outbound connection (malware-cnc.rules) * 1:32510 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.PiltabeA outbound connection (malware-cnc.rules) * 1:32511 <-> DISABLED <-> MALWARE-CNC PCRat variant outbound connection (malware-cnc.rules) * 1:32512 <-> DISABLED <-> MALWARE-CNC PCRat variant outbound connection (malware-cnc.rules) * 1:32513 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Havex outbound connection (malware-cnc.rules) * 1:32521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 2.0 possible TOR client retrieval attempt (malware-cnc.rules) * 1:32529 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Vkont variant outbound connection (malware-cnc.rules) * 1:32548 <-> DISABLED <-> MALWARE-CNC Mac.Backdoor.iWorm attempted outbound connection (malware-cnc.rules) * 1:32550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Extant variant outbound connection (malware-cnc.rules) * 1:32551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coreshell variant outbound connection (malware-cnc.rules) * 1:32556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayoboiz outbound connection (malware-cnc.rules) * 1:32557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayoboiz outbound connection (malware-cnc.rules) * 1:32583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:32584 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:32585 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:32586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:32598 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad file wipe attempt (malware-cnc.rules) * 1:32599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad outbound connection (malware-cnc.rules) * 1:32600 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad file wipe attempt (malware-cnc.rules) * 1:32604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Geodo variant outbound connection (malware-cnc.rules) * 1:32605 <-> DISABLED <-> MALWARE-CNC Win.Worm.Jenxcus variant outbound connection (malware-cnc.rules) * 1:32606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral variant outbound connection (malware-cnc.rules) * 1:32607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt (malware-cnc.rules) * 1:32608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt (malware-cnc.rules) * 1:32609 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (malware-cnc.rules) * 1:32610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive (malware-cnc.rules) * 1:32613 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jadowndec attempted outbound connection (malware-cnc.rules) * 1:32614 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jadowndec attempted outbound connection (malware-cnc.rules) * 1:32621 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules) * 1:32624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules) * 1:32645 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RUpdate (malware-cnc.rules) * 1:32665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chopstick variant outbound request (malware-cnc.rules) * 1:32667 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chopstick variant outbound request (malware-cnc.rules) * 1:32674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wiper variant outbound connection (malware-cnc.rules) * 1:32677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules) * 1:32678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules) * 1:32706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules) * 1:32727 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Uclinu variant outbound connection (malware-cnc.rules) * 1:32728 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Olegb variant outbound connection (malware-cnc.rules) * 1:32734 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Typideg variant outbound connection (malware-cnc.rules) * 1:32735 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoPHP variant outbound connection (malware-cnc.rules) * 1:32736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoPHP variant outbound connection (malware-cnc.rules) * 1:32743 <-> DISABLED <-> MALWARE-CNC VGABot IRC communication attempt (malware-cnc.rules) * 1:32747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragebot variant outbound connection (malware-cnc.rules) * 1:32769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WOWCheckC Attempted CNC (malware-cnc.rules) * 1:32770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules) * 1:32776 <-> DISABLED <-> MALWARE-CNC FIN4 VBA Macro credentials upload attempt (malware-cnc.rules) * 1:32780 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (malware-cnc.rules) * 1:32781 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (malware-cnc.rules) * 1:32791 <-> DISABLED <-> MALWARE-CNC Win.Virus.Ransomlock outbound connection (malware-cnc.rules) * 1:32792 <-> DISABLED <-> MALWARE-CNC Win.Virus.Ransomlock inbound connection (malware-cnc.rules) * 1:32823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection (malware-cnc.rules) * 1:32824 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel variant outbound connection (malware-cnc.rules) * 1:32825 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection (malware-cnc.rules) * 1:32826 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel data upload attempt (malware-cnc.rules) * 1:32827 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel response connection attempt (malware-cnc.rules) * 1:32852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection (malware-cnc.rules) * 1:32853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection (malware-cnc.rules) * 1:32854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Loodir outbound connection (malware-cnc.rules) * 1:32882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ksypypro outbound connection (malware-cnc.rules) * 1:32891 <-> DISABLED <-> MALWARE-CNC Php.Malware.SoakSoakRedirect Malware traffic containing WordPress Administrator credentials (malware-cnc.rules) * 1:32892 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorLocker variant outbound connection (malware-cnc.rules) * 1:32893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Finforst outbound connection (malware-cnc.rules) * 1:32908 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules) * 1:32909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules) * 1:32910 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules) * 1:32950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bladabindi variant outbound connection (malware-cnc.rules) * 1:32956 <-> DISABLED <-> MALWARE-CNC Android.CoolReaper.Trojan outbound connection (malware-cnc.rules) * 1:32957 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound SOAP connection attempt (malware-cnc.rules) * 1:32958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot response connection attempt (malware-cnc.rules) * 1:32973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Twerket variant outbound connection (malware-cnc.rules) * 1:32976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluos variant outbound connection (malware-cnc.rules) * 1:32977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluos variant outbound connection (malware-cnc.rules) * 1:32978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules) * 1:32979 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules) * 1:32980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - multi-browser (malware-cnc.rules) * 1:32986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toopu dll embedded in png download attempt (malware-cnc.rules) * 1:32987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:32988 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:32989 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:32990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toopu outbound connection (malware-cnc.rules) * 1:33047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - realupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Joanap outbound connection (malware-cnc.rules) * 1:33058 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant inbound connection (malware-cnc.rules) * 1:33059 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant outbound connection (malware-cnc.rules) * 1:33060 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant outbound connection (malware-cnc.rules) * 1:33061 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lagulon.A outbound connection (malware-cnc.rules) * 1:33081 <-> DISABLED <-> MALWARE-CNC OnionDuke variant outbound connection (malware-cnc.rules) * 1:33082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nocpos initial outbound connection (malware-cnc.rules) * 1:33083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nocpos information disclosure attempt (malware-cnc.rules) * 1:33084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tosct variant outbound connection (malware-cnc.rules) * 1:33145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules) * 1:33148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules) * 1:33149 <-> DISABLED <-> MALWARE-CNC Win.Worm.Ultramine outbound connection (malware-cnc.rules) * 1:33152 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nurjax.A outbound connection (malware-cnc.rules) * 1:33153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Heur variant outbound connection (malware-cnc.rules) * 1:33161 <-> DISABLED <-> MALWARE-CNC Win.Spyware.Rombertik outbound connection (malware-cnc.rules) * 1:33165 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poweliks outbound connection (malware-cnc.rules) * 1:33199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Sabeba outbound connection (malware-cnc.rules) * 1:33200 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pisces variant outbound connection (malware-cnc.rules) * 1:33207 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mazilla/5.0 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules) * 1:33217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuovoscor variant outbound connection (malware-cnc.rules) * 1:33218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cendode system information disclosure attempt (malware-cnc.rules) * 1:33219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue variant outbound connection (malware-cnc.rules) * 1:33220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye keylogger exfiltration attempt (malware-cnc.rules) * 1:33221 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules) * 1:33222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56003 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant initial outbound request detected (snort3-malware-cnc.rules) * 1:56004 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CMW 100 cross site scripting attempt (snort3-server-webapp.rules) * 1:56001 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (snort3-server-apache.rules) * 1:56002 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CMW 100 SQL injection attempt (snort3-server-webapp.rules) * 1:56007 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (snort3-server-webapp.rules) * 1:56006 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (snort3-server-webapp.rules) * 1:56005 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (snort3-server-webapp.rules) * 1:56008 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt (snort3-browser-webkit.rules) * 1:56009 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt (snort3-browser-webkit.rules) * 1:55999 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (snort3-server-apache.rules) * 1:56000 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (snort3-server-apache.rules)
* 1:34002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (snort3-malware-cnc.rules) * 1:32397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (snort3-malware-cnc.rules) * 1:34006 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (snort3-malware-cnc.rules) * 1:32455 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VUPHTTP - Win.Trojan.Puvespia (snort3-malware-cnc.rules) * 1:33912 <-> DISABLED <-> MALWARE-CNC Cryptofortress Decryption Software Purchase Tor Website (snort3-malware-cnc.rules) * 1:33933 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Penget variant outbound connection (snort3-malware-cnc.rules) * 1:31996 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (snort3-malware-cnc.rules) * 1:32384 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - myupdate - Win.Backdoor.Upatre (snort3-malware-cnc.rules) * 1:32383 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - connect - Win.Backdoor.Upatre (snort3-malware-cnc.rules) * 1:33821 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (snort3-malware-cnc.rules) * 1:32368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex variant outbound connection (snort3-malware-cnc.rules) * 1:32294 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent BloodguyBrowser-_- (snort3-malware-cnc.rules) * 1:32333 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string fast uax (snort3-malware-cnc.rules) * 1:32505 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (snort3-malware-cnc.rules) * 1:34289 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Plez outbound connection (snort3-malware-cnc.rules) * 1:32506 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Secdeskinf outbound connection (snort3-malware-cnc.rules) * 1:33868 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (snort3-malware-cnc.rules) * 1:33861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (snort3-malware-cnc.rules) * 1:32395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (snort3-malware-cnc.rules) * 1:33992 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (snort3-malware-cnc.rules) * 1:33851 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (snort3-malware-cnc.rules) * 1:34138 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Netkrypt inbound response (snort3-malware-cnc.rules) * 1:34117 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zupdax variant outbound connection (snort3-malware-cnc.rules) * 1:34143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypvault outbound connection (snort3-malware-cnc.rules) * 1:34013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ayuther variant outbound connection (snort3-malware-cnc.rules) * 1:34011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (snort3-malware-cnc.rules) * 1:33930 <-> DISABLED <-> MALWARE-CNC Vicepass outbound connection initial request to the CNC sending system information (snort3-malware-cnc.rules) * 1:33879 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (snort3-malware-cnc.rules) * 1:34009 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (snort3-malware-cnc.rules) * 1:33864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (snort3-malware-cnc.rules) * 1:34005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (snort3-malware-cnc.rules) * 1:34030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (snort3-malware-cnc.rules) * 1:33886 <-> DISABLED <-> MALWARE-CNC WIn.Trojan.HawkEye keylogger variant outbound connection (snort3-malware-cnc.rules) * 1:33859 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (snort3-malware-cnc.rules) * 1:34136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant MSSQL response (snort3-malware-cnc.rules) * 1:33883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadtre variant outbound connection (snort3-malware-cnc.rules) * 1:33872 <-> DISABLED <-> MALWARE-CNC Win.Worm.Urahu outbound connection (snort3-malware-cnc.rules) * 1:33885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (snort3-malware-cnc.rules) * 1:33852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (snort3-malware-cnc.rules) * 1:34008 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (snort3-malware-cnc.rules) * 1:34214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Capimac variant outbound connection (snort3-malware-cnc.rules) * 1:33860 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (snort3-malware-cnc.rules) * 1:34052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NewPos outbound connection (snort3-malware-cnc.rules) * 1:33990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (snort3-malware-cnc.rules) * 1:34181 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (snort3-malware-cnc.rules) * 1:34217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aytoke variant outbound connection (snort3-malware-cnc.rules) * 1:34216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (snort3-malware-cnc.rules) * 1:33854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LogPOS variant outbound connection (snort3-malware-cnc.rules) * 1:34111 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chrozil variant outbound connection (snort3-malware-cnc.rules) * 1:33862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (snort3-malware-cnc.rules) * 1:33913 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Concbak outbound connection (snort3-malware-cnc.rules) * 1:34032 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (snort3-malware-cnc.rules) * 1:34223 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Yebot variant outbound connection (snort3-malware-cnc.rules) * 1:33831 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent DownloadMR - Solimba (snort3-malware-cnc.rules) * 1:33997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (snort3-malware-cnc.rules) * 1:33989 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (snort3-malware-cnc.rules) * 1:34050 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nepigon variant outbound connection (snort3-malware-cnc.rules) * 1:34130 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (snort3-malware-cnc.rules) * 1:34034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (snort3-malware-cnc.rules) * 1:34012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (snort3-malware-cnc.rules) * 1:34010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (snort3-malware-cnc.rules) * 1:34007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (snort3-malware-cnc.rules) * 1:33867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (snort3-malware-cnc.rules) * 1:34047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBPasswordStealer variant outbound connection (snort3-malware-cnc.rules) * 1:34003 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (snort3-malware-cnc.rules) * 1:34039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banklaed variant outbound connection (snort3-malware-cnc.rules) * 1:34115 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (snort3-malware-cnc.rules) * 1:34046 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expilan variant outbound connection (snort3-malware-cnc.rules) * 1:34132 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Erotimpact variant outbound connection (snort3-malware-cnc.rules) * 1:33996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (snort3-malware-cnc.rules) * 1:34042 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Igliveforg variant outbound connection (snort3-malware-cnc.rules) * 1:33892 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xerq outbound connection (snort3-malware-cnc.rules) * 1:34161 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Punkey outbound connection (snort3-malware-cnc.rules) * 1:34286 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mudrop variant outbound connection (snort3-malware-cnc.rules) * 1:31993 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (snort3-malware-cnc.rules) * 1:33985 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.ChinaZ outbound connection (snort3-malware-cnc.rules) * 1:34049 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.EvilBunny variant outbound connection (snort3-malware-cnc.rules) * 1:34025 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (snort3-malware-cnc.rules) * 1:34004 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (snort3-malware-cnc.rules) * 1:33893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (snort3-malware-cnc.rules) * 1:33993 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (snort3-malware-cnc.rules) * 1:34045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eitenckay initial outbound connection (snort3-malware-cnc.rules) * 1:34035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (snort3-malware-cnc.rules) * 1:34219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nanocore variant outbound connection (snort3-malware-cnc.rules) * 1:34037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (snort3-malware-cnc.rules) * 1:33994 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Beshida outbound connection (snort3-malware-cnc.rules) * 1:34001 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (snort3-malware-cnc.rules) * 1:34280 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (snort3-malware-cnc.rules) * 1:32396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (snort3-malware-cnc.rules) * 1:34281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (snort3-malware-cnc.rules) * 1:33884 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string dolit (snort3-malware-cnc.rules) * 1:34031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (snort3-malware-cnc.rules) * 1:32456 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Effseart variant outbound connection (snort3-malware-cnc.rules) * 1:32296 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string update - Win.Trojan.Waski (snort3-malware-cnc.rules) * 1:32332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hancitor variant outbound connection (snort3-malware-cnc.rules) * 1:32451 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backoff initial outbound connection (snort3-malware-cnc.rules) * 1:32329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (snort3-malware-cnc.rules) * 1:32331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (snort3-malware-cnc.rules) * 1:32344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound spam attempt (snort3-malware-cnc.rules) * 1:32401 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Kivars outbound connection (snort3-malware-cnc.rules) * 1:34282 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (snort3-malware-cnc.rules) * 1:32504 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (snort3-malware-cnc.rules) * 1:32338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ropest variant outbound connection (snort3-malware-cnc.rules) * 1:32343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant inbound spam attempt (snort3-malware-cnc.rules) * 1:32330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (snort3-malware-cnc.rules) * 1:32310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli variant outbound connection (snort3-malware-cnc.rules) * 1:34263 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (snort3-malware-cnc.rules) * 1:32374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (snort3-malware-cnc.rules) * 1:34246 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AAEH variant outbound connection (snort3-malware-cnc.rules) * 1:32379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Baccamun variant outbound connection (snort3-malware-cnc.rules) * 1:32341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cakwerd variant outbound connection (snort3-malware-cnc.rules) * 1:32334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stantinko variant outbound connection (snort3-malware-cnc.rules) * 1:32311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rehtesyk outbound connection (snort3-malware-cnc.rules) * 1:33866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (snort3-malware-cnc.rules) * 1:34182 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (snort3-malware-cnc.rules) * 1:34041 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Igliveforg variant initial outbound connection (snort3-malware-cnc.rules) * 1:34140 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbound connection (snort3-malware-cnc.rules) * 1:33877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (snort3-malware-cnc.rules) * 1:33878 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (snort3-malware-cnc.rules) * 1:31883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Waterspout outbound connection (snort3-malware-cnc.rules) * 1:33822 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (snort3-malware-cnc.rules) * 1:34290 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Plez outbound connection (snort3-malware-cnc.rules) * 1:32511 <-> DISABLED <-> MALWARE-CNC PCRat variant outbound connection (snort3-malware-cnc.rules) * 1:32513 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Havex outbound connection (snort3-malware-cnc.rules) * 1:32011 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder outbound connection (snort3-malware-cnc.rules) * 1:31820 <-> DISABLED <-> MALWARE-CNC Win.Banker.Delf variant outbound connection (snort3-malware-cnc.rules) * 1:31824 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (snort3-malware-cnc.rules) * 1:31826 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant HTTP Response (snort3-malware-cnc.rules) * 1:31827 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (snort3-malware-cnc.rules) * 1:31828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jabberbot variant outbound connection (snort3-malware-cnc.rules) * 1:31832 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pfinet outbound connection (snort3-malware-cnc.rules) * 1:31833 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chkbot outbound connection (snort3-malware-cnc.rules) * 1:31834 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Delorado variant outbound connection (snort3-malware-cnc.rules) * 1:31835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yesudac variant outbound connection (snort3-malware-cnc.rules) * 1:31836 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Seribe variant outbound connection (snort3-malware-cnc.rules) * 1:34155 <-> DISABLED <-> MALWARE-CNC MacOS.Backdoor.Xslcmd outbound connection (snort3-malware-cnc.rules) * 1:31837 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retgate variant outbound connection (snort3-malware-cnc.rules) * 1:31885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Threebyte variant outbound connection (snort3-malware-cnc.rules) * 1:31994 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (snort3-malware-cnc.rules) * 1:31897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (snort3-malware-cnc.rules) * 1:31904 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (snort3-malware-cnc.rules) * 1:31907 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Honerep variant outbound connection (snort3-malware-cnc.rules) * 1:31909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Basostab variant outbound connection (snort3-malware-cnc.rules) * 1:31911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Gareme variant outbound connection (snort3-malware-cnc.rules) * 1:31913 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maozhi variant outbound connection (snort3-malware-cnc.rules) * 1:31915 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Ziyazo variant outbound connection (snort3-malware-cnc.rules) * 1:31916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (snort3-malware-cnc.rules) * 1:31923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant HTTP response attempt (snort3-malware-cnc.rules) * 1:31924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (snort3-malware-cnc.rules) * 1:31925 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Jynxkit outbound connection (snort3-malware-cnc.rules) * 1:31928 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Becontr variant outbound connection (snort3-malware-cnc.rules) * 1:31929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (snort3-malware-cnc.rules) * 1:31930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (snort3-malware-cnc.rules) * 1:31941 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Pedrp variant outbound connection (snort3-malware-cnc.rules) * 1:31947 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - HttpCall - Win.Trojan.Rukypee (snort3-malware-cnc.rules) * 1:31948 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MyProgramm - Win.Trojan.Rukypee (snort3-malware-cnc.rules) * 1:31949 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Skypee - Win.Trojan.Rukypee (snort3-malware-cnc.rules) * 1:31954 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (snort3-malware-cnc.rules) * 1:31955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (snort3-malware-cnc.rules) * 1:31957 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Torct variant outbound connection (snort3-malware-cnc.rules) * 1:31964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (snort3-malware-cnc.rules) * 1:31973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chebri variant outbound connection (snort3-malware-cnc.rules) * 1:31974 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zegorg variant outbound connection (snort3-malware-cnc.rules) * 1:31990 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Install - Win.Backdoor.Upatre (snort3-malware-cnc.rules) * 1:31991 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Treck - Win.Backdoor.Upatre (snort3-malware-cnc.rules) * 1:31992 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (snort3-malware-cnc.rules) * 1:31997 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (snort3-malware-cnc.rules) * 1:31895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toupi variant outbound connection (snort3-malware-cnc.rules) * 1:32529 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Vkont variant outbound connection (snort3-malware-cnc.rules) * 1:32548 <-> DISABLED <-> MALWARE-CNC Mac.Backdoor.iWorm attempted outbound connection (snort3-malware-cnc.rules) * 1:32550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Extant variant outbound connection (snort3-malware-cnc.rules) * 1:32551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coreshell variant outbound connection (snort3-malware-cnc.rules) * 1:32556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayoboiz outbound connection (snort3-malware-cnc.rules) * 1:32557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayoboiz outbound connection (snort3-malware-cnc.rules) * 1:32583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (snort3-malware-cnc.rules) * 1:32584 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (snort3-malware-cnc.rules) * 1:32585 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (snort3-malware-cnc.rules) * 1:32586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (snort3-malware-cnc.rules) * 1:32598 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad file wipe attempt (snort3-malware-cnc.rules) * 1:32599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad outbound connection (snort3-malware-cnc.rules) * 1:32600 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad file wipe attempt (snort3-malware-cnc.rules) * 1:32604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Geodo variant outbound connection (snort3-malware-cnc.rules) * 1:32605 <-> DISABLED <-> MALWARE-CNC Win.Worm.Jenxcus variant outbound connection (snort3-malware-cnc.rules) * 1:32606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral variant outbound connection (snort3-malware-cnc.rules) * 1:32607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt (snort3-malware-cnc.rules) * 1:32608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt (snort3-malware-cnc.rules) * 1:32609 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (snort3-malware-cnc.rules) * 1:32610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive (snort3-malware-cnc.rules) * 1:32613 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jadowndec attempted outbound connection (snort3-malware-cnc.rules) * 1:32614 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jadowndec attempted outbound connection (snort3-malware-cnc.rules) * 1:32621 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (snort3-malware-cnc.rules) * 1:32624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (snort3-malware-cnc.rules) * 1:32645 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RUpdate (snort3-malware-cnc.rules) * 1:32665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chopstick variant outbound request (snort3-malware-cnc.rules) * 1:32667 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chopstick variant outbound request (snort3-malware-cnc.rules) * 1:32674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wiper variant outbound connection (snort3-malware-cnc.rules) * 1:32677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (snort3-malware-cnc.rules) * 1:32678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (snort3-malware-cnc.rules) * 1:32706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (snort3-malware-cnc.rules) * 1:32727 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Uclinu variant outbound connection (snort3-malware-cnc.rules) * 1:32728 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Olegb variant outbound connection (snort3-malware-cnc.rules) * 1:32734 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Typideg variant outbound connection (snort3-malware-cnc.rules) * 1:32735 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoPHP variant outbound connection (snort3-malware-cnc.rules) * 1:32736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoPHP variant outbound connection (snort3-malware-cnc.rules) * 1:32743 <-> DISABLED <-> MALWARE-CNC VGABot IRC communication attempt (snort3-malware-cnc.rules) * 1:32747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragebot variant outbound connection (snort3-malware-cnc.rules) * 1:32769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WOWCheckC Attempted CNC (snort3-malware-cnc.rules) * 1:32770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (snort3-malware-cnc.rules) * 1:32776 <-> DISABLED <-> MALWARE-CNC FIN4 VBA Macro credentials upload attempt (snort3-malware-cnc.rules) * 1:32780 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (snort3-malware-cnc.rules) * 1:32781 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (snort3-malware-cnc.rules) * 1:32791 <-> DISABLED <-> MALWARE-CNC Win.Virus.Ransomlock outbound connection (snort3-malware-cnc.rules) * 1:32792 <-> DISABLED <-> MALWARE-CNC Win.Virus.Ransomlock inbound connection (snort3-malware-cnc.rules) * 1:32823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection (snort3-malware-cnc.rules) * 1:32824 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel variant outbound connection (snort3-malware-cnc.rules) * 1:32825 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection (snort3-malware-cnc.rules) * 1:32826 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel data upload attempt (snort3-malware-cnc.rules) * 1:32827 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel response connection attempt (snort3-malware-cnc.rules) * 1:32852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection (snort3-malware-cnc.rules) * 1:32853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection (snort3-malware-cnc.rules) * 1:32854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Loodir outbound connection (snort3-malware-cnc.rules) * 1:32882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ksypypro outbound connection (snort3-malware-cnc.rules) * 1:32891 <-> DISABLED <-> MALWARE-CNC Php.Malware.SoakSoakRedirect Malware traffic containing WordPress Administrator credentials (snort3-malware-cnc.rules) * 1:32892 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorLocker variant outbound connection (snort3-malware-cnc.rules) * 1:32893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Finforst outbound connection (snort3-malware-cnc.rules) * 1:32908 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (snort3-malware-cnc.rules) * 1:32909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (snort3-malware-cnc.rules) * 1:32910 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (snort3-malware-cnc.rules) * 1:32950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bladabindi variant outbound connection (snort3-malware-cnc.rules) * 1:32956 <-> DISABLED <-> MALWARE-CNC Android.CoolReaper.Trojan outbound connection (snort3-malware-cnc.rules) * 1:32957 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound SOAP connection attempt (snort3-malware-cnc.rules) * 1:32958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot response connection attempt (snort3-malware-cnc.rules) * 1:32973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Twerket variant outbound connection (snort3-malware-cnc.rules) * 1:32976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluos variant outbound connection (snort3-malware-cnc.rules) * 1:32977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluos variant outbound connection (snort3-malware-cnc.rules) * 1:32978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (snort3-malware-cnc.rules) * 1:32979 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (snort3-malware-cnc.rules) * 1:32980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - multi-browser (snort3-malware-cnc.rules) * 1:32986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toopu dll embedded in png download attempt (snort3-malware-cnc.rules) * 1:32987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (snort3-malware-cnc.rules) * 1:32988 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (snort3-malware-cnc.rules) * 1:32989 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (snort3-malware-cnc.rules) * 1:32990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toopu outbound connection (snort3-malware-cnc.rules) * 1:33047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - realupdate - Win.Backdoor.Upatre (snort3-malware-cnc.rules) * 1:33054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Joanap outbound connection (snort3-malware-cnc.rules) * 1:33058 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant inbound connection (snort3-malware-cnc.rules) * 1:33059 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant outbound connection (snort3-malware-cnc.rules) * 1:33060 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant outbound connection (snort3-malware-cnc.rules) * 1:33061 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lagulon.A outbound connection (snort3-malware-cnc.rules) * 1:33081 <-> DISABLED <-> MALWARE-CNC OnionDuke variant outbound connection (snort3-malware-cnc.rules) * 1:33082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nocpos initial outbound connection (snort3-malware-cnc.rules) * 1:33083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nocpos information disclosure attempt (snort3-malware-cnc.rules) * 1:33084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tosct variant outbound connection (snort3-malware-cnc.rules) * 1:33145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (snort3-malware-cnc.rules) * 1:33147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (snort3-malware-cnc.rules) * 1:33148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (snort3-malware-cnc.rules) * 1:33149 <-> DISABLED <-> MALWARE-CNC Win.Worm.Ultramine outbound connection (snort3-malware-cnc.rules) * 1:33152 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nurjax.A outbound connection (snort3-malware-cnc.rules) * 1:33153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Heur variant outbound connection (snort3-malware-cnc.rules) * 1:33161 <-> DISABLED <-> MALWARE-CNC Win.Spyware.Rombertik outbound connection (snort3-malware-cnc.rules) * 1:33165 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poweliks outbound connection (snort3-malware-cnc.rules) * 1:33199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Sabeba outbound connection (snort3-malware-cnc.rules) * 1:33200 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pisces variant outbound connection (snort3-malware-cnc.rules) * 1:33207 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mazilla/5.0 - Win.Backdoor.Upatre (snort3-malware-cnc.rules) * 1:33211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (snort3-malware-cnc.rules) * 1:33217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuovoscor variant outbound connection (snort3-malware-cnc.rules) * 1:33218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cendode system information disclosure attempt (snort3-malware-cnc.rules) * 1:33219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue variant outbound connection (snort3-malware-cnc.rules) * 1:33220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye keylogger exfiltration attempt (snort3-malware-cnc.rules) * 1:33221 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (snort3-malware-cnc.rules) * 1:33222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (snort3-malware-cnc.rules) * 1:33223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (snort3-malware-cnc.rules) * 1:33227 <-> DISABLED <-> MALWARE-CNC Win.Agent.BHHK variant outbound connection (snort3-malware-cnc.rules) * 1:33228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (snort3-malware-cnc.rules) * 1:33230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox - Win.Backdoor.Upatre (snort3-malware-cnc.rules) * 1:33231 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox/5.0 - Win.Backdoor.Upatre (snort3-malware-cnc.rules) * 1:33232 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - AppUpdate - Win.Backdoor.Upatre (snort3-malware-cnc.rules) * 1:33233 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-1 - Win.Backdoor.Upatre (snort3-malware-cnc.rules) * 1:33234 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2508Inst - Win.Backdoor.Upatre (snort3-malware-cnc.rules) * 1:33235 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-2 - Win.Backdoor.Upatre (snort3-malware-cnc.rules) * 1:33236 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2808inst - Win.Backdoor.Upatre (snort3-malware-cnc.rules) * 1:33237 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Player - Win.Backdoor.Upatre (snort3-malware-cnc.rules) * 1:33238 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Wurst - Win.Backdoor.Upatre (snort3-malware-cnc.rules) * 1:33239 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Installer/1.0 - Win.Backdoor.Upatre (snort3-malware-cnc.rules) * 1:33240 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - FixUpdate - Win.Backdoor.Upatre (snort3-malware-cnc.rules) * 1:33242 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Explorer - Win.Backdoor.Upatre (snort3-malware-cnc.rules) * 1:33243 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozilla - Win.Backdoor.Upatre (snort3-malware-cnc.rules) * 1:33244 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera - Win.Backdoor.Upatre (snort3-malware-cnc.rules) * 1:33245 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera10 - Win.Backdoor.Upatre (snort3-malware-cnc.rules) * 1:33246 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - OperaMini - Win.Backdoor.Upatre (snort3-malware-cnc.rules) * 1:33248 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Peers12 - Win.Backdoor.Upatre (snort3-malware-cnc.rules) * 1:33249 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SLSSoapClient - Win.Backdoor.Upatre (snort3-malware-cnc.rules) * 1:33250 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Tintin - Win.Backdoor.Upatre (snort3-malware-cnc.rules) * 1:33251 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - USER_CHECK - Win.Backdoor.Upatre (snort3-malware-cnc.rules) * 1:33252 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - WATClient - Win.Backdoor.Upatre (snort3-malware-cnc.rules) * 1:33253 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - bbbbbbbbbb - Win.Backdoor.Upatre (snort3-malware-cnc.rules) * 1:33254 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - hi - Win.Backdoor.Upatre (snort3-malware-cnc.rules) * 1:33255 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - iMacros - Win.Backdoor.Upatre (snort3-malware-cnc.rules) * 1:33256 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - macrotest - Win.Backdoor.Upatre (snort3-malware-cnc.rules) * 1:33257 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlymacros - Win.Backdoor.Upatre (snort3-malware-cnc.rules) * 1:33258 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Updates downloader - Win.Backdoor.Upatre (snort3-malware-cnc.rules) * 1:33259 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - testupdate - Win.Backdoor.Upatre (snort3-malware-cnc.rules) * 1:33260 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlyupdate - Win.Backdoor.Upatre (snort3-malware-cnc.rules) * 1:33282 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (snort3-malware-cnc.rules) * 1:33284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.OnLineGames variant outbound connection (snort3-malware-cnc.rules) * 1:33285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bavload outbound download request attempt (snort3-malware-cnc.rules) * 1:33289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rawpos incoming backdoor connection attempt (snort3-malware-cnc.rules) * 1:33299 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foxy variant outbound connection (snort3-malware-cnc.rules) * 1:33305 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rubinurd variant outbound connection (snort3-malware-cnc.rules) * 1:33328 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (snort3-malware-cnc.rules) * 1:33329 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (snort3-malware-cnc.rules) * 1:33330 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (snort3-malware-cnc.rules) * 1:33342 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (snort3-malware-cnc.rules) * 1:33411 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (snort3-malware-cnc.rules) * 1:33431 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (snort3-malware-cnc.rules) * 1:33432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (snort3-malware-cnc.rules) * 1:33433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (snort3-malware-cnc.rules) * 1:33434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (snort3-malware-cnc.rules) * 1:33435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (snort3-malware-cnc.rules) * 1:33439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gefetroe variant outbound connection (snort3-malware-cnc.rules) * 1:33443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (snort3-malware-cnc.rules) * 1:33444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (snort3-malware-cnc.rules) * 1:33449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileEncoder IP geolocation checkin attempt (snort3-malware-cnc.rules) * 1:33450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileEncoder variant outbound connection (snort3-malware-cnc.rules) * 1:33453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (snort3-malware-cnc.rules) * 1:33456 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (snort3-malware-cnc.rules) * 1:33457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (snort3-malware-cnc.rules) * 1:33464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dynamer variant outbound connection (snort3-malware-cnc.rules) * 1:33481 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Xnote outbound connection (snort3-malware-cnc.rules) * 1:33482 <-> DISABLED <-> MALWARE-CNC Win.Worm.Enosch variant outbound connection (snort3-malware-cnc.rules) * 1:33496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda variant outbound connection (snort3-malware-cnc.rules) * 1:33513 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - XAgent - Operation Pawn Storm (snort3-malware-cnc.rules) * 1:33519 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ALIZER (snort3-malware-cnc.rules) * 1:33520 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy inbound CNC response (snort3-malware-cnc.rules) * 1:33521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (snort3-malware-cnc.rules) * 1:33522 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - DNS Changer (snort3-malware-cnc.rules) * 1:33523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (snort3-malware-cnc.rules) * 1:33524 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (snort3-malware-cnc.rules) * 1:33543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (snort3-malware-cnc.rules) * 1:33545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (snort3-malware-cnc.rules) * 1:33546 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (snort3-malware-cnc.rules) * 1:33547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Turla outbound connection (snort3-malware-cnc.rules) * 1:33594 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (snort3-malware-cnc.rules) * 1:33620 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.lubot outbound connection (snort3-malware-cnc.rules) * 1:33621 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.lubot outbound connection (snort3-malware-cnc.rules) * 1:33633 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Downing - Win.Trojan.Otwycal (snort3-malware-cnc.rules) * 1:33646 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (snort3-malware-cnc.rules) * 1:33647 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (snort3-malware-cnc.rules) * 1:33648 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (snort3-malware-cnc.rules) * 1:33649 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Google Omaha - Win.Trojan.ExtenBro (snort3-malware-cnc.rules) * 1:33650 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba outbound connection (snort3-malware-cnc.rules) * 1:33674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (snort3-malware-cnc.rules) * 1:33675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (snort3-malware-cnc.rules) * 1:33677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Babar outbound connection (snort3-malware-cnc.rules) * 1:33678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FannyWorm outbound connection (snort3-malware-cnc.rules) * 1:33704 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (snort3-malware-cnc.rules) * 1:33745 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (snort3-malware-cnc.rules) * 1:33746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (snort3-malware-cnc.rules) * 1:33747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (snort3-malware-cnc.rules) * 1:33748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (snort3-malware-cnc.rules) * 1:33749 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (snort3-malware-cnc.rules) * 1:33750 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (snort3-malware-cnc.rules) * 1:33751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (snort3-malware-cnc.rules) * 1:33752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (snort3-malware-cnc.rules) * 1:33753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (snort3-malware-cnc.rules) * 1:33754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (snort3-malware-cnc.rules) * 1:33755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (snort3-malware-cnc.rules) * 1:33818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (snort3-malware-cnc.rules) * 1:33819 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (snort3-malware-cnc.rules) * 1:33820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (snort3-malware-cnc.rules) * 1:32521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 2.0 possible TOR client retrieval attempt (snort3-malware-cnc.rules) * 1:31995 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (snort3-malware-cnc.rules) * 1:31998 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (snort3-malware-cnc.rules) * 1:31999 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (snort3-malware-cnc.rules) * 1:32000 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (snort3-malware-cnc.rules) * 1:32001 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (snort3-malware-cnc.rules) * 1:32002 <-> DISABLED <-> MALWARE-CNC Win.Worm.Zorenium variant outbound connection (snort3-malware-cnc.rules) * 1:32009 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder inbound connection attempt - command (snort3-malware-cnc.rules) * 1:32010 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder outbound telnet connection attempt (snort3-malware-cnc.rules) * 1:32512 <-> DISABLED <-> MALWARE-CNC PCRat variant outbound connection (snort3-malware-cnc.rules) * 1:32012 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Bipamid variant outbound connection (snort3-malware-cnc.rules) * 1:32013 <-> DISABLED <-> MALWARE-CNC Linux.Worm.Darlloz variant outbound connection (snort3-malware-cnc.rules) * 1:32015 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zeus variant outbound connection (snort3-malware-cnc.rules) * 1:32016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Menteni variant outbound connection (snort3-malware-cnc.rules) * 1:32017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Memlog SMB file transfer (snort3-malware-cnc.rules) * 1:32018 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Hupigon.NYK variant outbound connection (snort3-malware-cnc.rules) * 1:32020 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Krompt variant outbound connection (snort3-malware-cnc.rules) * 1:32023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinpid variant outbound connection (snort3-malware-cnc.rules) * 1:32028 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Klabcon variant outbound connection (snort3-malware-cnc.rules) * 1:32030 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Decibal - Win.Trojan.Decibal (snort3-malware-cnc.rules) * 1:32031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Decibal variant outbound connection (snort3-malware-cnc.rules) * 1:32033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larosden variant outbound connection (snort3-malware-cnc.rules) * 1:32034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larefervt variant outbound connection (snort3-malware-cnc.rules) * 1:32035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boleteiro variant outbound connection (snort3-malware-cnc.rules) * 1:32036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Somoca vaniant outbound connection (snort3-malware-cnc.rules) * 1:32037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload.awt variant outbound connection (snort3-malware-cnc.rules) * 1:32048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lecpetex variant outbound connection (snort3-malware-cnc.rules) * 1:32050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Larosden variant outbound connection (snort3-malware-cnc.rules) * 1:32052 <-> DISABLED <-> MALWARE-CNC User-Agent Xsser mRAT user-agent (snort3-malware-cnc.rules) * 1:32053 <-> DISABLED <-> MALWARE-CNC Xsser mRAT GPS data upload (snort3-malware-cnc.rules) * 1:32054 <-> DISABLED <-> MALWARE-CNC Xsser mRAT file upload (snort3-malware-cnc.rules) * 1:32058 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Masatekar variant outbound connection (snort3-malware-cnc.rules) * 1:32060 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent string - httptestman - Win.Backdoor.Rabasheeta (snort3-malware-cnc.rules) * 1:32061 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Nekill variant outbound connection (snort3-malware-cnc.rules) * 1:32065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox inbound connection (snort3-malware-cnc.rules) * 1:32066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox outbound connection (snort3-malware-cnc.rules) * 1:32067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox outbound connection (snort3-malware-cnc.rules) * 1:32071 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zapchast variant outbound connection (snort3-malware-cnc.rules) * 1:32072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot configuration download attempt (snort3-malware-cnc.rules) * 1:32073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot outbound connection (snort3-malware-cnc.rules) * 1:32074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot payload download attempt (snort3-malware-cnc.rules) * 1:32075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small variant outbound connection (snort3-malware-cnc.rules) * 1:32086 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Corkow variant outbound connection (snort3-malware-cnc.rules) * 1:32090 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saaglup variant outbound connection (snort3-malware-cnc.rules) * 1:32091 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.PcertStealer variant outbound connection (snort3-malware-cnc.rules) * 1:32093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (snort3-malware-cnc.rules) * 1:32096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Puver variant outbound connection (snort3-malware-cnc.rules) * 1:32121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (snort3-malware-cnc.rules) * 1:32123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (snort3-malware-cnc.rules) * 1:32125 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - update - Win.Backdoor.Upatre (snort3-malware-cnc.rules) * 1:32126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lizarbot outbound connection (snort3-malware-cnc.rules) * 1:32129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (snort3-malware-cnc.rules) * 1:32130 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (snort3-malware-cnc.rules) * 1:32175 <-> DISABLED <-> MALWARE-CNC Osx.Backdoor.iWorm variant outbound connection (snort3-malware-cnc.rules) * 1:32179 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Plugx variant outbound connection (snort3-malware-cnc.rules) * 1:32180 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.ZxShell connection incoming attempt (snort3-malware-cnc.rules) * 1:32181 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.ZxShell connection outgoing attempt (snort3-malware-cnc.rules) * 1:32192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zxshell variant outbound connection (snort3-malware-cnc.rules) * 1:32193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dubrute variant outbound connection (snort3-malware-cnc.rules) * 1:32194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dubrute variant outbound connection (snort3-malware-cnc.rules) * 1:32195 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Palebot variant outbound connection (snort3-malware-cnc.rules) * 1:32196 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (snort3-malware-cnc.rules) * 1:32197 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zerolocker variant outbound connection (snort3-malware-cnc.rules) * 1:32198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mujormel outbound connection (snort3-malware-cnc.rules) * 1:32202 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Soaphrish variant outbound connection (snort3-malware-cnc.rules) * 1:32220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy download detected (snort3-malware-cnc.rules) * 1:32221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy download detected (snort3-malware-cnc.rules) * 1:32222 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Liroospu variant outbound connection (snort3-malware-cnc.rules) * 1:32225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall variant outbound connection (snort3-malware-cnc.rules) * 1:32243 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Clemint variant outbound connection (snort3-malware-cnc.rules) * 1:32250 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hydraq.variant outbound detected (snort3-malware-cnc.rules) * 1:32270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba variant outbound connection (snort3-malware-cnc.rules) * 1:32272 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Hesechca variant outbound connection (snort3-malware-cnc.rules) * 1:32285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zoxpng variant outbound connection (snort3-malware-cnc.rules) * 1:32287 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sapertilz variant outbound connection (snort3-malware-cnc.rules) * 1:32289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (snort3-malware-cnc.rules) * 1:32290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (snort3-malware-cnc.rules) * 1:34036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (snort3-malware-cnc.rules) * 1:34262 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (snort3-malware-cnc.rules) * 1:33914 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Barys (snort3-malware-cnc.rules) * 1:33891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Amasages variant outbound connection (snort3-malware-cnc.rules) * 1:34028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bruecimig variant outbound connection (snort3-malware-cnc.rules) * 1:33931 <-> DISABLED <-> MALWARE-CNC Win.Worm.Goldrv variant outbound connection (snort3-malware-cnc.rules) * 1:34033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (snort3-malware-cnc.rules) * 1:33873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tepoyx outbound connection detection (snort3-malware-cnc.rules) * 1:34026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (snort3-malware-cnc.rules) * 1:34113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent beacon reply attempt (snort3-malware-cnc.rules) * 1:33966 <-> DISABLED <-> MALWARE-CNC Win.Worm.Mafusc variant outbound connection (snort3-malware-cnc.rules) * 1:34128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WIntruder outbound connection (snort3-malware-cnc.rules) * 1:33932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tempedreve Samba probe (snort3-malware-cnc.rules) * 1:34183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (snort3-malware-cnc.rules) * 1:34108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarsi variant outbound connection (snort3-malware-cnc.rules) * 1:34044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Exacrytion variant outbound connection (snort3-malware-cnc.rules) * 1:33863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (snort3-malware-cnc.rules) * 1:33907 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - KAIIOOOO871 - Win.Trojan.Dridex (snort3-malware-cnc.rules) * 1:33857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PwnPOS data exfiltration attempt (snort3-malware-cnc.rules) * 1:34116 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (snort3-malware-cnc.rules) * 1:34038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (snort3-malware-cnc.rules) * 1:34283 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (snort3-malware-cnc.rules) * 1:32295 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string http - Win.Trojan.Waski (snort3-malware-cnc.rules) * 1:32354 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsune variant outbound connection (snort3-malware-cnc.rules) * 1:32373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Broonject variant outbound connection (snort3-malware-cnc.rules) * 1:32328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant download request (snort3-malware-cnc.rules) * 1:32493 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA variant outbound connection (snort3-malware-cnc.rules) * 1:32457 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Effseart variant inbound connection (snort3-malware-cnc.rules) * 1:32487 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Exadog variant outbound connection (snort3-malware-cnc.rules) * 1:32372 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drepitt variant outbound connection (snort3-malware-cnc.rules) * 1:32400 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Parama attempted outbound connection (snort3-malware-cnc.rules) * 1:32312 <-> DISABLED <-> MALWARE-CNC FrameworkPOS data exfiltration through DNS - beacon message (snort3-malware-cnc.rules) * 1:32464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker variant outbound connection (snort3-malware-cnc.rules) * 1:32394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (snort3-malware-cnc.rules) * 1:32510 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.PiltabeA outbound connection (snort3-malware-cnc.rules) * 1:34291 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string crackim (snort3-malware-cnc.rules) * 1:32292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (snort3-malware-cnc.rules) * 1:33865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (snort3-malware-cnc.rules) * 1:34292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kraken outbound connection (snort3-malware-cnc.rules) * 1:34261 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (snort3-malware-cnc.rules) * 1:32291 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (snort3-malware-cnc.rules) * 1:32293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Acanas variant outbound connection (snort3-malware-cnc.rules) * 1:32486 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Exadog outbound connection (snort3-malware-cnc.rules) * 1:32357 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Akaza variant outbound connection (snort3-malware-cnc.rules) * 1:32367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GameOverZeus variant outbound connection (snort3-malware-cnc.rules) * 1:33876 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (snort3-malware-cnc.rules) * 1:32494 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA variant outbound connection (snort3-malware-cnc.rules) * 1:32469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankeiya outbound connection (snort3-malware-cnc.rules) * 1:32402 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent globalupdate - Osx.Trojan.Wirelurker (snort3-malware-cnc.rules) * 1:34296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (snort3-malware-cnc.rules) * 1:34297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (snort3-malware-cnc.rules) * 1:34307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (snort3-malware-cnc.rules) * 1:34308 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (snort3-malware-cnc.rules) * 1:40066 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.LokiBot (snort3-malware-cnc.rules) * 1:40067 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LokiBot outbound connection (snort3-malware-cnc.rules) * 1:46062 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (snort3-server-webapp.rules) * 1:46063 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (snort3-server-webapp.rules) * 1:46064 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (snort3-server-webapp.rules) * 1:48818 <-> ENABLED <-> MALWARE-CNC Js.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56004 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CMW 100 cross site scripting attempt (server-webapp.rules) * 1:55999 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules) * 1:56009 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt (browser-webkit.rules) * 1:56006 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules) * 1:56003 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant initial outbound request detected (malware-cnc.rules) * 1:56000 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules) * 1:56005 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules) * 1:56001 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules) * 1:56002 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CMW 100 SQL injection attempt (server-webapp.rules) * 1:56008 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt (browser-webkit.rules) * 1:56007 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules)
* 1:33985 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.ChinaZ outbound connection (malware-cnc.rules) * 1:33543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules) * 1:33862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:34001 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules) * 1:34025 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules) * 1:34010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:33859 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PwnPOS data exfiltration attempt (malware-cnc.rules) * 1:33914 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Barys (malware-cnc.rules) * 1:33868 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:34007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34041 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Igliveforg variant initial outbound connection (malware-cnc.rules) * 1:33885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules) * 1:34032 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:33893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:34136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant MSSQL response (malware-cnc.rules) * 1:33989 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules) * 1:34216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (malware-cnc.rules) * 1:34006 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:33933 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Penget variant outbound connection (malware-cnc.rules) * 1:34052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NewPos outbound connection (malware-cnc.rules) * 1:33912 <-> DISABLED <-> MALWARE-CNC Cryptofortress Decryption Software Purchase Tor Website (malware-cnc.rules) * 1:33884 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string dolit (malware-cnc.rules) * 1:34045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eitenckay initial outbound connection (malware-cnc.rules) * 1:34217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aytoke variant outbound connection (malware-cnc.rules) * 1:33879 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules) * 1:34004 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34261 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:33851 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules) * 1:34036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:33886 <-> DISABLED <-> MALWARE-CNC WIn.Trojan.HawkEye keylogger variant outbound connection (malware-cnc.rules) * 1:34008 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34155 <-> DISABLED <-> MALWARE-CNC MacOS.Backdoor.Xslcmd outbound connection (malware-cnc.rules) * 1:33872 <-> DISABLED <-> MALWARE-CNC Win.Worm.Urahu outbound connection (malware-cnc.rules) * 1:33883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadtre variant outbound connection (malware-cnc.rules) * 1:34140 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbound connection (malware-cnc.rules) * 1:33891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Amasages variant outbound connection (malware-cnc.rules) * 1:34042 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Igliveforg variant outbound connection (malware-cnc.rules) * 1:34003 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules) * 1:34117 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zupdax variant outbound connection (malware-cnc.rules) * 1:33482 <-> DISABLED <-> MALWARE-CNC Win.Worm.Enosch variant outbound connection (malware-cnc.rules) * 1:33431 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33878 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules) * 1:33907 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - KAIIOOOO871 - Win.Trojan.Dridex (malware-cnc.rules) * 1:33866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33992 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules) * 1:33861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tempedreve Samba probe (malware-cnc.rules) * 1:33854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LogPOS variant outbound connection (malware-cnc.rules) * 1:34037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:33876 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules) * 1:33620 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.lubot outbound connection (malware-cnc.rules) * 1:34046 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expilan variant outbound connection (malware-cnc.rules) * 1:34050 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nepigon variant outbound connection (malware-cnc.rules) * 1:34026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules) * 1:34035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:33464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dynamer variant outbound connection (malware-cnc.rules) * 1:33621 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.lubot outbound connection (malware-cnc.rules) * 1:34182 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:33821 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:34262 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:33867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:33450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileEncoder variant outbound connection (malware-cnc.rules) * 1:33513 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - XAgent - Operation Pawn Storm (malware-cnc.rules) * 1:31836 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Seribe variant outbound connection (malware-cnc.rules) * 1:34263 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:33433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules) * 1:33444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules) * 1:33411 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules) * 1:34049 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.EvilBunny variant outbound connection (malware-cnc.rules) * 1:33443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:34282 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:33650 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba outbound connection (malware-cnc.rules) * 1:33496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda variant outbound connection (malware-cnc.rules) * 1:33449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileEncoder IP geolocation checkin attempt (malware-cnc.rules) * 1:33520 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy inbound CNC response (malware-cnc.rules) * 1:33747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33481 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Xnote outbound connection (malware-cnc.rules) * 1:33930 <-> DISABLED <-> MALWARE-CNC Vicepass outbound connection initial request to the CNC sending system information (malware-cnc.rules) * 1:33521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (malware-cnc.rules) * 1:33864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:34034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:33545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules) * 1:34281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:34033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:33439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gefetroe variant outbound connection (malware-cnc.rules) * 1:33432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:34039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banklaed variant outbound connection (malware-cnc.rules) * 1:33519 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ALIZER (malware-cnc.rules) * 1:33994 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Beshida outbound connection (malware-cnc.rules) * 1:34044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Exacrytion variant outbound connection (malware-cnc.rules) * 1:34183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:33931 <-> DISABLED <-> MALWARE-CNC Win.Worm.Goldrv variant outbound connection (malware-cnc.rules) * 1:34038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Capimac variant outbound connection (malware-cnc.rules) * 1:33852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules) * 1:34128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WIntruder outbound connection (malware-cnc.rules) * 1:33877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules) * 1:34002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules) * 1:34161 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Punkey outbound connection (malware-cnc.rules) * 1:34009 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:33892 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xerq outbound connection (malware-cnc.rules) * 1:34181 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:34013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ayuther variant outbound connection (malware-cnc.rules) * 1:33745 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33633 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Downing - Win.Trojan.Otwycal (malware-cnc.rules) * 1:33523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (malware-cnc.rules) * 1:33750 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33594 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules) * 1:33547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Turla outbound connection (malware-cnc.rules) * 1:46064 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules) * 1:34111 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chrozil variant outbound connection (malware-cnc.rules) * 1:33648 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:34286 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mudrop variant outbound connection (malware-cnc.rules) * 1:33674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules) * 1:33751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:33819 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:33820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:48818 <-> ENABLED <-> MALWARE-CNC Js.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:33822 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:33647 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:33054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Joanap outbound connection (malware-cnc.rules) * 1:31820 <-> DISABLED <-> MALWARE-CNC Win.Banker.Delf variant outbound connection (malware-cnc.rules) * 1:31824 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules) * 1:31826 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant HTTP Response (malware-cnc.rules) * 1:31827 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules) * 1:31828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jabberbot variant outbound connection (malware-cnc.rules) * 1:31832 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pfinet outbound connection (malware-cnc.rules) * 1:31833 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chkbot outbound connection (malware-cnc.rules) * 1:31834 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Delorado variant outbound connection (malware-cnc.rules) * 1:31835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yesudac variant outbound connection (malware-cnc.rules) * 1:33058 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant inbound connection (malware-cnc.rules) * 1:31993 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toupi variant outbound connection (malware-cnc.rules) * 1:31897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (malware-cnc.rules) * 1:31904 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:31907 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Honerep variant outbound connection (malware-cnc.rules) * 1:31909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Basostab variant outbound connection (malware-cnc.rules) * 1:31911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Gareme variant outbound connection (malware-cnc.rules) * 1:31913 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maozhi variant outbound connection (malware-cnc.rules) * 1:31915 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Ziyazo variant outbound connection (malware-cnc.rules) * 1:31916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:31923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant HTTP response attempt (malware-cnc.rules) * 1:31924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:31925 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Jynxkit outbound connection (malware-cnc.rules) * 1:31928 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Becontr variant outbound connection (malware-cnc.rules) * 1:31929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules) * 1:31930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules) * 1:31941 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Pedrp variant outbound connection (malware-cnc.rules) * 1:31947 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - HttpCall - Win.Trojan.Rukypee (malware-cnc.rules) * 1:31948 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MyProgramm - Win.Trojan.Rukypee (malware-cnc.rules) * 1:31949 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Skypee - Win.Trojan.Rukypee (malware-cnc.rules) * 1:31954 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules) * 1:31955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules) * 1:31957 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Torct variant outbound connection (malware-cnc.rules) * 1:31964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:31973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chebri variant outbound connection (malware-cnc.rules) * 1:31974 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zegorg variant outbound connection (malware-cnc.rules) * 1:33678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FannyWorm outbound connection (malware-cnc.rules) * 1:31990 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Install - Win.Backdoor.Upatre (malware-cnc.rules) * 1:34011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:31883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Waterspout outbound connection (malware-cnc.rules) * 1:32979 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules) * 1:31994 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31995 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31996 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31997 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31998 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31999 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:32000 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:32001 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:32002 <-> DISABLED <-> MALWARE-CNC Win.Worm.Zorenium variant outbound connection (malware-cnc.rules) * 1:32009 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder inbound connection attempt - command (malware-cnc.rules) * 1:32010 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder outbound telnet connection attempt (malware-cnc.rules) * 1:32011 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder outbound connection (malware-cnc.rules) * 1:32012 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Bipamid variant outbound connection (malware-cnc.rules) * 1:32013 <-> DISABLED <-> MALWARE-CNC Linux.Worm.Darlloz variant outbound connection (malware-cnc.rules) * 1:32015 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zeus variant outbound connection (malware-cnc.rules) * 1:32016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Menteni variant outbound connection (malware-cnc.rules) * 1:32017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Memlog SMB file transfer (malware-cnc.rules) * 1:32018 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Hupigon.NYK variant outbound connection (malware-cnc.rules) * 1:32020 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Krompt variant outbound connection (malware-cnc.rules) * 1:32023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinpid variant outbound connection (malware-cnc.rules) * 1:32028 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Klabcon variant outbound connection (malware-cnc.rules) * 1:32030 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Decibal - Win.Trojan.Decibal (malware-cnc.rules) * 1:32031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Decibal variant outbound connection (malware-cnc.rules) * 1:32033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larosden variant outbound connection (malware-cnc.rules) * 1:32034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larefervt variant outbound connection (malware-cnc.rules) * 1:32035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boleteiro variant outbound connection (malware-cnc.rules) * 1:32036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Somoca vaniant outbound connection (malware-cnc.rules) * 1:32037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload.awt variant outbound connection (malware-cnc.rules) * 1:32048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lecpetex variant outbound connection (malware-cnc.rules) * 1:32050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Larosden variant outbound connection (malware-cnc.rules) * 1:32052 <-> DISABLED <-> MALWARE-CNC User-Agent Xsser mRAT user-agent (malware-cnc.rules) * 1:32053 <-> DISABLED <-> MALWARE-CNC Xsser mRAT GPS data upload (malware-cnc.rules) * 1:32054 <-> DISABLED <-> MALWARE-CNC Xsser mRAT file upload (malware-cnc.rules) * 1:32058 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Masatekar variant outbound connection (malware-cnc.rules) * 1:32060 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent string - httptestman - Win.Backdoor.Rabasheeta (malware-cnc.rules) * 1:32061 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Nekill variant outbound connection (malware-cnc.rules) * 1:32065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox inbound connection (malware-cnc.rules) * 1:32066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox outbound connection (malware-cnc.rules) * 1:32067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox outbound connection (malware-cnc.rules) * 1:32071 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zapchast variant outbound connection (malware-cnc.rules) * 1:32072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot configuration download attempt (malware-cnc.rules) * 1:32073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot outbound connection (malware-cnc.rules) * 1:32074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot payload download attempt (malware-cnc.rules) * 1:32075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small variant outbound connection (malware-cnc.rules) * 1:32086 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Corkow variant outbound connection (malware-cnc.rules) * 1:32090 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saaglup variant outbound connection (malware-cnc.rules) * 1:32091 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.PcertStealer variant outbound connection (malware-cnc.rules) * 1:32093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:32096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Puver variant outbound connection (malware-cnc.rules) * 1:32121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (malware-cnc.rules) * 1:32123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:32125 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - update - Win.Backdoor.Upatre (malware-cnc.rules) * 1:32126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lizarbot outbound connection (malware-cnc.rules) * 1:32129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:32130 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:32175 <-> DISABLED <-> MALWARE-CNC Osx.Backdoor.iWorm variant outbound connection (malware-cnc.rules) * 1:32179 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Plugx variant outbound connection (malware-cnc.rules) * 1:32180 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.ZxShell connection incoming attempt (malware-cnc.rules) * 1:32181 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.ZxShell connection outgoing attempt (malware-cnc.rules) * 1:32192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zxshell variant outbound connection (malware-cnc.rules) * 1:32193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dubrute variant outbound connection (malware-cnc.rules) * 1:32194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dubrute variant outbound connection (malware-cnc.rules) * 1:32195 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Palebot variant outbound connection (malware-cnc.rules) * 1:32196 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules) * 1:32197 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zerolocker variant outbound connection (malware-cnc.rules) * 1:32198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mujormel outbound connection (malware-cnc.rules) * 1:32202 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Soaphrish variant outbound connection (malware-cnc.rules) * 1:32220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy download detected (malware-cnc.rules) * 1:32221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy download detected (malware-cnc.rules) * 1:32222 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Liroospu variant outbound connection (malware-cnc.rules) * 1:32225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall variant outbound connection (malware-cnc.rules) * 1:32243 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Clemint variant outbound connection (malware-cnc.rules) * 1:32250 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hydraq.variant outbound detected (malware-cnc.rules) * 1:32270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba variant outbound connection (malware-cnc.rules) * 1:32272 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Hesechca variant outbound connection (malware-cnc.rules) * 1:32285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zoxpng variant outbound connection (malware-cnc.rules) * 1:32287 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sapertilz variant outbound connection (malware-cnc.rules) * 1:32289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32291 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Acanas variant outbound connection (malware-cnc.rules) * 1:32294 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent BloodguyBrowser-_- (malware-cnc.rules) * 1:32295 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string http - Win.Trojan.Waski (malware-cnc.rules) * 1:32296 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string update - Win.Trojan.Waski (malware-cnc.rules) * 1:32310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli variant outbound connection (malware-cnc.rules) * 1:32311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rehtesyk outbound connection (malware-cnc.rules) * 1:32312 <-> DISABLED <-> MALWARE-CNC FrameworkPOS data exfiltration through DNS - beacon message (malware-cnc.rules) * 1:32328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant download request (malware-cnc.rules) * 1:32329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules) * 1:32330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules) * 1:32331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules) * 1:32332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hancitor variant outbound connection (malware-cnc.rules) * 1:32333 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string fast uax (malware-cnc.rules) * 1:32334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stantinko variant outbound connection (malware-cnc.rules) * 1:32338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ropest variant outbound connection (malware-cnc.rules) * 1:32341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cakwerd variant outbound connection (malware-cnc.rules) * 1:32343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant inbound spam attempt (malware-cnc.rules) * 1:32344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound spam attempt (malware-cnc.rules) * 1:32354 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsune variant outbound connection (malware-cnc.rules) * 1:32357 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Akaza variant outbound connection (malware-cnc.rules) * 1:32367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GameOverZeus variant outbound connection (malware-cnc.rules) * 1:32368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex variant outbound connection (malware-cnc.rules) * 1:32372 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drepitt variant outbound connection (malware-cnc.rules) * 1:32373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Broonject variant outbound connection (malware-cnc.rules) * 1:32374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules) * 1:32379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Baccamun variant outbound connection (malware-cnc.rules) * 1:32383 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - connect - Win.Backdoor.Upatre (malware-cnc.rules) * 1:32384 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - myupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:32394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules) * 1:32395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules) * 1:32396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules) * 1:32397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules) * 1:32400 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Parama attempted outbound connection (malware-cnc.rules) * 1:32401 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Kivars outbound connection (malware-cnc.rules) * 1:32402 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent globalupdate - Osx.Trojan.Wirelurker (malware-cnc.rules) * 1:32451 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backoff initial outbound connection (malware-cnc.rules) * 1:32455 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VUPHTTP - Win.Trojan.Puvespia (malware-cnc.rules) * 1:32456 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Effseart variant outbound connection (malware-cnc.rules) * 1:32457 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Effseart variant inbound connection (malware-cnc.rules) * 1:32464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker variant outbound connection (malware-cnc.rules) * 1:32469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankeiya outbound connection (malware-cnc.rules) * 1:32486 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Exadog outbound connection (malware-cnc.rules) * 1:32487 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Exadog variant outbound connection (malware-cnc.rules) * 1:32493 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA variant outbound connection (malware-cnc.rules) * 1:32494 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA variant outbound connection (malware-cnc.rules) * 1:32504 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (malware-cnc.rules) * 1:32505 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (malware-cnc.rules) * 1:32506 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Secdeskinf outbound connection (malware-cnc.rules) * 1:32510 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.PiltabeA outbound connection (malware-cnc.rules) * 1:32511 <-> DISABLED <-> MALWARE-CNC PCRat variant outbound connection (malware-cnc.rules) * 1:32512 <-> DISABLED <-> MALWARE-CNC PCRat variant outbound connection (malware-cnc.rules) * 1:32513 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Havex outbound connection (malware-cnc.rules) * 1:32521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 2.0 possible TOR client retrieval attempt (malware-cnc.rules) * 1:32529 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Vkont variant outbound connection (malware-cnc.rules) * 1:32548 <-> DISABLED <-> MALWARE-CNC Mac.Backdoor.iWorm attempted outbound connection (malware-cnc.rules) * 1:32550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Extant variant outbound connection (malware-cnc.rules) * 1:32551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coreshell variant outbound connection (malware-cnc.rules) * 1:32556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayoboiz outbound connection (malware-cnc.rules) * 1:32557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayoboiz outbound connection (malware-cnc.rules) * 1:32583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:32584 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:32585 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:32586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:32598 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad file wipe attempt (malware-cnc.rules) * 1:32599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad outbound connection (malware-cnc.rules) * 1:32600 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad file wipe attempt (malware-cnc.rules) * 1:32604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Geodo variant outbound connection (malware-cnc.rules) * 1:32605 <-> DISABLED <-> MALWARE-CNC Win.Worm.Jenxcus variant outbound connection (malware-cnc.rules) * 1:32606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral variant outbound connection (malware-cnc.rules) * 1:32607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt (malware-cnc.rules) * 1:32608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt (malware-cnc.rules) * 1:32609 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (malware-cnc.rules) * 1:32610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive (malware-cnc.rules) * 1:32613 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jadowndec attempted outbound connection (malware-cnc.rules) * 1:32614 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jadowndec attempted outbound connection (malware-cnc.rules) * 1:32621 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules) * 1:32624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules) * 1:32645 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RUpdate (malware-cnc.rules) * 1:32665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chopstick variant outbound request (malware-cnc.rules) * 1:32667 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chopstick variant outbound request (malware-cnc.rules) * 1:32674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wiper variant outbound connection (malware-cnc.rules) * 1:32677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules) * 1:32678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules) * 1:32706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules) * 1:32727 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Uclinu variant outbound connection (malware-cnc.rules) * 1:32728 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Olegb variant outbound connection (malware-cnc.rules) * 1:32734 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Typideg variant outbound connection (malware-cnc.rules) * 1:32735 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoPHP variant outbound connection (malware-cnc.rules) * 1:32736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoPHP variant outbound connection (malware-cnc.rules) * 1:32743 <-> DISABLED <-> MALWARE-CNC VGABot IRC communication attempt (malware-cnc.rules) * 1:32747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragebot variant outbound connection (malware-cnc.rules) * 1:32769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WOWCheckC Attempted CNC (malware-cnc.rules) * 1:32770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules) * 1:32776 <-> DISABLED <-> MALWARE-CNC FIN4 VBA Macro credentials upload attempt (malware-cnc.rules) * 1:32780 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (malware-cnc.rules) * 1:32781 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (malware-cnc.rules) * 1:32791 <-> DISABLED <-> MALWARE-CNC Win.Virus.Ransomlock outbound connection (malware-cnc.rules) * 1:32792 <-> DISABLED <-> MALWARE-CNC Win.Virus.Ransomlock inbound connection (malware-cnc.rules) * 1:32823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection (malware-cnc.rules) * 1:32824 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel variant outbound connection (malware-cnc.rules) * 1:32825 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection (malware-cnc.rules) * 1:32826 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel data upload attempt (malware-cnc.rules) * 1:32827 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel response connection attempt (malware-cnc.rules) * 1:32852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection (malware-cnc.rules) * 1:32853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection (malware-cnc.rules) * 1:32854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Loodir outbound connection (malware-cnc.rules) * 1:32882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ksypypro outbound connection (malware-cnc.rules) * 1:32891 <-> DISABLED <-> MALWARE-CNC Php.Malware.SoakSoakRedirect Malware traffic containing WordPress Administrator credentials (malware-cnc.rules) * 1:32892 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorLocker variant outbound connection (malware-cnc.rules) * 1:32893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Finforst outbound connection (malware-cnc.rules) * 1:32908 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules) * 1:32909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules) * 1:32910 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules) * 1:32950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bladabindi variant outbound connection (malware-cnc.rules) * 1:32956 <-> DISABLED <-> MALWARE-CNC Android.CoolReaper.Trojan outbound connection (malware-cnc.rules) * 1:32957 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound SOAP connection attempt (malware-cnc.rules) * 1:32958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot response connection attempt (malware-cnc.rules) * 1:32973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Twerket variant outbound connection (malware-cnc.rules) * 1:32976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluos variant outbound connection (malware-cnc.rules) * 1:32977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluos variant outbound connection (malware-cnc.rules) * 1:33677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Babar outbound connection (malware-cnc.rules) * 1:33863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:31885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Threebyte variant outbound connection (malware-cnc.rules) * 1:31992 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:32986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toopu dll embedded in png download attempt (malware-cnc.rules) * 1:32987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:32988 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:32989 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:32990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toopu outbound connection (malware-cnc.rules) * 1:33047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - realupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33059 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant outbound connection (malware-cnc.rules) * 1:33060 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant outbound connection (malware-cnc.rules) * 1:33061 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lagulon.A outbound connection (malware-cnc.rules) * 1:33081 <-> DISABLED <-> MALWARE-CNC OnionDuke variant outbound connection (malware-cnc.rules) * 1:33082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nocpos initial outbound connection (malware-cnc.rules) * 1:33083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nocpos information disclosure attempt (malware-cnc.rules) * 1:33084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tosct variant outbound connection (malware-cnc.rules) * 1:33145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules) * 1:33148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules) * 1:33149 <-> DISABLED <-> MALWARE-CNC Win.Worm.Ultramine outbound connection (malware-cnc.rules) * 1:33152 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nurjax.A outbound connection (malware-cnc.rules) * 1:33153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Heur variant outbound connection (malware-cnc.rules) * 1:33161 <-> DISABLED <-> MALWARE-CNC Win.Spyware.Rombertik outbound connection (malware-cnc.rules) * 1:33165 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poweliks outbound connection (malware-cnc.rules) * 1:33199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Sabeba outbound connection (malware-cnc.rules) * 1:33200 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pisces variant outbound connection (malware-cnc.rules) * 1:33207 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mazilla/5.0 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules) * 1:33217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuovoscor variant outbound connection (malware-cnc.rules) * 1:33218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cendode system information disclosure attempt (malware-cnc.rules) * 1:33219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue variant outbound connection (malware-cnc.rules) * 1:33220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye keylogger exfiltration attempt (malware-cnc.rules) * 1:33221 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules) * 1:33222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules) * 1:33223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules) * 1:33227 <-> DISABLED <-> MALWARE-CNC Win.Agent.BHHK variant outbound connection (malware-cnc.rules) * 1:33228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules) * 1:33230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33231 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox/5.0 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33232 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - AppUpdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33233 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-1 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33234 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2508Inst - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33235 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-2 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33236 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2808inst - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33237 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Player - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33238 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Wurst - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33239 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Installer/1.0 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33240 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - FixUpdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33242 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Explorer - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33243 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozilla - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33244 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33245 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera10 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33246 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - OperaMini - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33248 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Peers12 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33249 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SLSSoapClient - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33250 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Tintin - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33251 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - USER_CHECK - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33252 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - WATClient - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33253 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - bbbbbbbbbb - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33254 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - hi - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33255 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - iMacros - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33256 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - macrotest - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33257 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlymacros - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33258 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Updates downloader - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33259 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - testupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33260 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlyupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33282 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules) * 1:33284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.OnLineGames variant outbound connection (malware-cnc.rules) * 1:33285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bavload outbound download request attempt (malware-cnc.rules) * 1:33289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rawpos incoming backdoor connection attempt (malware-cnc.rules) * 1:32978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules) * 1:33299 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foxy variant outbound connection (malware-cnc.rules) * 1:33305 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rubinurd variant outbound connection (malware-cnc.rules) * 1:33328 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules) * 1:33329 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules) * 1:33330 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules) * 1:33342 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules) * 1:33704 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:34138 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Netkrypt inbound response (malware-cnc.rules) * 1:34116 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules) * 1:34219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nanocore variant outbound connection (malware-cnc.rules) * 1:34115 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules) * 1:34030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34223 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Yebot variant outbound connection (malware-cnc.rules) * 1:34246 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AAEH variant outbound connection (malware-cnc.rules) * 1:34028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bruecimig variant outbound connection (malware-cnc.rules) * 1:33913 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Concbak outbound connection (malware-cnc.rules) * 1:34047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBPasswordStealer variant outbound connection (malware-cnc.rules) * 1:34130 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:34132 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Erotimpact variant outbound connection (malware-cnc.rules) * 1:33997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules) * 1:34108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarsi variant outbound connection (malware-cnc.rules) * 1:34113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent beacon reply attempt (malware-cnc.rules) * 1:33966 <-> DISABLED <-> MALWARE-CNC Win.Worm.Mafusc variant outbound connection (malware-cnc.rules) * 1:33831 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent DownloadMR - Solimba (malware-cnc.rules) * 1:34283 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:34280 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:33434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33860 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules) * 1:34290 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Plez outbound connection (malware-cnc.rules) * 1:34291 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string crackim (malware-cnc.rules) * 1:34292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kraken outbound connection (malware-cnc.rules) * 1:34289 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Plez outbound connection (malware-cnc.rules) * 1:34297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules) * 1:34307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34308 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules) * 1:40067 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LokiBot outbound connection (malware-cnc.rules) * 1:46062 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules) * 1:46063 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules) * 1:40066 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.LokiBot (malware-cnc.rules) * 1:31991 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Treck - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33524 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (malware-cnc.rules) * 1:33748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33546 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules) * 1:33649 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Google Omaha - Win.Trojan.ExtenBro (malware-cnc.rules) * 1:34143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypvault outbound connection (malware-cnc.rules) * 1:32980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - multi-browser (malware-cnc.rules) * 1:34031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:33873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tepoyx outbound connection detection (malware-cnc.rules) * 1:33646 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:31837 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retgate variant outbound connection (malware-cnc.rules) * 1:33990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules) * 1:33993 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules) * 1:33522 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - DNS Changer (malware-cnc.rules) * 1:33749 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules) * 1:33456 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
