Talos Rules 2020-10-15
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-webkit, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2020-10-15 12:57:43 UTC

Snort Subscriber Rules Update

Date: 2020-10-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:55999 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules)
 * 1:56000 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules)
 * 1:56001 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules)
 * 1:56002 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CMW 100 SQL injection attempt (server-webapp.rules)
 * 1:56003 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant initial outbound request detected (malware-cnc.rules)
 * 1:56004 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CMW 100 cross site scripting attempt (server-webapp.rules)
 * 1:56005 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules)
 * 1:56006 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules)
 * 1:56007 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules)
 * 1:56008 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt (browser-webkit.rules)
 * 1:56009 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt (browser-webkit.rules)

Modified Rules:


 * 1:33161 <-> DISABLED <-> MALWARE-CNC Win.Spyware.Rombertik outbound connection (malware-cnc.rules)
 * 1:33165 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poweliks outbound connection (malware-cnc.rules)
 * 1:33199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Sabeba outbound connection (malware-cnc.rules)
 * 1:33200 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pisces variant outbound connection (malware-cnc.rules)
 * 1:33207 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mazilla/5.0 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules)
 * 1:33217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuovoscor variant outbound connection (malware-cnc.rules)
 * 1:33218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cendode system information disclosure attempt (malware-cnc.rules)
 * 1:33219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue variant outbound connection (malware-cnc.rules)
 * 1:33220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye keylogger exfiltration attempt (malware-cnc.rules)
 * 1:33221 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules)
 * 1:33222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules)
 * 1:33223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules)
 * 1:33227 <-> DISABLED <-> MALWARE-CNC Win.Agent.BHHK variant outbound connection (malware-cnc.rules)
 * 1:33228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules)
 * 1:33230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33231 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox/5.0 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33232 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - AppUpdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33233 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-1 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33234 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2508Inst - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33235 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-2 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33236 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2808inst - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33237 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Player - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33238 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Wurst - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33239 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Installer/1.0 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33240 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - FixUpdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33242 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Explorer - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33243 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozilla - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33244 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33245 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera10 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33246 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - OperaMini - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33248 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Peers12 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33249 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SLSSoapClient - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33250 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Tintin - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33251 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - USER_CHECK - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33252 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - WATClient - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33253 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - bbbbbbbbbb - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33254 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - hi - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33255 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - iMacros - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33256 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - macrotest - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33257 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlymacros - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33258 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Updates downloader - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33259 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - testupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33260 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlyupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33282 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules)
 * 1:33284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.OnLineGames variant outbound connection (malware-cnc.rules)
 * 1:33285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bavload outbound download request attempt (malware-cnc.rules)
 * 1:33289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rawpos incoming backdoor connection attempt (malware-cnc.rules)
 * 1:33299 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foxy variant outbound connection (malware-cnc.rules)
 * 1:33305 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rubinurd variant outbound connection (malware-cnc.rules)
 * 1:33328 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules)
 * 1:33329 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules)
 * 1:33330 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules)
 * 1:33342 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules)
 * 1:33411 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules)
 * 1:33431 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gefetroe variant outbound connection (malware-cnc.rules)
 * 1:33443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:33444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules)
 * 1:33449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileEncoder IP geolocation checkin attempt (malware-cnc.rules)
 * 1:33450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileEncoder variant outbound connection (malware-cnc.rules)
 * 1:33453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules)
 * 1:33456 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules)
 * 1:33457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:33464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dynamer variant outbound connection (malware-cnc.rules)
 * 1:33481 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Xnote outbound connection (malware-cnc.rules)
 * 1:33482 <-> DISABLED <-> MALWARE-CNC Win.Worm.Enosch variant outbound connection (malware-cnc.rules)
 * 1:33496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda variant outbound connection (malware-cnc.rules)
 * 1:33513 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - XAgent - Operation Pawn Storm (malware-cnc.rules)
 * 1:33519 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ALIZER (malware-cnc.rules)
 * 1:33520 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy inbound CNC response (malware-cnc.rules)
 * 1:33521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (malware-cnc.rules)
 * 1:33522 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - DNS Changer (malware-cnc.rules)
 * 1:33523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (malware-cnc.rules)
 * 1:33524 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (malware-cnc.rules)
 * 1:33543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules)
 * 1:33545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules)
 * 1:33546 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules)
 * 1:33547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Turla outbound connection (malware-cnc.rules)
 * 1:33594 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules)
 * 1:33620 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.lubot outbound connection (malware-cnc.rules)
 * 1:33621 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.lubot outbound connection (malware-cnc.rules)
 * 1:33633 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Downing - Win.Trojan.Otwycal (malware-cnc.rules)
 * 1:33646 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:33647 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:33648 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:33649 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Google Omaha - Win.Trojan.ExtenBro (malware-cnc.rules)
 * 1:33650 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba outbound connection (malware-cnc.rules)
 * 1:33674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules)
 * 1:33675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules)
 * 1:33677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Babar outbound connection (malware-cnc.rules)
 * 1:33678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FannyWorm outbound connection (malware-cnc.rules)
 * 1:33704 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33745 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33749 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33750 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:33819 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:33820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:33821 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:33822 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:33831 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent DownloadMR - Solimba (malware-cnc.rules)
 * 1:33851 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules)
 * 1:33852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules)
 * 1:33854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LogPOS variant outbound connection (malware-cnc.rules)
 * 1:33857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PwnPOS data exfiltration attempt (malware-cnc.rules)
 * 1:33859 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33860 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:32175 <-> DISABLED <-> MALWARE-CNC Osx.Backdoor.iWorm variant outbound connection (malware-cnc.rules)
 * 1:32179 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Plugx variant outbound connection (malware-cnc.rules)
 * 1:32180 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.ZxShell connection incoming attempt (malware-cnc.rules)
 * 1:32181 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.ZxShell connection outgoing attempt (malware-cnc.rules)
 * 1:32192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zxshell variant outbound connection (malware-cnc.rules)
 * 1:32193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dubrute variant outbound connection (malware-cnc.rules)
 * 1:32194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dubrute variant outbound connection (malware-cnc.rules)
 * 1:32195 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Palebot variant outbound connection (malware-cnc.rules)
 * 1:32196 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:32197 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zerolocker variant outbound connection (malware-cnc.rules)
 * 1:32198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mujormel outbound connection (malware-cnc.rules)
 * 1:32202 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Soaphrish variant outbound connection (malware-cnc.rules)
 * 1:32220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy download detected (malware-cnc.rules)
 * 1:32221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy download detected (malware-cnc.rules)
 * 1:32222 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Liroospu variant outbound connection (malware-cnc.rules)
 * 1:32225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall variant outbound connection (malware-cnc.rules)
 * 1:32243 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Clemint variant outbound connection (malware-cnc.rules)
 * 1:32250 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hydraq.variant outbound detected (malware-cnc.rules)
 * 1:32270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba variant outbound connection (malware-cnc.rules)
 * 1:32272 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Hesechca variant outbound connection (malware-cnc.rules)
 * 1:32285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zoxpng variant outbound connection (malware-cnc.rules)
 * 1:32287 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sapertilz variant outbound connection (malware-cnc.rules)
 * 1:32289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules)
 * 1:32290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules)
 * 1:32291 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules)
 * 1:32292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules)
 * 1:32293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Acanas variant outbound connection (malware-cnc.rules)
 * 1:32294 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent BloodguyBrowser-_- (malware-cnc.rules)
 * 1:32295 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string http - Win.Trojan.Waski (malware-cnc.rules)
 * 1:32296 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string update - Win.Trojan.Waski (malware-cnc.rules)
 * 1:32310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli variant outbound connection (malware-cnc.rules)
 * 1:32311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rehtesyk outbound connection (malware-cnc.rules)
 * 1:32312 <-> DISABLED <-> MALWARE-CNC FrameworkPOS data exfiltration through DNS - beacon message (malware-cnc.rules)
 * 1:32328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant download request (malware-cnc.rules)
 * 1:32329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules)
 * 1:32330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules)
 * 1:32331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules)
 * 1:32332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hancitor variant outbound connection (malware-cnc.rules)
 * 1:32333 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string fast uax (malware-cnc.rules)
 * 1:32334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stantinko variant outbound connection (malware-cnc.rules)
 * 1:32338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ropest variant outbound connection (malware-cnc.rules)
 * 1:32341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cakwerd variant outbound connection (malware-cnc.rules)
 * 1:32343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant inbound spam attempt (malware-cnc.rules)
 * 1:32344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound spam attempt (malware-cnc.rules)
 * 1:32354 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsune variant outbound connection (malware-cnc.rules)
 * 1:32357 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Akaza variant outbound connection (malware-cnc.rules)
 * 1:32367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GameOverZeus variant outbound connection (malware-cnc.rules)
 * 1:32368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex variant outbound connection (malware-cnc.rules)
 * 1:32372 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drepitt variant outbound connection (malware-cnc.rules)
 * 1:32373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Broonject variant outbound connection (malware-cnc.rules)
 * 1:32374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:32379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Baccamun variant outbound connection (malware-cnc.rules)
 * 1:32383 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - connect - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:32384 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - myupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:32394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules)
 * 1:32395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules)
 * 1:32396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules)
 * 1:32397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules)
 * 1:32400 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Parama attempted outbound connection (malware-cnc.rules)
 * 1:32401 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Kivars outbound connection (malware-cnc.rules)
 * 1:32402 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent globalupdate - Osx.Trojan.Wirelurker (malware-cnc.rules)
 * 1:32451 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backoff initial outbound connection (malware-cnc.rules)
 * 1:32455 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VUPHTTP - Win.Trojan.Puvespia (malware-cnc.rules)
 * 1:32456 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Effseart variant outbound connection (malware-cnc.rules)
 * 1:32457 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Effseart variant inbound connection (malware-cnc.rules)
 * 1:32464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker variant outbound connection (malware-cnc.rules)
 * 1:32469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankeiya outbound connection (malware-cnc.rules)
 * 1:32486 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Exadog outbound connection (malware-cnc.rules)
 * 1:32487 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Exadog variant outbound connection (malware-cnc.rules)
 * 1:32493 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA variant outbound connection (malware-cnc.rules)
 * 1:32494 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA variant outbound connection (malware-cnc.rules)
 * 1:32504 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (malware-cnc.rules)
 * 1:32505 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (malware-cnc.rules)
 * 1:32506 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Secdeskinf outbound connection (malware-cnc.rules)
 * 1:32510 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.PiltabeA outbound connection (malware-cnc.rules)
 * 1:32511 <-> DISABLED <-> MALWARE-CNC PCRat variant outbound connection (malware-cnc.rules)
 * 1:32512 <-> DISABLED <-> MALWARE-CNC PCRat variant outbound connection (malware-cnc.rules)
 * 1:32513 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Havex outbound connection (malware-cnc.rules)
 * 1:32521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 2.0 possible TOR client retrieval attempt (malware-cnc.rules)
 * 1:32529 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Vkont variant outbound connection (malware-cnc.rules)
 * 1:32548 <-> DISABLED <-> MALWARE-CNC Mac.Backdoor.iWorm attempted outbound connection (malware-cnc.rules)
 * 1:32550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Extant variant outbound connection (malware-cnc.rules)
 * 1:32551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coreshell variant outbound connection (malware-cnc.rules)
 * 1:32556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayoboiz outbound connection (malware-cnc.rules)
 * 1:32557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayoboiz outbound connection (malware-cnc.rules)
 * 1:32583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:32584 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:32585 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:32586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:32598 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad file wipe attempt (malware-cnc.rules)
 * 1:32599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad outbound connection (malware-cnc.rules)
 * 1:32600 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad file wipe attempt (malware-cnc.rules)
 * 1:32604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Geodo variant outbound connection (malware-cnc.rules)
 * 1:32605 <-> DISABLED <-> MALWARE-CNC Win.Worm.Jenxcus variant outbound connection (malware-cnc.rules)
 * 1:32606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral variant outbound connection (malware-cnc.rules)
 * 1:32607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt (malware-cnc.rules)
 * 1:32608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt (malware-cnc.rules)
 * 1:32609 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (malware-cnc.rules)
 * 1:32610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive (malware-cnc.rules)
 * 1:32613 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jadowndec attempted outbound connection (malware-cnc.rules)
 * 1:32614 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jadowndec attempted outbound connection (malware-cnc.rules)
 * 1:32621 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules)
 * 1:32624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules)
 * 1:32645 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RUpdate (malware-cnc.rules)
 * 1:32665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chopstick variant outbound request (malware-cnc.rules)
 * 1:32667 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chopstick variant outbound request (malware-cnc.rules)
 * 1:32674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wiper variant outbound connection (malware-cnc.rules)
 * 1:32677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules)
 * 1:32678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules)
 * 1:32706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:32727 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Uclinu variant outbound connection (malware-cnc.rules)
 * 1:32728 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Olegb variant outbound connection (malware-cnc.rules)
 * 1:32734 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Typideg variant outbound connection (malware-cnc.rules)
 * 1:32735 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoPHP variant outbound connection (malware-cnc.rules)
 * 1:32736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoPHP variant outbound connection (malware-cnc.rules)
 * 1:32743 <-> DISABLED <-> MALWARE-CNC VGABot IRC communication attempt (malware-cnc.rules)
 * 1:32747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragebot variant outbound connection (malware-cnc.rules)
 * 1:32769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WOWCheckC Attempted CNC (malware-cnc.rules)
 * 1:32770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:32776 <-> DISABLED <-> MALWARE-CNC FIN4 VBA Macro credentials upload attempt (malware-cnc.rules)
 * 1:32780 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (malware-cnc.rules)
 * 1:32781 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (malware-cnc.rules)
 * 1:32791 <-> DISABLED <-> MALWARE-CNC Win.Virus.Ransomlock outbound connection (malware-cnc.rules)
 * 1:32792 <-> DISABLED <-> MALWARE-CNC Win.Virus.Ransomlock inbound connection (malware-cnc.rules)
 * 1:32823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection (malware-cnc.rules)
 * 1:32824 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel variant outbound connection (malware-cnc.rules)
 * 1:32825 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection (malware-cnc.rules)
 * 1:32826 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel data upload attempt (malware-cnc.rules)
 * 1:32827 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel response connection attempt (malware-cnc.rules)
 * 1:32852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection (malware-cnc.rules)
 * 1:32853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection (malware-cnc.rules)
 * 1:32854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Loodir outbound connection (malware-cnc.rules)
 * 1:32882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ksypypro outbound connection (malware-cnc.rules)
 * 1:32891 <-> DISABLED <-> MALWARE-CNC Php.Malware.SoakSoakRedirect Malware traffic containing WordPress Administrator credentials (malware-cnc.rules)
 * 1:32892 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorLocker variant outbound connection (malware-cnc.rules)
 * 1:32893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Finforst outbound connection (malware-cnc.rules)
 * 1:32908 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules)
 * 1:32909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules)
 * 1:32910 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules)
 * 1:32950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bladabindi variant outbound connection (malware-cnc.rules)
 * 1:32956 <-> DISABLED <-> MALWARE-CNC Android.CoolReaper.Trojan outbound connection (malware-cnc.rules)
 * 1:32957 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound SOAP connection attempt (malware-cnc.rules)
 * 1:32958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot response connection attempt (malware-cnc.rules)
 * 1:32973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Twerket variant outbound connection (malware-cnc.rules)
 * 1:32976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluos variant outbound connection (malware-cnc.rules)
 * 1:32977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluos variant outbound connection (malware-cnc.rules)
 * 1:32978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules)
 * 1:32979 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules)
 * 1:32980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - multi-browser (malware-cnc.rules)
 * 1:32986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toopu dll embedded in png download attempt (malware-cnc.rules)
 * 1:32987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:32988 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:32989 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:32990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toopu outbound connection (malware-cnc.rules)
 * 1:33047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - realupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Joanap outbound connection (malware-cnc.rules)
 * 1:33058 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant inbound connection (malware-cnc.rules)
 * 1:33059 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant outbound connection (malware-cnc.rules)
 * 1:33060 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant outbound connection (malware-cnc.rules)
 * 1:33061 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lagulon.A outbound connection (malware-cnc.rules)
 * 1:33081 <-> DISABLED <-> MALWARE-CNC OnionDuke variant outbound connection (malware-cnc.rules)
 * 1:33082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nocpos initial outbound connection (malware-cnc.rules)
 * 1:33083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nocpos information disclosure attempt (malware-cnc.rules)
 * 1:33084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tosct variant outbound connection (malware-cnc.rules)
 * 1:33145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules)
 * 1:33148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules)
 * 1:33149 <-> DISABLED <-> MALWARE-CNC Win.Worm.Ultramine outbound connection (malware-cnc.rules)
 * 1:33152 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nurjax.A outbound connection (malware-cnc.rules)
 * 1:33153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Heur variant outbound connection (malware-cnc.rules)
 * 1:31820 <-> DISABLED <-> MALWARE-CNC Win.Banker.Delf variant outbound connection (malware-cnc.rules)
 * 1:31824 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:31826 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant HTTP Response (malware-cnc.rules)
 * 1:31827 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules)
 * 1:31828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jabberbot variant outbound connection (malware-cnc.rules)
 * 1:31832 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pfinet outbound connection (malware-cnc.rules)
 * 1:31833 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chkbot outbound connection (malware-cnc.rules)
 * 1:31834 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Delorado variant outbound connection (malware-cnc.rules)
 * 1:31835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yesudac variant outbound connection (malware-cnc.rules)
 * 1:31836 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Seribe variant outbound connection (malware-cnc.rules)
 * 1:31837 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retgate variant outbound connection (malware-cnc.rules)
 * 1:31883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Waterspout outbound connection (malware-cnc.rules)
 * 1:31885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Threebyte variant outbound connection (malware-cnc.rules)
 * 1:31895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toupi variant outbound connection (malware-cnc.rules)
 * 1:31897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (malware-cnc.rules)
 * 1:31904 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:31907 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Honerep variant outbound connection (malware-cnc.rules)
 * 1:31909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Basostab variant outbound connection (malware-cnc.rules)
 * 1:31911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Gareme variant outbound connection (malware-cnc.rules)
 * 1:31913 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maozhi variant outbound connection (malware-cnc.rules)
 * 1:31915 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Ziyazo variant outbound connection (malware-cnc.rules)
 * 1:31916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:31923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant HTTP response attempt (malware-cnc.rules)
 * 1:31924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:31925 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Jynxkit outbound connection (malware-cnc.rules)
 * 1:31928 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Becontr variant outbound connection (malware-cnc.rules)
 * 1:31929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules)
 * 1:31930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules)
 * 1:31941 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Pedrp variant outbound connection (malware-cnc.rules)
 * 1:31947 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - HttpCall - Win.Trojan.Rukypee (malware-cnc.rules)
 * 1:31948 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MyProgramm - Win.Trojan.Rukypee (malware-cnc.rules)
 * 1:31949 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Skypee - Win.Trojan.Rukypee (malware-cnc.rules)
 * 1:31954 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules)
 * 1:31955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules)
 * 1:31957 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Torct variant outbound connection (malware-cnc.rules)
 * 1:31964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:31973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chebri variant outbound connection (malware-cnc.rules)
 * 1:31974 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zegorg variant outbound connection (malware-cnc.rules)
 * 1:31990 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Install - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:31991 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Treck - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:31992 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31993 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31994 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31995 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31996 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31997 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31998 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31999 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:32000 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:32001 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:32002 <-> DISABLED <-> MALWARE-CNC Win.Worm.Zorenium variant outbound connection (malware-cnc.rules)
 * 1:32009 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder inbound connection attempt - command (malware-cnc.rules)
 * 1:32010 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder outbound telnet connection attempt (malware-cnc.rules)
 * 1:32011 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder outbound connection (malware-cnc.rules)
 * 1:32012 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Bipamid variant outbound connection (malware-cnc.rules)
 * 1:32013 <-> DISABLED <-> MALWARE-CNC Linux.Worm.Darlloz variant outbound connection (malware-cnc.rules)
 * 1:32015 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zeus variant outbound connection (malware-cnc.rules)
 * 1:32016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Menteni variant outbound connection (malware-cnc.rules)
 * 1:32017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Memlog SMB file transfer (malware-cnc.rules)
 * 1:32018 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Hupigon.NYK variant outbound connection (malware-cnc.rules)
 * 1:32020 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Krompt variant outbound connection (malware-cnc.rules)
 * 1:32023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinpid variant outbound connection (malware-cnc.rules)
 * 1:32028 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Klabcon variant outbound connection (malware-cnc.rules)
 * 1:32030 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Decibal - Win.Trojan.Decibal (malware-cnc.rules)
 * 1:32031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Decibal variant outbound connection (malware-cnc.rules)
 * 1:32033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larosden variant outbound connection (malware-cnc.rules)
 * 1:32034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larefervt variant outbound connection (malware-cnc.rules)
 * 1:32035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boleteiro variant outbound connection (malware-cnc.rules)
 * 1:32036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Somoca vaniant outbound connection (malware-cnc.rules)
 * 1:32037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload.awt variant outbound connection (malware-cnc.rules)
 * 1:32048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lecpetex variant outbound connection (malware-cnc.rules)
 * 1:32050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Larosden variant outbound connection (malware-cnc.rules)
 * 1:32052 <-> DISABLED <-> MALWARE-CNC User-Agent Xsser mRAT user-agent (malware-cnc.rules)
 * 1:32053 <-> DISABLED <-> MALWARE-CNC Xsser mRAT GPS data upload (malware-cnc.rules)
 * 1:32054 <-> DISABLED <-> MALWARE-CNC Xsser mRAT file upload (malware-cnc.rules)
 * 1:32058 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Masatekar variant outbound connection (malware-cnc.rules)
 * 1:32060 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent string - httptestman - Win.Backdoor.Rabasheeta (malware-cnc.rules)
 * 1:32061 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Nekill variant outbound connection (malware-cnc.rules)
 * 1:32065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox inbound connection (malware-cnc.rules)
 * 1:32066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox outbound connection (malware-cnc.rules)
 * 1:32067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox outbound connection (malware-cnc.rules)
 * 1:32071 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zapchast variant outbound connection (malware-cnc.rules)
 * 1:32072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot configuration download attempt (malware-cnc.rules)
 * 1:32073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot outbound connection (malware-cnc.rules)
 * 1:32074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot payload download attempt (malware-cnc.rules)
 * 1:32075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small variant outbound connection (malware-cnc.rules)
 * 1:32086 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Corkow variant outbound connection (malware-cnc.rules)
 * 1:32090 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saaglup variant outbound connection (malware-cnc.rules)
 * 1:32091 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.PcertStealer variant outbound connection (malware-cnc.rules)
 * 1:32093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:32096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Puver variant outbound connection (malware-cnc.rules)
 * 1:32121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (malware-cnc.rules)
 * 1:32123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:32125 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - update - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:32126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lizarbot outbound connection (malware-cnc.rules)
 * 1:32129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:32130 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:33867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33868 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33872 <-> DISABLED <-> MALWARE-CNC Win.Worm.Urahu outbound connection (malware-cnc.rules)
 * 1:33873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tepoyx outbound connection detection (malware-cnc.rules)
 * 1:33876 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules)
 * 1:33877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules)
 * 1:33878 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules)
 * 1:33879 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules)
 * 1:33883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadtre variant outbound connection (malware-cnc.rules)
 * 1:33884 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string dolit (malware-cnc.rules)
 * 1:33885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules)
 * 1:33886 <-> DISABLED <-> MALWARE-CNC WIn.Trojan.HawkEye keylogger variant outbound connection (malware-cnc.rules)
 * 1:33891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Amasages variant outbound connection (malware-cnc.rules)
 * 1:33892 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xerq outbound connection (malware-cnc.rules)
 * 1:33893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules)
 * 1:33907 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - KAIIOOOO871 - Win.Trojan.Dridex (malware-cnc.rules)
 * 1:33912 <-> DISABLED <-> MALWARE-CNC Cryptofortress Decryption Software Purchase Tor Website (malware-cnc.rules)
 * 1:33913 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Concbak outbound connection (malware-cnc.rules)
 * 1:33914 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Barys (malware-cnc.rules)
 * 1:33930 <-> DISABLED <-> MALWARE-CNC Vicepass outbound connection initial request to the CNC sending system information (malware-cnc.rules)
 * 1:33931 <-> DISABLED <-> MALWARE-CNC Win.Worm.Goldrv variant outbound connection (malware-cnc.rules)
 * 1:33932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tempedreve Samba probe (malware-cnc.rules)
 * 1:33933 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Penget variant outbound connection (malware-cnc.rules)
 * 1:33966 <-> DISABLED <-> MALWARE-CNC Win.Worm.Mafusc variant outbound connection (malware-cnc.rules)
 * 1:33985 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.ChinaZ outbound connection (malware-cnc.rules)
 * 1:33989 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules)
 * 1:33990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules)
 * 1:33992 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules)
 * 1:33993 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules)
 * 1:33994 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Beshida outbound connection (malware-cnc.rules)
 * 1:33996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules)
 * 1:33997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules)
 * 1:34001 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules)
 * 1:34002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules)
 * 1:34003 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules)
 * 1:34004 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34006 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34008 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34009 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ayuther variant outbound connection (malware-cnc.rules)
 * 1:34025 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules)
 * 1:34026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules)
 * 1:34028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bruecimig variant outbound connection (malware-cnc.rules)
 * 1:34030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34032 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banklaed variant outbound connection (malware-cnc.rules)
 * 1:34041 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Igliveforg variant initial outbound connection (malware-cnc.rules)
 * 1:34042 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Igliveforg variant outbound connection (malware-cnc.rules)
 * 1:34044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Exacrytion variant outbound connection (malware-cnc.rules)
 * 1:34045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eitenckay initial outbound connection (malware-cnc.rules)
 * 1:34046 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expilan variant outbound connection (malware-cnc.rules)
 * 1:34047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBPasswordStealer variant outbound connection (malware-cnc.rules)
 * 1:34049 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.EvilBunny variant outbound connection (malware-cnc.rules)
 * 1:34050 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nepigon variant outbound connection (malware-cnc.rules)
 * 1:34052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NewPos outbound connection (malware-cnc.rules)
 * 1:34108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarsi variant outbound connection (malware-cnc.rules)
 * 1:34111 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chrozil variant outbound connection (malware-cnc.rules)
 * 1:34113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent beacon reply attempt (malware-cnc.rules)
 * 1:34115 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules)
 * 1:34116 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules)
 * 1:34117 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zupdax variant outbound connection (malware-cnc.rules)
 * 1:34128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WIntruder outbound connection (malware-cnc.rules)
 * 1:34130 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:34132 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Erotimpact variant outbound connection (malware-cnc.rules)
 * 1:34136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant MSSQL response (malware-cnc.rules)
 * 1:34138 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Netkrypt inbound response (malware-cnc.rules)
 * 1:34140 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbound connection (malware-cnc.rules)
 * 1:34143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypvault outbound connection (malware-cnc.rules)
 * 1:34155 <-> DISABLED <-> MALWARE-CNC MacOS.Backdoor.Xslcmd outbound connection (malware-cnc.rules)
 * 1:34161 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Punkey outbound connection (malware-cnc.rules)
 * 1:34181 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:34182 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:34183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:34214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Capimac variant outbound connection (malware-cnc.rules)
 * 1:34216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (malware-cnc.rules)
 * 1:34217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aytoke variant outbound connection (malware-cnc.rules)
 * 1:34219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nanocore variant outbound connection (malware-cnc.rules)
 * 1:34223 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Yebot variant outbound connection (malware-cnc.rules)
 * 1:34246 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AAEH variant outbound connection (malware-cnc.rules)
 * 1:34261 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:34262 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:34263 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:34280 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules)
 * 1:34281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:34282 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:34283 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:34286 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mudrop variant outbound connection (malware-cnc.rules)
 * 1:34289 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Plez outbound connection (malware-cnc.rules)
 * 1:34290 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Plez outbound connection (malware-cnc.rules)
 * 1:34291 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string crackim (malware-cnc.rules)
 * 1:34292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kraken outbound connection (malware-cnc.rules)
 * 1:34296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules)
 * 1:34297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules)
 * 1:34307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34308 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:40066 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.LokiBot (malware-cnc.rules)
 * 1:40067 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LokiBot outbound connection (malware-cnc.rules)
 * 1:46062 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules)
 * 1:46063 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules)
 * 1:46064 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules)
 * 1:48818 <-> ENABLED <-> MALWARE-CNC Js.Trojan.Agent variant outbound connection (malware-cnc.rules)

2020-10-15 12:57:43 UTC

Snort Subscriber Rules Update

Date: 2020-10-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56007 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules)
 * 1:56009 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt (browser-webkit.rules)
 * 1:56001 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules)
 * 1:56006 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules)
 * 1:56000 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules)
 * 1:56004 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CMW 100 cross site scripting attempt (server-webapp.rules)
 * 1:56003 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant initial outbound request detected (malware-cnc.rules)
 * 1:55999 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules)
 * 1:56005 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules)
 * 1:56002 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CMW 100 SQL injection attempt (server-webapp.rules)
 * 1:56008 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt (browser-webkit.rules)

Modified Rules:


 * 1:32504 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (malware-cnc.rules)
 * 1:33821 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:33822 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:31820 <-> DISABLED <-> MALWARE-CNC Win.Banker.Delf variant outbound connection (malware-cnc.rules)
 * 1:31824 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:31826 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant HTTP Response (malware-cnc.rules)
 * 1:31827 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules)
 * 1:31828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jabberbot variant outbound connection (malware-cnc.rules)
 * 1:31832 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pfinet outbound connection (malware-cnc.rules)
 * 1:31833 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chkbot outbound connection (malware-cnc.rules)
 * 1:31834 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Delorado variant outbound connection (malware-cnc.rules)
 * 1:31835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yesudac variant outbound connection (malware-cnc.rules)
 * 1:31836 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Seribe variant outbound connection (malware-cnc.rules)
 * 1:31837 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retgate variant outbound connection (malware-cnc.rules)
 * 1:31883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Waterspout outbound connection (malware-cnc.rules)
 * 1:31885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Threebyte variant outbound connection (malware-cnc.rules)
 * 1:31895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toupi variant outbound connection (malware-cnc.rules)
 * 1:31897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (malware-cnc.rules)
 * 1:31904 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:31907 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Honerep variant outbound connection (malware-cnc.rules)
 * 1:31909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Basostab variant outbound connection (malware-cnc.rules)
 * 1:31911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Gareme variant outbound connection (malware-cnc.rules)
 * 1:31913 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maozhi variant outbound connection (malware-cnc.rules)
 * 1:31915 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Ziyazo variant outbound connection (malware-cnc.rules)
 * 1:31916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:31923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant HTTP response attempt (malware-cnc.rules)
 * 1:31924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:31925 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Jynxkit outbound connection (malware-cnc.rules)
 * 1:31928 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Becontr variant outbound connection (malware-cnc.rules)
 * 1:31929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules)
 * 1:31930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules)
 * 1:31941 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Pedrp variant outbound connection (malware-cnc.rules)
 * 1:31947 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - HttpCall - Win.Trojan.Rukypee (malware-cnc.rules)
 * 1:31948 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MyProgramm - Win.Trojan.Rukypee (malware-cnc.rules)
 * 1:31949 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Skypee - Win.Trojan.Rukypee (malware-cnc.rules)
 * 1:31954 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules)
 * 1:31955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules)
 * 1:31957 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Torct variant outbound connection (malware-cnc.rules)
 * 1:31964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:31973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chebri variant outbound connection (malware-cnc.rules)
 * 1:31974 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zegorg variant outbound connection (malware-cnc.rules)
 * 1:31990 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Install - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:31991 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Treck - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:31992 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31993 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31994 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31995 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31996 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31997 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31998 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31999 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:32000 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:32001 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:32002 <-> DISABLED <-> MALWARE-CNC Win.Worm.Zorenium variant outbound connection (malware-cnc.rules)
 * 1:32009 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder inbound connection attempt - command (malware-cnc.rules)
 * 1:32010 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder outbound telnet connection attempt (malware-cnc.rules)
 * 1:32011 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder outbound connection (malware-cnc.rules)
 * 1:32012 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Bipamid variant outbound connection (malware-cnc.rules)
 * 1:32013 <-> DISABLED <-> MALWARE-CNC Linux.Worm.Darlloz variant outbound connection (malware-cnc.rules)
 * 1:32015 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zeus variant outbound connection (malware-cnc.rules)
 * 1:32016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Menteni variant outbound connection (malware-cnc.rules)
 * 1:32017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Memlog SMB file transfer (malware-cnc.rules)
 * 1:32018 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Hupigon.NYK variant outbound connection (malware-cnc.rules)
 * 1:32020 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Krompt variant outbound connection (malware-cnc.rules)
 * 1:32023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinpid variant outbound connection (malware-cnc.rules)
 * 1:32028 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Klabcon variant outbound connection (malware-cnc.rules)
 * 1:32030 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Decibal - Win.Trojan.Decibal (malware-cnc.rules)
 * 1:32031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Decibal variant outbound connection (malware-cnc.rules)
 * 1:32033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larosden variant outbound connection (malware-cnc.rules)
 * 1:32034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larefervt variant outbound connection (malware-cnc.rules)
 * 1:32035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boleteiro variant outbound connection (malware-cnc.rules)
 * 1:32036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Somoca vaniant outbound connection (malware-cnc.rules)
 * 1:32037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload.awt variant outbound connection (malware-cnc.rules)
 * 1:32048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lecpetex variant outbound connection (malware-cnc.rules)
 * 1:32050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Larosden variant outbound connection (malware-cnc.rules)
 * 1:32052 <-> DISABLED <-> MALWARE-CNC User-Agent Xsser mRAT user-agent (malware-cnc.rules)
 * 1:32053 <-> DISABLED <-> MALWARE-CNC Xsser mRAT GPS data upload (malware-cnc.rules)
 * 1:32054 <-> DISABLED <-> MALWARE-CNC Xsser mRAT file upload (malware-cnc.rules)
 * 1:32058 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Masatekar variant outbound connection (malware-cnc.rules)
 * 1:32060 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent string - httptestman - Win.Backdoor.Rabasheeta (malware-cnc.rules)
 * 1:32061 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Nekill variant outbound connection (malware-cnc.rules)
 * 1:32065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox inbound connection (malware-cnc.rules)
 * 1:32066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox outbound connection (malware-cnc.rules)
 * 1:32067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox outbound connection (malware-cnc.rules)
 * 1:32071 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zapchast variant outbound connection (malware-cnc.rules)
 * 1:32072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot configuration download attempt (malware-cnc.rules)
 * 1:32073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot outbound connection (malware-cnc.rules)
 * 1:32074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot payload download attempt (malware-cnc.rules)
 * 1:32075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small variant outbound connection (malware-cnc.rules)
 * 1:32086 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Corkow variant outbound connection (malware-cnc.rules)
 * 1:32090 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saaglup variant outbound connection (malware-cnc.rules)
 * 1:32091 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.PcertStealer variant outbound connection (malware-cnc.rules)
 * 1:32093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:32096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Puver variant outbound connection (malware-cnc.rules)
 * 1:32121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (malware-cnc.rules)
 * 1:32123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:32125 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - update - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:32126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lizarbot outbound connection (malware-cnc.rules)
 * 1:32129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:32130 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:32175 <-> DISABLED <-> MALWARE-CNC Osx.Backdoor.iWorm variant outbound connection (malware-cnc.rules)
 * 1:32179 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Plugx variant outbound connection (malware-cnc.rules)
 * 1:32180 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.ZxShell connection incoming attempt (malware-cnc.rules)
 * 1:32181 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.ZxShell connection outgoing attempt (malware-cnc.rules)
 * 1:32192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zxshell variant outbound connection (malware-cnc.rules)
 * 1:32193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dubrute variant outbound connection (malware-cnc.rules)
 * 1:32194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dubrute variant outbound connection (malware-cnc.rules)
 * 1:32195 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Palebot variant outbound connection (malware-cnc.rules)
 * 1:32196 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:32197 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zerolocker variant outbound connection (malware-cnc.rules)
 * 1:32198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mujormel outbound connection (malware-cnc.rules)
 * 1:32202 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Soaphrish variant outbound connection (malware-cnc.rules)
 * 1:32220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy download detected (malware-cnc.rules)
 * 1:32221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy download detected (malware-cnc.rules)
 * 1:32222 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Liroospu variant outbound connection (malware-cnc.rules)
 * 1:32225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall variant outbound connection (malware-cnc.rules)
 * 1:32243 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Clemint variant outbound connection (malware-cnc.rules)
 * 1:32250 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hydraq.variant outbound detected (malware-cnc.rules)
 * 1:32270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba variant outbound connection (malware-cnc.rules)
 * 1:32272 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Hesechca variant outbound connection (malware-cnc.rules)
 * 1:32285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zoxpng variant outbound connection (malware-cnc.rules)
 * 1:32287 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sapertilz variant outbound connection (malware-cnc.rules)
 * 1:32289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules)
 * 1:32290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules)
 * 1:32291 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules)
 * 1:32292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules)
 * 1:32293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Acanas variant outbound connection (malware-cnc.rules)
 * 1:32294 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent BloodguyBrowser-_- (malware-cnc.rules)
 * 1:32295 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string http - Win.Trojan.Waski (malware-cnc.rules)
 * 1:32296 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string update - Win.Trojan.Waski (malware-cnc.rules)
 * 1:32310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli variant outbound connection (malware-cnc.rules)
 * 1:32311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rehtesyk outbound connection (malware-cnc.rules)
 * 1:32312 <-> DISABLED <-> MALWARE-CNC FrameworkPOS data exfiltration through DNS - beacon message (malware-cnc.rules)
 * 1:32328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant download request (malware-cnc.rules)
 * 1:32329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules)
 * 1:32330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules)
 * 1:32331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules)
 * 1:32332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hancitor variant outbound connection (malware-cnc.rules)
 * 1:32333 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string fast uax (malware-cnc.rules)
 * 1:32334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stantinko variant outbound connection (malware-cnc.rules)
 * 1:32338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ropest variant outbound connection (malware-cnc.rules)
 * 1:32341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cakwerd variant outbound connection (malware-cnc.rules)
 * 1:32343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant inbound spam attempt (malware-cnc.rules)
 * 1:32344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound spam attempt (malware-cnc.rules)
 * 1:32354 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsune variant outbound connection (malware-cnc.rules)
 * 1:32357 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Akaza variant outbound connection (malware-cnc.rules)
 * 1:32367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GameOverZeus variant outbound connection (malware-cnc.rules)
 * 1:32368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex variant outbound connection (malware-cnc.rules)
 * 1:32372 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drepitt variant outbound connection (malware-cnc.rules)
 * 1:32373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Broonject variant outbound connection (malware-cnc.rules)
 * 1:32374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:32379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Baccamun variant outbound connection (malware-cnc.rules)
 * 1:32383 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - connect - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:32384 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - myupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:32394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules)
 * 1:32395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules)
 * 1:32396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules)
 * 1:32397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules)
 * 1:32400 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Parama attempted outbound connection (malware-cnc.rules)
 * 1:32401 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Kivars outbound connection (malware-cnc.rules)
 * 1:32402 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent globalupdate - Osx.Trojan.Wirelurker (malware-cnc.rules)
 * 1:32451 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backoff initial outbound connection (malware-cnc.rules)
 * 1:32455 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VUPHTTP - Win.Trojan.Puvespia (malware-cnc.rules)
 * 1:32456 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Effseart variant outbound connection (malware-cnc.rules)
 * 1:32457 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Effseart variant inbound connection (malware-cnc.rules)
 * 1:32464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker variant outbound connection (malware-cnc.rules)
 * 1:32469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankeiya outbound connection (malware-cnc.rules)
 * 1:32486 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Exadog outbound connection (malware-cnc.rules)
 * 1:32487 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Exadog variant outbound connection (malware-cnc.rules)
 * 1:32493 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA variant outbound connection (malware-cnc.rules)
 * 1:32494 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA variant outbound connection (malware-cnc.rules)
 * 1:33867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33868 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33872 <-> DISABLED <-> MALWARE-CNC Win.Worm.Urahu outbound connection (malware-cnc.rules)
 * 1:33873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tepoyx outbound connection detection (malware-cnc.rules)
 * 1:33876 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules)
 * 1:33877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules)
 * 1:33878 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules)
 * 1:33879 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules)
 * 1:33883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadtre variant outbound connection (malware-cnc.rules)
 * 1:33884 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string dolit (malware-cnc.rules)
 * 1:33885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules)
 * 1:33886 <-> DISABLED <-> MALWARE-CNC WIn.Trojan.HawkEye keylogger variant outbound connection (malware-cnc.rules)
 * 1:33891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Amasages variant outbound connection (malware-cnc.rules)
 * 1:33892 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xerq outbound connection (malware-cnc.rules)
 * 1:33893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules)
 * 1:33907 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - KAIIOOOO871 - Win.Trojan.Dridex (malware-cnc.rules)
 * 1:33912 <-> DISABLED <-> MALWARE-CNC Cryptofortress Decryption Software Purchase Tor Website (malware-cnc.rules)
 * 1:33913 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Concbak outbound connection (malware-cnc.rules)
 * 1:33914 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Barys (malware-cnc.rules)
 * 1:33930 <-> DISABLED <-> MALWARE-CNC Vicepass outbound connection initial request to the CNC sending system information (malware-cnc.rules)
 * 1:33931 <-> DISABLED <-> MALWARE-CNC Win.Worm.Goldrv variant outbound connection (malware-cnc.rules)
 * 1:33932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tempedreve Samba probe (malware-cnc.rules)
 * 1:33933 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Penget variant outbound connection (malware-cnc.rules)
 * 1:33966 <-> DISABLED <-> MALWARE-CNC Win.Worm.Mafusc variant outbound connection (malware-cnc.rules)
 * 1:33985 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.ChinaZ outbound connection (malware-cnc.rules)
 * 1:33989 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules)
 * 1:33990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules)
 * 1:33992 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules)
 * 1:33993 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules)
 * 1:33994 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Beshida outbound connection (malware-cnc.rules)
 * 1:33996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules)
 * 1:33997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules)
 * 1:34001 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules)
 * 1:34002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules)
 * 1:34003 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules)
 * 1:34004 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34006 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34008 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34009 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:32505 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (malware-cnc.rules)
 * 1:32506 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Secdeskinf outbound connection (malware-cnc.rules)
 * 1:32510 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.PiltabeA outbound connection (malware-cnc.rules)
 * 1:32511 <-> DISABLED <-> MALWARE-CNC PCRat variant outbound connection (malware-cnc.rules)
 * 1:32512 <-> DISABLED <-> MALWARE-CNC PCRat variant outbound connection (malware-cnc.rules)
 * 1:32513 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Havex outbound connection (malware-cnc.rules)
 * 1:32521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 2.0 possible TOR client retrieval attempt (malware-cnc.rules)
 * 1:32529 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Vkont variant outbound connection (malware-cnc.rules)
 * 1:32548 <-> DISABLED <-> MALWARE-CNC Mac.Backdoor.iWorm attempted outbound connection (malware-cnc.rules)
 * 1:32550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Extant variant outbound connection (malware-cnc.rules)
 * 1:32551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coreshell variant outbound connection (malware-cnc.rules)
 * 1:32556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayoboiz outbound connection (malware-cnc.rules)
 * 1:32557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayoboiz outbound connection (malware-cnc.rules)
 * 1:32583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:32584 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:32585 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:32586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:32598 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad file wipe attempt (malware-cnc.rules)
 * 1:32599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad outbound connection (malware-cnc.rules)
 * 1:32600 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad file wipe attempt (malware-cnc.rules)
 * 1:32604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Geodo variant outbound connection (malware-cnc.rules)
 * 1:32605 <-> DISABLED <-> MALWARE-CNC Win.Worm.Jenxcus variant outbound connection (malware-cnc.rules)
 * 1:32606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral variant outbound connection (malware-cnc.rules)
 * 1:32607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt (malware-cnc.rules)
 * 1:32608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt (malware-cnc.rules)
 * 1:32609 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (malware-cnc.rules)
 * 1:32610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive (malware-cnc.rules)
 * 1:32613 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jadowndec attempted outbound connection (malware-cnc.rules)
 * 1:32614 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jadowndec attempted outbound connection (malware-cnc.rules)
 * 1:32621 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules)
 * 1:32624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules)
 * 1:32645 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RUpdate (malware-cnc.rules)
 * 1:32665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chopstick variant outbound request (malware-cnc.rules)
 * 1:32667 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chopstick variant outbound request (malware-cnc.rules)
 * 1:32674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wiper variant outbound connection (malware-cnc.rules)
 * 1:32677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules)
 * 1:32678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules)
 * 1:32706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:32727 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Uclinu variant outbound connection (malware-cnc.rules)
 * 1:32728 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Olegb variant outbound connection (malware-cnc.rules)
 * 1:32734 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Typideg variant outbound connection (malware-cnc.rules)
 * 1:32735 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoPHP variant outbound connection (malware-cnc.rules)
 * 1:32736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoPHP variant outbound connection (malware-cnc.rules)
 * 1:32743 <-> DISABLED <-> MALWARE-CNC VGABot IRC communication attempt (malware-cnc.rules)
 * 1:32747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragebot variant outbound connection (malware-cnc.rules)
 * 1:32769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WOWCheckC Attempted CNC (malware-cnc.rules)
 * 1:32770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:32776 <-> DISABLED <-> MALWARE-CNC FIN4 VBA Macro credentials upload attempt (malware-cnc.rules)
 * 1:32780 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (malware-cnc.rules)
 * 1:32781 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (malware-cnc.rules)
 * 1:32791 <-> DISABLED <-> MALWARE-CNC Win.Virus.Ransomlock outbound connection (malware-cnc.rules)
 * 1:32792 <-> DISABLED <-> MALWARE-CNC Win.Virus.Ransomlock inbound connection (malware-cnc.rules)
 * 1:32823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection (malware-cnc.rules)
 * 1:32824 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel variant outbound connection (malware-cnc.rules)
 * 1:32825 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection (malware-cnc.rules)
 * 1:32826 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel data upload attempt (malware-cnc.rules)
 * 1:32827 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel response connection attempt (malware-cnc.rules)
 * 1:32852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection (malware-cnc.rules)
 * 1:32853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection (malware-cnc.rules)
 * 1:32854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Loodir outbound connection (malware-cnc.rules)
 * 1:32882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ksypypro outbound connection (malware-cnc.rules)
 * 1:32891 <-> DISABLED <-> MALWARE-CNC Php.Malware.SoakSoakRedirect Malware traffic containing WordPress Administrator credentials (malware-cnc.rules)
 * 1:32892 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorLocker variant outbound connection (malware-cnc.rules)
 * 1:32893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Finforst outbound connection (malware-cnc.rules)
 * 1:32908 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules)
 * 1:32909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules)
 * 1:32910 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules)
 * 1:32950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bladabindi variant outbound connection (malware-cnc.rules)
 * 1:32956 <-> DISABLED <-> MALWARE-CNC Android.CoolReaper.Trojan outbound connection (malware-cnc.rules)
 * 1:32957 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound SOAP connection attempt (malware-cnc.rules)
 * 1:32958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot response connection attempt (malware-cnc.rules)
 * 1:32973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Twerket variant outbound connection (malware-cnc.rules)
 * 1:32976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluos variant outbound connection (malware-cnc.rules)
 * 1:32977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluos variant outbound connection (malware-cnc.rules)
 * 1:32978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules)
 * 1:32979 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules)
 * 1:32980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - multi-browser (malware-cnc.rules)
 * 1:32986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toopu dll embedded in png download attempt (malware-cnc.rules)
 * 1:32987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:32988 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:32989 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:32990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toopu outbound connection (malware-cnc.rules)
 * 1:33047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - realupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Joanap outbound connection (malware-cnc.rules)
 * 1:33058 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant inbound connection (malware-cnc.rules)
 * 1:33059 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant outbound connection (malware-cnc.rules)
 * 1:33060 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant outbound connection (malware-cnc.rules)
 * 1:33061 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lagulon.A outbound connection (malware-cnc.rules)
 * 1:33081 <-> DISABLED <-> MALWARE-CNC OnionDuke variant outbound connection (malware-cnc.rules)
 * 1:33082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nocpos initial outbound connection (malware-cnc.rules)
 * 1:33083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nocpos information disclosure attempt (malware-cnc.rules)
 * 1:33084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tosct variant outbound connection (malware-cnc.rules)
 * 1:33145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules)
 * 1:33148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules)
 * 1:33149 <-> DISABLED <-> MALWARE-CNC Win.Worm.Ultramine outbound connection (malware-cnc.rules)
 * 1:33152 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nurjax.A outbound connection (malware-cnc.rules)
 * 1:33153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Heur variant outbound connection (malware-cnc.rules)
 * 1:33161 <-> DISABLED <-> MALWARE-CNC Win.Spyware.Rombertik outbound connection (malware-cnc.rules)
 * 1:33165 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poweliks outbound connection (malware-cnc.rules)
 * 1:33199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Sabeba outbound connection (malware-cnc.rules)
 * 1:33200 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pisces variant outbound connection (malware-cnc.rules)
 * 1:33207 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mazilla/5.0 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules)
 * 1:33217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuovoscor variant outbound connection (malware-cnc.rules)
 * 1:33218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cendode system information disclosure attempt (malware-cnc.rules)
 * 1:33219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue variant outbound connection (malware-cnc.rules)
 * 1:33220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye keylogger exfiltration attempt (malware-cnc.rules)
 * 1:33221 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules)
 * 1:33222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules)
 * 1:33223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules)
 * 1:33227 <-> DISABLED <-> MALWARE-CNC Win.Agent.BHHK variant outbound connection (malware-cnc.rules)
 * 1:33228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules)
 * 1:33230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33231 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox/5.0 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33232 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - AppUpdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33233 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-1 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33234 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2508Inst - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33235 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-2 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33236 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2808inst - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33237 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Player - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33238 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Wurst - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33239 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Installer/1.0 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33240 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - FixUpdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33242 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Explorer - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33243 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozilla - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33244 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33245 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera10 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33246 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - OperaMini - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33248 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Peers12 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33249 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SLSSoapClient - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33250 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Tintin - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33251 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - USER_CHECK - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33252 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - WATClient - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33253 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - bbbbbbbbbb - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33254 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - hi - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33255 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - iMacros - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33256 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - macrotest - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33257 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlymacros - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33258 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Updates downloader - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33259 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - testupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33260 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlyupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33282 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules)
 * 1:33284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.OnLineGames variant outbound connection (malware-cnc.rules)
 * 1:33285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bavload outbound download request attempt (malware-cnc.rules)
 * 1:33289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rawpos incoming backdoor connection attempt (malware-cnc.rules)
 * 1:33299 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foxy variant outbound connection (malware-cnc.rules)
 * 1:33305 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rubinurd variant outbound connection (malware-cnc.rules)
 * 1:33328 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules)
 * 1:33329 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules)
 * 1:33330 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules)
 * 1:33342 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules)
 * 1:33411 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules)
 * 1:33431 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gefetroe variant outbound connection (malware-cnc.rules)
 * 1:33443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:33444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules)
 * 1:33449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileEncoder IP geolocation checkin attempt (malware-cnc.rules)
 * 1:33450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileEncoder variant outbound connection (malware-cnc.rules)
 * 1:33453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules)
 * 1:33456 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules)
 * 1:33457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:33464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dynamer variant outbound connection (malware-cnc.rules)
 * 1:33481 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Xnote outbound connection (malware-cnc.rules)
 * 1:33482 <-> DISABLED <-> MALWARE-CNC Win.Worm.Enosch variant outbound connection (malware-cnc.rules)
 * 1:33496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda variant outbound connection (malware-cnc.rules)
 * 1:33513 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - XAgent - Operation Pawn Storm (malware-cnc.rules)
 * 1:33519 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ALIZER (malware-cnc.rules)
 * 1:33520 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy inbound CNC response (malware-cnc.rules)
 * 1:33521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (malware-cnc.rules)
 * 1:33522 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - DNS Changer (malware-cnc.rules)
 * 1:33523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (malware-cnc.rules)
 * 1:33524 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (malware-cnc.rules)
 * 1:33543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules)
 * 1:33545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules)
 * 1:33546 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules)
 * 1:33547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Turla outbound connection (malware-cnc.rules)
 * 1:33594 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules)
 * 1:33620 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.lubot outbound connection (malware-cnc.rules)
 * 1:33621 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.lubot outbound connection (malware-cnc.rules)
 * 1:33633 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Downing - Win.Trojan.Otwycal (malware-cnc.rules)
 * 1:33646 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:33647 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:33648 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:33649 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Google Omaha - Win.Trojan.ExtenBro (malware-cnc.rules)
 * 1:33650 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba outbound connection (malware-cnc.rules)
 * 1:33674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules)
 * 1:33675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules)
 * 1:33677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Babar outbound connection (malware-cnc.rules)
 * 1:33678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FannyWorm outbound connection (malware-cnc.rules)
 * 1:33704 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33745 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33749 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33750 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:33819 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:33831 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent DownloadMR - Solimba (malware-cnc.rules)
 * 1:33851 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules)
 * 1:33852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules)
 * 1:33854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LogPOS variant outbound connection (malware-cnc.rules)
 * 1:33857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PwnPOS data exfiltration attempt (malware-cnc.rules)
 * 1:33859 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33860 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:34011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ayuther variant outbound connection (malware-cnc.rules)
 * 1:34025 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules)
 * 1:34026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules)
 * 1:34028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bruecimig variant outbound connection (malware-cnc.rules)
 * 1:34030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34032 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banklaed variant outbound connection (malware-cnc.rules)
 * 1:34041 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Igliveforg variant initial outbound connection (malware-cnc.rules)
 * 1:34042 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Igliveforg variant outbound connection (malware-cnc.rules)
 * 1:34044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Exacrytion variant outbound connection (malware-cnc.rules)
 * 1:34045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eitenckay initial outbound connection (malware-cnc.rules)
 * 1:34046 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expilan variant outbound connection (malware-cnc.rules)
 * 1:34047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBPasswordStealer variant outbound connection (malware-cnc.rules)
 * 1:34049 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.EvilBunny variant outbound connection (malware-cnc.rules)
 * 1:34050 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nepigon variant outbound connection (malware-cnc.rules)
 * 1:34052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NewPos outbound connection (malware-cnc.rules)
 * 1:34108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarsi variant outbound connection (malware-cnc.rules)
 * 1:34111 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chrozil variant outbound connection (malware-cnc.rules)
 * 1:34113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent beacon reply attempt (malware-cnc.rules)
 * 1:34115 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules)
 * 1:34116 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules)
 * 1:34117 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zupdax variant outbound connection (malware-cnc.rules)
 * 1:34128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WIntruder outbound connection (malware-cnc.rules)
 * 1:34130 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:34132 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Erotimpact variant outbound connection (malware-cnc.rules)
 * 1:34136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant MSSQL response (malware-cnc.rules)
 * 1:34138 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Netkrypt inbound response (malware-cnc.rules)
 * 1:34140 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbound connection (malware-cnc.rules)
 * 1:34143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypvault outbound connection (malware-cnc.rules)
 * 1:34155 <-> DISABLED <-> MALWARE-CNC MacOS.Backdoor.Xslcmd outbound connection (malware-cnc.rules)
 * 1:34161 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Punkey outbound connection (malware-cnc.rules)
 * 1:34181 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:34182 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:34183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:34214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Capimac variant outbound connection (malware-cnc.rules)
 * 1:34216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (malware-cnc.rules)
 * 1:34217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aytoke variant outbound connection (malware-cnc.rules)
 * 1:34219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nanocore variant outbound connection (malware-cnc.rules)
 * 1:34223 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Yebot variant outbound connection (malware-cnc.rules)
 * 1:34246 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AAEH variant outbound connection (malware-cnc.rules)
 * 1:34261 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:34262 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:34263 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:34280 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules)
 * 1:34281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:34282 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:34283 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:34286 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mudrop variant outbound connection (malware-cnc.rules)
 * 1:34289 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Plez outbound connection (malware-cnc.rules)
 * 1:34290 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Plez outbound connection (malware-cnc.rules)
 * 1:34291 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string crackim (malware-cnc.rules)
 * 1:34292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kraken outbound connection (malware-cnc.rules)
 * 1:34296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules)
 * 1:34297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules)
 * 1:34307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34308 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:40066 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.LokiBot (malware-cnc.rules)
 * 1:40067 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LokiBot outbound connection (malware-cnc.rules)
 * 1:46062 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules)
 * 1:46063 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules)
 * 1:46064 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules)
 * 1:48818 <-> ENABLED <-> MALWARE-CNC Js.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:33820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)

2020-10-15 12:57:43 UTC

Snort Subscriber Rules Update

Date: 2020-10-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56003 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant initial outbound request detected (malware-cnc.rules)
 * 1:56009 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt (browser-webkit.rules)
 * 1:56006 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules)
 * 1:56007 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules)
 * 1:56000 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules)
 * 1:56005 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules)
 * 1:56002 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CMW 100 SQL injection attempt (server-webapp.rules)
 * 1:56001 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules)
 * 1:56004 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CMW 100 cross site scripting attempt (server-webapp.rules)
 * 1:55999 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules)
 * 1:56008 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt (browser-webkit.rules)

Modified Rules:


 * 1:33821 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:33891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Amasages variant outbound connection (malware-cnc.rules)
 * 1:33892 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xerq outbound connection (malware-cnc.rules)
 * 1:33893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules)
 * 1:33907 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - KAIIOOOO871 - Win.Trojan.Dridex (malware-cnc.rules)
 * 1:33851 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules)
 * 1:33863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33912 <-> DISABLED <-> MALWARE-CNC Cryptofortress Decryption Software Purchase Tor Website (malware-cnc.rules)
 * 1:33913 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Concbak outbound connection (malware-cnc.rules)
 * 1:33914 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Barys (malware-cnc.rules)
 * 1:33930 <-> DISABLED <-> MALWARE-CNC Vicepass outbound connection initial request to the CNC sending system information (malware-cnc.rules)
 * 1:33931 <-> DISABLED <-> MALWARE-CNC Win.Worm.Goldrv variant outbound connection (malware-cnc.rules)
 * 1:33932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tempedreve Samba probe (malware-cnc.rules)
 * 1:33933 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Penget variant outbound connection (malware-cnc.rules)
 * 1:33966 <-> DISABLED <-> MALWARE-CNC Win.Worm.Mafusc variant outbound connection (malware-cnc.rules)
 * 1:33985 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.ChinaZ outbound connection (malware-cnc.rules)
 * 1:33989 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules)
 * 1:33990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules)
 * 1:33992 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules)
 * 1:33993 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules)
 * 1:33994 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Beshida outbound connection (malware-cnc.rules)
 * 1:33996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules)
 * 1:33997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules)
 * 1:34001 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules)
 * 1:34002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules)
 * 1:34003 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules)
 * 1:34004 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34006 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34008 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34009 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ayuther variant outbound connection (malware-cnc.rules)
 * 1:34025 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules)
 * 1:34026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules)
 * 1:34028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bruecimig variant outbound connection (malware-cnc.rules)
 * 1:34030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34032 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banklaed variant outbound connection (malware-cnc.rules)
 * 1:34041 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Igliveforg variant initial outbound connection (malware-cnc.rules)
 * 1:34042 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Igliveforg variant outbound connection (malware-cnc.rules)
 * 1:34044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Exacrytion variant outbound connection (malware-cnc.rules)
 * 1:34045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eitenckay initial outbound connection (malware-cnc.rules)
 * 1:34046 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expilan variant outbound connection (malware-cnc.rules)
 * 1:34047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBPasswordStealer variant outbound connection (malware-cnc.rules)
 * 1:34049 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.EvilBunny variant outbound connection (malware-cnc.rules)
 * 1:34050 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nepigon variant outbound connection (malware-cnc.rules)
 * 1:34052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NewPos outbound connection (malware-cnc.rules)
 * 1:34108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarsi variant outbound connection (malware-cnc.rules)
 * 1:34111 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chrozil variant outbound connection (malware-cnc.rules)
 * 1:34113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent beacon reply attempt (malware-cnc.rules)
 * 1:34115 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules)
 * 1:34116 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules)
 * 1:34117 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zupdax variant outbound connection (malware-cnc.rules)
 * 1:34128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WIntruder outbound connection (malware-cnc.rules)
 * 1:34130 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:34132 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Erotimpact variant outbound connection (malware-cnc.rules)
 * 1:34136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant MSSQL response (malware-cnc.rules)
 * 1:34138 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Netkrypt inbound response (malware-cnc.rules)
 * 1:34140 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbound connection (malware-cnc.rules)
 * 1:34143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypvault outbound connection (malware-cnc.rules)
 * 1:34155 <-> DISABLED <-> MALWARE-CNC MacOS.Backdoor.Xslcmd outbound connection (malware-cnc.rules)
 * 1:34161 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Punkey outbound connection (malware-cnc.rules)
 * 1:34181 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:34182 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:33867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33868 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33831 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent DownloadMR - Solimba (malware-cnc.rules)
 * 1:33852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules)
 * 1:33872 <-> DISABLED <-> MALWARE-CNC Win.Worm.Urahu outbound connection (malware-cnc.rules)
 * 1:33854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LogPOS variant outbound connection (malware-cnc.rules)
 * 1:33857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PwnPOS data exfiltration attempt (malware-cnc.rules)
 * 1:33859 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tepoyx outbound connection detection (malware-cnc.rules)
 * 1:33860 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33876 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules)
 * 1:33866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules)
 * 1:33878 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules)
 * 1:33879 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules)
 * 1:33883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadtre variant outbound connection (malware-cnc.rules)
 * 1:33884 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string dolit (malware-cnc.rules)
 * 1:33885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules)
 * 1:33886 <-> DISABLED <-> MALWARE-CNC WIn.Trojan.HawkEye keylogger variant outbound connection (malware-cnc.rules)
 * 1:31820 <-> DISABLED <-> MALWARE-CNC Win.Banker.Delf variant outbound connection (malware-cnc.rules)
 * 1:31824 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:31826 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant HTTP Response (malware-cnc.rules)
 * 1:31827 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules)
 * 1:31828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jabberbot variant outbound connection (malware-cnc.rules)
 * 1:31832 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pfinet outbound connection (malware-cnc.rules)
 * 1:31833 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chkbot outbound connection (malware-cnc.rules)
 * 1:31834 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Delorado variant outbound connection (malware-cnc.rules)
 * 1:31835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yesudac variant outbound connection (malware-cnc.rules)
 * 1:31836 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Seribe variant outbound connection (malware-cnc.rules)
 * 1:31837 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retgate variant outbound connection (malware-cnc.rules)
 * 1:31883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Waterspout outbound connection (malware-cnc.rules)
 * 1:31885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Threebyte variant outbound connection (malware-cnc.rules)
 * 1:31895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toupi variant outbound connection (malware-cnc.rules)
 * 1:31897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (malware-cnc.rules)
 * 1:31904 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:31907 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Honerep variant outbound connection (malware-cnc.rules)
 * 1:31909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Basostab variant outbound connection (malware-cnc.rules)
 * 1:31911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Gareme variant outbound connection (malware-cnc.rules)
 * 1:31913 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maozhi variant outbound connection (malware-cnc.rules)
 * 1:31915 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Ziyazo variant outbound connection (malware-cnc.rules)
 * 1:31916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:31923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant HTTP response attempt (malware-cnc.rules)
 * 1:31924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:31925 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Jynxkit outbound connection (malware-cnc.rules)
 * 1:31928 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Becontr variant outbound connection (malware-cnc.rules)
 * 1:31929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules)
 * 1:31930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules)
 * 1:31941 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Pedrp variant outbound connection (malware-cnc.rules)
 * 1:31947 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - HttpCall - Win.Trojan.Rukypee (malware-cnc.rules)
 * 1:31948 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MyProgramm - Win.Trojan.Rukypee (malware-cnc.rules)
 * 1:31949 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Skypee - Win.Trojan.Rukypee (malware-cnc.rules)
 * 1:31954 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules)
 * 1:31955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules)
 * 1:31957 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Torct variant outbound connection (malware-cnc.rules)
 * 1:31964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:31973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chebri variant outbound connection (malware-cnc.rules)
 * 1:31974 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zegorg variant outbound connection (malware-cnc.rules)
 * 1:31990 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Install - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:31991 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Treck - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:31992 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31993 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31994 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31995 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31996 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31997 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31998 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31999 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:32000 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:32001 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:32002 <-> DISABLED <-> MALWARE-CNC Win.Worm.Zorenium variant outbound connection (malware-cnc.rules)
 * 1:32009 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder inbound connection attempt - command (malware-cnc.rules)
 * 1:32010 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder outbound telnet connection attempt (malware-cnc.rules)
 * 1:32011 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder outbound connection (malware-cnc.rules)
 * 1:32012 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Bipamid variant outbound connection (malware-cnc.rules)
 * 1:32013 <-> DISABLED <-> MALWARE-CNC Linux.Worm.Darlloz variant outbound connection (malware-cnc.rules)
 * 1:32015 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zeus variant outbound connection (malware-cnc.rules)
 * 1:32016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Menteni variant outbound connection (malware-cnc.rules)
 * 1:32017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Memlog SMB file transfer (malware-cnc.rules)
 * 1:32018 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Hupigon.NYK variant outbound connection (malware-cnc.rules)
 * 1:32020 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Krompt variant outbound connection (malware-cnc.rules)
 * 1:32023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinpid variant outbound connection (malware-cnc.rules)
 * 1:32028 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Klabcon variant outbound connection (malware-cnc.rules)
 * 1:32030 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Decibal - Win.Trojan.Decibal (malware-cnc.rules)
 * 1:32031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Decibal variant outbound connection (malware-cnc.rules)
 * 1:32033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larosden variant outbound connection (malware-cnc.rules)
 * 1:32034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larefervt variant outbound connection (malware-cnc.rules)
 * 1:32035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boleteiro variant outbound connection (malware-cnc.rules)
 * 1:32036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Somoca vaniant outbound connection (malware-cnc.rules)
 * 1:32037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload.awt variant outbound connection (malware-cnc.rules)
 * 1:32048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lecpetex variant outbound connection (malware-cnc.rules)
 * 1:32050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Larosden variant outbound connection (malware-cnc.rules)
 * 1:32052 <-> DISABLED <-> MALWARE-CNC User-Agent Xsser mRAT user-agent (malware-cnc.rules)
 * 1:32053 <-> DISABLED <-> MALWARE-CNC Xsser mRAT GPS data upload (malware-cnc.rules)
 * 1:32054 <-> DISABLED <-> MALWARE-CNC Xsser mRAT file upload (malware-cnc.rules)
 * 1:32058 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Masatekar variant outbound connection (malware-cnc.rules)
 * 1:32060 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent string - httptestman - Win.Backdoor.Rabasheeta (malware-cnc.rules)
 * 1:32061 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Nekill variant outbound connection (malware-cnc.rules)
 * 1:32065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox inbound connection (malware-cnc.rules)
 * 1:32066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox outbound connection (malware-cnc.rules)
 * 1:32067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox outbound connection (malware-cnc.rules)
 * 1:32071 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zapchast variant outbound connection (malware-cnc.rules)
 * 1:32072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot configuration download attempt (malware-cnc.rules)
 * 1:32073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot outbound connection (malware-cnc.rules)
 * 1:32074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot payload download attempt (malware-cnc.rules)
 * 1:32075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small variant outbound connection (malware-cnc.rules)
 * 1:32086 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Corkow variant outbound connection (malware-cnc.rules)
 * 1:34183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:34214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Capimac variant outbound connection (malware-cnc.rules)
 * 1:34216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (malware-cnc.rules)
 * 1:34217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aytoke variant outbound connection (malware-cnc.rules)
 * 1:34219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nanocore variant outbound connection (malware-cnc.rules)
 * 1:34223 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Yebot variant outbound connection (malware-cnc.rules)
 * 1:34246 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AAEH variant outbound connection (malware-cnc.rules)
 * 1:34261 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:34262 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:34263 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:34280 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules)
 * 1:34281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:34282 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:34283 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:34286 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mudrop variant outbound connection (malware-cnc.rules)
 * 1:34289 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Plez outbound connection (malware-cnc.rules)
 * 1:34290 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Plez outbound connection (malware-cnc.rules)
 * 1:34291 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string crackim (malware-cnc.rules)
 * 1:34292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kraken outbound connection (malware-cnc.rules)
 * 1:34296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules)
 * 1:34297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules)
 * 1:34307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34308 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:40066 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.LokiBot (malware-cnc.rules)
 * 1:40067 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LokiBot outbound connection (malware-cnc.rules)
 * 1:46062 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules)
 * 1:46063 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules)
 * 1:46064 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules)
 * 1:48818 <-> ENABLED <-> MALWARE-CNC Js.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:32090 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saaglup variant outbound connection (malware-cnc.rules)
 * 1:32091 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.PcertStealer variant outbound connection (malware-cnc.rules)
 * 1:32093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:32096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Puver variant outbound connection (malware-cnc.rules)
 * 1:32121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (malware-cnc.rules)
 * 1:32123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:32125 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - update - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:32126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lizarbot outbound connection (malware-cnc.rules)
 * 1:32129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:32130 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:32175 <-> DISABLED <-> MALWARE-CNC Osx.Backdoor.iWorm variant outbound connection (malware-cnc.rules)
 * 1:32179 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Plugx variant outbound connection (malware-cnc.rules)
 * 1:32180 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.ZxShell connection incoming attempt (malware-cnc.rules)
 * 1:32181 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.ZxShell connection outgoing attempt (malware-cnc.rules)
 * 1:32192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zxshell variant outbound connection (malware-cnc.rules)
 * 1:32193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dubrute variant outbound connection (malware-cnc.rules)
 * 1:32194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dubrute variant outbound connection (malware-cnc.rules)
 * 1:32195 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Palebot variant outbound connection (malware-cnc.rules)
 * 1:32196 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:32197 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zerolocker variant outbound connection (malware-cnc.rules)
 * 1:32198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mujormel outbound connection (malware-cnc.rules)
 * 1:32202 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Soaphrish variant outbound connection (malware-cnc.rules)
 * 1:32220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy download detected (malware-cnc.rules)
 * 1:32221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy download detected (malware-cnc.rules)
 * 1:32222 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Liroospu variant outbound connection (malware-cnc.rules)
 * 1:32225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall variant outbound connection (malware-cnc.rules)
 * 1:32243 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Clemint variant outbound connection (malware-cnc.rules)
 * 1:32250 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hydraq.variant outbound detected (malware-cnc.rules)
 * 1:32270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba variant outbound connection (malware-cnc.rules)
 * 1:32272 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Hesechca variant outbound connection (malware-cnc.rules)
 * 1:32285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zoxpng variant outbound connection (malware-cnc.rules)
 * 1:32287 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sapertilz variant outbound connection (malware-cnc.rules)
 * 1:32289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules)
 * 1:32290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules)
 * 1:32291 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules)
 * 1:32292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules)
 * 1:32293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Acanas variant outbound connection (malware-cnc.rules)
 * 1:32294 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent BloodguyBrowser-_- (malware-cnc.rules)
 * 1:32295 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string http - Win.Trojan.Waski (malware-cnc.rules)
 * 1:32296 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string update - Win.Trojan.Waski (malware-cnc.rules)
 * 1:32310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli variant outbound connection (malware-cnc.rules)
 * 1:32311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rehtesyk outbound connection (malware-cnc.rules)
 * 1:32312 <-> DISABLED <-> MALWARE-CNC FrameworkPOS data exfiltration through DNS - beacon message (malware-cnc.rules)
 * 1:32328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant download request (malware-cnc.rules)
 * 1:32329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules)
 * 1:32330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules)
 * 1:32331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules)
 * 1:32332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hancitor variant outbound connection (malware-cnc.rules)
 * 1:32333 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string fast uax (malware-cnc.rules)
 * 1:32334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stantinko variant outbound connection (malware-cnc.rules)
 * 1:32338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ropest variant outbound connection (malware-cnc.rules)
 * 1:32341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cakwerd variant outbound connection (malware-cnc.rules)
 * 1:32343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant inbound spam attempt (malware-cnc.rules)
 * 1:32344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound spam attempt (malware-cnc.rules)
 * 1:32354 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsune variant outbound connection (malware-cnc.rules)
 * 1:32357 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Akaza variant outbound connection (malware-cnc.rules)
 * 1:32367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GameOverZeus variant outbound connection (malware-cnc.rules)
 * 1:32368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex variant outbound connection (malware-cnc.rules)
 * 1:32372 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drepitt variant outbound connection (malware-cnc.rules)
 * 1:32373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Broonject variant outbound connection (malware-cnc.rules)
 * 1:32374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:32379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Baccamun variant outbound connection (malware-cnc.rules)
 * 1:32383 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - connect - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:32384 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - myupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:32394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules)
 * 1:32395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules)
 * 1:32396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules)
 * 1:32397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules)
 * 1:32400 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Parama attempted outbound connection (malware-cnc.rules)
 * 1:32401 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Kivars outbound connection (malware-cnc.rules)
 * 1:32402 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent globalupdate - Osx.Trojan.Wirelurker (malware-cnc.rules)
 * 1:32451 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backoff initial outbound connection (malware-cnc.rules)
 * 1:32455 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VUPHTTP - Win.Trojan.Puvespia (malware-cnc.rules)
 * 1:32456 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Effseart variant outbound connection (malware-cnc.rules)
 * 1:32457 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Effseart variant inbound connection (malware-cnc.rules)
 * 1:32464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker variant outbound connection (malware-cnc.rules)
 * 1:32469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankeiya outbound connection (malware-cnc.rules)
 * 1:32486 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Exadog outbound connection (malware-cnc.rules)
 * 1:32487 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Exadog variant outbound connection (malware-cnc.rules)
 * 1:32493 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA variant outbound connection (malware-cnc.rules)
 * 1:32494 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA variant outbound connection (malware-cnc.rules)
 * 1:32504 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (malware-cnc.rules)
 * 1:32505 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (malware-cnc.rules)
 * 1:32506 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Secdeskinf outbound connection (malware-cnc.rules)
 * 1:32510 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.PiltabeA outbound connection (malware-cnc.rules)
 * 1:32511 <-> DISABLED <-> MALWARE-CNC PCRat variant outbound connection (malware-cnc.rules)
 * 1:32512 <-> DISABLED <-> MALWARE-CNC PCRat variant outbound connection (malware-cnc.rules)
 * 1:32513 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Havex outbound connection (malware-cnc.rules)
 * 1:32521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 2.0 possible TOR client retrieval attempt (malware-cnc.rules)
 * 1:32529 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Vkont variant outbound connection (malware-cnc.rules)
 * 1:32548 <-> DISABLED <-> MALWARE-CNC Mac.Backdoor.iWorm attempted outbound connection (malware-cnc.rules)
 * 1:32550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Extant variant outbound connection (malware-cnc.rules)
 * 1:32551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coreshell variant outbound connection (malware-cnc.rules)
 * 1:32556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayoboiz outbound connection (malware-cnc.rules)
 * 1:32557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayoboiz outbound connection (malware-cnc.rules)
 * 1:32583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:32584 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:32585 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:32586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:32598 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad file wipe attempt (malware-cnc.rules)
 * 1:32599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad outbound connection (malware-cnc.rules)
 * 1:32600 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad file wipe attempt (malware-cnc.rules)
 * 1:32604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Geodo variant outbound connection (malware-cnc.rules)
 * 1:32605 <-> DISABLED <-> MALWARE-CNC Win.Worm.Jenxcus variant outbound connection (malware-cnc.rules)
 * 1:32606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral variant outbound connection (malware-cnc.rules)
 * 1:32607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt (malware-cnc.rules)
 * 1:32608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt (malware-cnc.rules)
 * 1:32609 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (malware-cnc.rules)
 * 1:32610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive (malware-cnc.rules)
 * 1:32613 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jadowndec attempted outbound connection (malware-cnc.rules)
 * 1:32614 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jadowndec attempted outbound connection (malware-cnc.rules)
 * 1:32621 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules)
 * 1:32624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules)
 * 1:32645 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RUpdate (malware-cnc.rules)
 * 1:32665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chopstick variant outbound request (malware-cnc.rules)
 * 1:32667 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chopstick variant outbound request (malware-cnc.rules)
 * 1:32674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wiper variant outbound connection (malware-cnc.rules)
 * 1:32677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules)
 * 1:32678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules)
 * 1:32706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:32727 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Uclinu variant outbound connection (malware-cnc.rules)
 * 1:32728 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Olegb variant outbound connection (malware-cnc.rules)
 * 1:32734 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Typideg variant outbound connection (malware-cnc.rules)
 * 1:32735 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoPHP variant outbound connection (malware-cnc.rules)
 * 1:32736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoPHP variant outbound connection (malware-cnc.rules)
 * 1:32743 <-> DISABLED <-> MALWARE-CNC VGABot IRC communication attempt (malware-cnc.rules)
 * 1:32747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragebot variant outbound connection (malware-cnc.rules)
 * 1:32769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WOWCheckC Attempted CNC (malware-cnc.rules)
 * 1:32770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:32776 <-> DISABLED <-> MALWARE-CNC FIN4 VBA Macro credentials upload attempt (malware-cnc.rules)
 * 1:32780 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (malware-cnc.rules)
 * 1:32781 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (malware-cnc.rules)
 * 1:32791 <-> DISABLED <-> MALWARE-CNC Win.Virus.Ransomlock outbound connection (malware-cnc.rules)
 * 1:32792 <-> DISABLED <-> MALWARE-CNC Win.Virus.Ransomlock inbound connection (malware-cnc.rules)
 * 1:32823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection (malware-cnc.rules)
 * 1:32824 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel variant outbound connection (malware-cnc.rules)
 * 1:32825 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection (malware-cnc.rules)
 * 1:32826 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel data upload attempt (malware-cnc.rules)
 * 1:32827 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel response connection attempt (malware-cnc.rules)
 * 1:32852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection (malware-cnc.rules)
 * 1:32853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection (malware-cnc.rules)
 * 1:32854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Loodir outbound connection (malware-cnc.rules)
 * 1:32882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ksypypro outbound connection (malware-cnc.rules)
 * 1:32891 <-> DISABLED <-> MALWARE-CNC Php.Malware.SoakSoakRedirect Malware traffic containing WordPress Administrator credentials (malware-cnc.rules)
 * 1:32892 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorLocker variant outbound connection (malware-cnc.rules)
 * 1:32893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Finforst outbound connection (malware-cnc.rules)
 * 1:32908 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules)
 * 1:32909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules)
 * 1:32910 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules)
 * 1:32950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bladabindi variant outbound connection (malware-cnc.rules)
 * 1:32956 <-> DISABLED <-> MALWARE-CNC Android.CoolReaper.Trojan outbound connection (malware-cnc.rules)
 * 1:32957 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound SOAP connection attempt (malware-cnc.rules)
 * 1:32958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot response connection attempt (malware-cnc.rules)
 * 1:32973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Twerket variant outbound connection (malware-cnc.rules)
 * 1:32976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluos variant outbound connection (malware-cnc.rules)
 * 1:32977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluos variant outbound connection (malware-cnc.rules)
 * 1:32978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules)
 * 1:32979 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules)
 * 1:32980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - multi-browser (malware-cnc.rules)
 * 1:32986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toopu dll embedded in png download attempt (malware-cnc.rules)
 * 1:32987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:32988 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:32989 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:32990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toopu outbound connection (malware-cnc.rules)
 * 1:33047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - realupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Joanap outbound connection (malware-cnc.rules)
 * 1:33058 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant inbound connection (malware-cnc.rules)
 * 1:33059 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant outbound connection (malware-cnc.rules)
 * 1:33060 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant outbound connection (malware-cnc.rules)
 * 1:33061 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lagulon.A outbound connection (malware-cnc.rules)
 * 1:33081 <-> DISABLED <-> MALWARE-CNC OnionDuke variant outbound connection (malware-cnc.rules)
 * 1:33082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nocpos initial outbound connection (malware-cnc.rules)
 * 1:33083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nocpos information disclosure attempt (malware-cnc.rules)
 * 1:33084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tosct variant outbound connection (malware-cnc.rules)
 * 1:33145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules)
 * 1:33148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules)
 * 1:33149 <-> DISABLED <-> MALWARE-CNC Win.Worm.Ultramine outbound connection (malware-cnc.rules)
 * 1:33152 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nurjax.A outbound connection (malware-cnc.rules)
 * 1:33153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Heur variant outbound connection (malware-cnc.rules)
 * 1:33161 <-> DISABLED <-> MALWARE-CNC Win.Spyware.Rombertik outbound connection (malware-cnc.rules)
 * 1:33165 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poweliks outbound connection (malware-cnc.rules)
 * 1:33199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Sabeba outbound connection (malware-cnc.rules)
 * 1:33200 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pisces variant outbound connection (malware-cnc.rules)
 * 1:33207 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mazilla/5.0 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules)
 * 1:33217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuovoscor variant outbound connection (malware-cnc.rules)
 * 1:33218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cendode system information disclosure attempt (malware-cnc.rules)
 * 1:33219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue variant outbound connection (malware-cnc.rules)
 * 1:33220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye keylogger exfiltration attempt (malware-cnc.rules)
 * 1:33221 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules)
 * 1:33222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules)
 * 1:33223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules)
 * 1:33227 <-> DISABLED <-> MALWARE-CNC Win.Agent.BHHK variant outbound connection (malware-cnc.rules)
 * 1:33228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules)
 * 1:33230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33231 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox/5.0 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33232 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - AppUpdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33233 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-1 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33234 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2508Inst - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33235 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-2 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33236 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2808inst - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33237 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Player - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33238 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Wurst - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33239 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Installer/1.0 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33240 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - FixUpdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33242 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Explorer - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33244 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33246 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - OperaMini - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33245 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera10 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33248 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Peers12 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33249 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SLSSoapClient - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33250 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Tintin - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33251 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - USER_CHECK - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33252 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - WATClient - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33253 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - bbbbbbbbbb - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33254 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - hi - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33255 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - iMacros - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33256 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - macrotest - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33257 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlymacros - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33258 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Updates downloader - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33259 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - testupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33260 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlyupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33282 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules)
 * 1:33284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.OnLineGames variant outbound connection (malware-cnc.rules)
 * 1:33285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bavload outbound download request attempt (malware-cnc.rules)
 * 1:33289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rawpos incoming backdoor connection attempt (malware-cnc.rules)
 * 1:33299 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foxy variant outbound connection (malware-cnc.rules)
 * 1:33305 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rubinurd variant outbound connection (malware-cnc.rules)
 * 1:33328 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules)
 * 1:33329 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules)
 * 1:33330 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules)
 * 1:33342 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules)
 * 1:33411 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules)
 * 1:33431 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gefetroe variant outbound connection (malware-cnc.rules)
 * 1:33443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:33444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules)
 * 1:33449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileEncoder IP geolocation checkin attempt (malware-cnc.rules)
 * 1:33450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileEncoder variant outbound connection (malware-cnc.rules)
 * 1:33453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules)
 * 1:33456 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules)
 * 1:33457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:33464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dynamer variant outbound connection (malware-cnc.rules)
 * 1:33481 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Xnote outbound connection (malware-cnc.rules)
 * 1:33482 <-> DISABLED <-> MALWARE-CNC Win.Worm.Enosch variant outbound connection (malware-cnc.rules)
 * 1:33496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda variant outbound connection (malware-cnc.rules)
 * 1:33513 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - XAgent - Operation Pawn Storm (malware-cnc.rules)
 * 1:33519 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ALIZER (malware-cnc.rules)
 * 1:33520 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy inbound CNC response (malware-cnc.rules)
 * 1:33521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (malware-cnc.rules)
 * 1:33522 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - DNS Changer (malware-cnc.rules)
 * 1:33523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (malware-cnc.rules)
 * 1:33524 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (malware-cnc.rules)
 * 1:33543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules)
 * 1:33545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules)
 * 1:33546 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules)
 * 1:33547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Turla outbound connection (malware-cnc.rules)
 * 1:33594 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules)
 * 1:33620 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.lubot outbound connection (malware-cnc.rules)
 * 1:33621 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.lubot outbound connection (malware-cnc.rules)
 * 1:33633 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Downing - Win.Trojan.Otwycal (malware-cnc.rules)
 * 1:33646 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:33647 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:33648 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:33649 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Google Omaha - Win.Trojan.ExtenBro (malware-cnc.rules)
 * 1:33650 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba outbound connection (malware-cnc.rules)
 * 1:33674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules)
 * 1:33675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules)
 * 1:33677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Babar outbound connection (malware-cnc.rules)
 * 1:33678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FannyWorm outbound connection (malware-cnc.rules)
 * 1:33704 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33745 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33749 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33750 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:33819 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:33820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:33243 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozilla - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33822 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)

2020-10-15 12:57:43 UTC

Snort Subscriber Rules Update

Date: 2020-10-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56000 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules)
 * 1:56007 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules)
 * 1:56009 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt (browser-webkit.rules)
 * 1:55999 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules)
 * 1:56002 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CMW 100 SQL injection attempt (server-webapp.rules)
 * 1:56001 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules)
 * 1:56004 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CMW 100 cross site scripting attempt (server-webapp.rules)
 * 1:56005 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules)
 * 1:56006 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules)
 * 1:56008 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt (browser-webkit.rules)
 * 1:56003 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant initial outbound request detected (malware-cnc.rules)

Modified Rules:


 * 1:34289 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Plez outbound connection (malware-cnc.rules)
 * 1:34290 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Plez outbound connection (malware-cnc.rules)
 * 1:34291 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string crackim (malware-cnc.rules)
 * 1:34292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kraken outbound connection (malware-cnc.rules)
 * 1:34296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules)
 * 1:34297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules)
 * 1:34307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34308 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:40066 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.LokiBot (malware-cnc.rules)
 * 1:40067 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LokiBot outbound connection (malware-cnc.rules)
 * 1:46062 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules)
 * 1:46063 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules)
 * 1:46064 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules)
 * 1:48818 <-> ENABLED <-> MALWARE-CNC Js.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:34028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bruecimig variant outbound connection (malware-cnc.rules)
 * 1:34136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant MSSQL response (malware-cnc.rules)
 * 1:34117 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zupdax variant outbound connection (malware-cnc.rules)
 * 1:34039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banklaed variant outbound connection (malware-cnc.rules)
 * 1:34030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules)
 * 1:33885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules)
 * 1:34052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NewPos outbound connection (malware-cnc.rules)
 * 1:33863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:34026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules)
 * 1:33859 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33931 <-> DISABLED <-> MALWARE-CNC Win.Worm.Goldrv variant outbound connection (malware-cnc.rules)
 * 1:34143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypvault outbound connection (malware-cnc.rules)
 * 1:34041 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Igliveforg variant initial outbound connection (malware-cnc.rules)
 * 1:34031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34130 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:34007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34032 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34025 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules)
 * 1:33990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules)
 * 1:34006 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:33893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules)
 * 1:33868 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:34108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarsi variant outbound connection (malware-cnc.rules)
 * 1:33914 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Barys (malware-cnc.rules)
 * 1:33860 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:34033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:33872 <-> DISABLED <-> MALWARE-CNC Win.Worm.Urahu outbound connection (malware-cnc.rules)
 * 1:33992 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules)
 * 1:33994 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Beshida outbound connection (malware-cnc.rules)
 * 1:34111 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chrozil variant outbound connection (malware-cnc.rules)
 * 1:33867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:34049 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.EvilBunny variant outbound connection (malware-cnc.rules)
 * 1:34155 <-> DISABLED <-> MALWARE-CNC MacOS.Backdoor.Xslcmd outbound connection (malware-cnc.rules)
 * 1:33851 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules)
 * 1:34035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34181 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:34044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Exacrytion variant outbound connection (malware-cnc.rules)
 * 1:33996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules)
 * 1:34045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eitenckay initial outbound connection (malware-cnc.rules)
 * 1:34038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:33861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33892 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xerq outbound connection (malware-cnc.rules)
 * 1:34182 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:34115 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules)
 * 1:33857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PwnPOS data exfiltration attempt (malware-cnc.rules)
 * 1:34011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34138 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Netkrypt inbound response (malware-cnc.rules)
 * 1:33878 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules)
 * 1:33997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules)
 * 1:33930 <-> DISABLED <-> MALWARE-CNC Vicepass outbound connection initial request to the CNC sending system information (malware-cnc.rules)
 * 1:33993 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules)
 * 1:33852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules)
 * 1:33907 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - KAIIOOOO871 - Win.Trojan.Dridex (malware-cnc.rules)
 * 1:34004 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34008 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34009 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:33866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:34214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Capimac variant outbound connection (malware-cnc.rules)
 * 1:33985 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.ChinaZ outbound connection (malware-cnc.rules)
 * 1:33864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:34140 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbound connection (malware-cnc.rules)
 * 1:33932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tempedreve Samba probe (malware-cnc.rules)
 * 1:34046 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expilan variant outbound connection (malware-cnc.rules)
 * 1:34010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34003 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules)
 * 1:33891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Amasages variant outbound connection (malware-cnc.rules)
 * 1:33831 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent DownloadMR - Solimba (malware-cnc.rules)
 * 1:33933 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Penget variant outbound connection (malware-cnc.rules)
 * 1:33862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:34113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent beacon reply attempt (malware-cnc.rules)
 * 1:34132 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Erotimpact variant outbound connection (malware-cnc.rules)
 * 1:34128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WIntruder outbound connection (malware-cnc.rules)
 * 1:33883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadtre variant outbound connection (malware-cnc.rules)
 * 1:34261 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:33821 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:34281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:33865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:34246 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AAEH variant outbound connection (malware-cnc.rules)
 * 1:34263 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:34282 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:34280 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules)
 * 1:34283 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:33244 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:34262 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:33854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LogPOS variant outbound connection (malware-cnc.rules)
 * 1:34013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ayuther variant outbound connection (malware-cnc.rules)
 * 1:33989 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules)
 * 1:34161 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Punkey outbound connection (malware-cnc.rules)
 * 1:34034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:33912 <-> DISABLED <-> MALWARE-CNC Cryptofortress Decryption Software Purchase Tor Website (malware-cnc.rules)
 * 1:34042 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Igliveforg variant outbound connection (malware-cnc.rules)
 * 1:33879 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules)
 * 1:33877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules)
 * 1:34036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:33876 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules)
 * 1:34219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nanocore variant outbound connection (malware-cnc.rules)
 * 1:33873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tepoyx outbound connection detection (malware-cnc.rules)
 * 1:34037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBPasswordStealer variant outbound connection (malware-cnc.rules)
 * 1:34012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:33886 <-> DISABLED <-> MALWARE-CNC WIn.Trojan.HawkEye keylogger variant outbound connection (malware-cnc.rules)
 * 1:34005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34116 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules)
 * 1:34183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:34217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aytoke variant outbound connection (malware-cnc.rules)
 * 1:33884 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string dolit (malware-cnc.rules)
 * 1:34001 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules)
 * 1:34223 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Yebot variant outbound connection (malware-cnc.rules)
 * 1:33913 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Concbak outbound connection (malware-cnc.rules)
 * 1:34216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (malware-cnc.rules)
 * 1:33966 <-> DISABLED <-> MALWARE-CNC Win.Worm.Mafusc variant outbound connection (malware-cnc.rules)
 * 1:34050 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nepigon variant outbound connection (malware-cnc.rules)
 * 1:33256 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - macrotest - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:31907 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Honerep variant outbound connection (malware-cnc.rules)
 * 1:31909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Basostab variant outbound connection (malware-cnc.rules)
 * 1:31911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Gareme variant outbound connection (malware-cnc.rules)
 * 1:31913 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maozhi variant outbound connection (malware-cnc.rules)
 * 1:31915 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Ziyazo variant outbound connection (malware-cnc.rules)
 * 1:31916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:31923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant HTTP response attempt (malware-cnc.rules)
 * 1:31924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:31925 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Jynxkit outbound connection (malware-cnc.rules)
 * 1:31928 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Becontr variant outbound connection (malware-cnc.rules)
 * 1:31929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules)
 * 1:31930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules)
 * 1:31941 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Pedrp variant outbound connection (malware-cnc.rules)
 * 1:31947 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - HttpCall - Win.Trojan.Rukypee (malware-cnc.rules)
 * 1:31948 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MyProgramm - Win.Trojan.Rukypee (malware-cnc.rules)
 * 1:31949 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Skypee - Win.Trojan.Rukypee (malware-cnc.rules)
 * 1:31954 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules)
 * 1:31955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules)
 * 1:31957 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Torct variant outbound connection (malware-cnc.rules)
 * 1:31964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:31973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chebri variant outbound connection (malware-cnc.rules)
 * 1:31974 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zegorg variant outbound connection (malware-cnc.rules)
 * 1:31990 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Install - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:31991 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Treck - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:31992 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31993 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31994 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31995 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31996 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31997 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31998 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31999 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:32000 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:32001 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:32002 <-> DISABLED <-> MALWARE-CNC Win.Worm.Zorenium variant outbound connection (malware-cnc.rules)
 * 1:32009 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder inbound connection attempt - command (malware-cnc.rules)
 * 1:32010 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder outbound telnet connection attempt (malware-cnc.rules)
 * 1:32011 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder outbound connection (malware-cnc.rules)
 * 1:32012 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Bipamid variant outbound connection (malware-cnc.rules)
 * 1:32013 <-> DISABLED <-> MALWARE-CNC Linux.Worm.Darlloz variant outbound connection (malware-cnc.rules)
 * 1:32015 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zeus variant outbound connection (malware-cnc.rules)
 * 1:32016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Menteni variant outbound connection (malware-cnc.rules)
 * 1:32018 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Hupigon.NYK variant outbound connection (malware-cnc.rules)
 * 1:32020 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Krompt variant outbound connection (malware-cnc.rules)
 * 1:32023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinpid variant outbound connection (malware-cnc.rules)
 * 1:32028 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Klabcon variant outbound connection (malware-cnc.rules)
 * 1:32030 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Decibal - Win.Trojan.Decibal (malware-cnc.rules)
 * 1:32031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Decibal variant outbound connection (malware-cnc.rules)
 * 1:32033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larosden variant outbound connection (malware-cnc.rules)
 * 1:32034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larefervt variant outbound connection (malware-cnc.rules)
 * 1:32035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boleteiro variant outbound connection (malware-cnc.rules)
 * 1:32036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Somoca vaniant outbound connection (malware-cnc.rules)
 * 1:32037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload.awt variant outbound connection (malware-cnc.rules)
 * 1:32048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lecpetex variant outbound connection (malware-cnc.rules)
 * 1:32050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Larosden variant outbound connection (malware-cnc.rules)
 * 1:32052 <-> DISABLED <-> MALWARE-CNC User-Agent Xsser mRAT user-agent (malware-cnc.rules)
 * 1:32053 <-> DISABLED <-> MALWARE-CNC Xsser mRAT GPS data upload (malware-cnc.rules)
 * 1:32054 <-> DISABLED <-> MALWARE-CNC Xsser mRAT file upload (malware-cnc.rules)
 * 1:32058 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Masatekar variant outbound connection (malware-cnc.rules)
 * 1:32060 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent string - httptestman - Win.Backdoor.Rabasheeta (malware-cnc.rules)
 * 1:32061 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Nekill variant outbound connection (malware-cnc.rules)
 * 1:32065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox inbound connection (malware-cnc.rules)
 * 1:32066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox outbound connection (malware-cnc.rules)
 * 1:32067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox outbound connection (malware-cnc.rules)
 * 1:32071 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zapchast variant outbound connection (malware-cnc.rules)
 * 1:32072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot configuration download attempt (malware-cnc.rules)
 * 1:32073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot outbound connection (malware-cnc.rules)
 * 1:32074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot payload download attempt (malware-cnc.rules)
 * 1:32075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small variant outbound connection (malware-cnc.rules)
 * 1:32086 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Corkow variant outbound connection (malware-cnc.rules)
 * 1:32090 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saaglup variant outbound connection (malware-cnc.rules)
 * 1:33246 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - OperaMini - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33245 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera10 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33248 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Peers12 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33249 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SLSSoapClient - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33250 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Tintin - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33251 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - USER_CHECK - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33252 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - WATClient - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33253 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - bbbbbbbbbb - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33254 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - hi - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33255 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - iMacros - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33257 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlymacros - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33258 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Updates downloader - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33259 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - testupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33260 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlyupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33282 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules)
 * 1:33284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.OnLineGames variant outbound connection (malware-cnc.rules)
 * 1:33285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bavload outbound download request attempt (malware-cnc.rules)
 * 1:33289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rawpos incoming backdoor connection attempt (malware-cnc.rules)
 * 1:33299 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foxy variant outbound connection (malware-cnc.rules)
 * 1:33305 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rubinurd variant outbound connection (malware-cnc.rules)
 * 1:33328 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules)
 * 1:33329 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules)
 * 1:33330 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules)
 * 1:33342 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules)
 * 1:33411 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules)
 * 1:33431 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gefetroe variant outbound connection (malware-cnc.rules)
 * 1:33443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:33444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules)
 * 1:33449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileEncoder IP geolocation checkin attempt (malware-cnc.rules)
 * 1:33450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileEncoder variant outbound connection (malware-cnc.rules)
 * 1:33453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules)
 * 1:33456 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules)
 * 1:33457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:33464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dynamer variant outbound connection (malware-cnc.rules)
 * 1:33481 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Xnote outbound connection (malware-cnc.rules)
 * 1:33482 <-> DISABLED <-> MALWARE-CNC Win.Worm.Enosch variant outbound connection (malware-cnc.rules)
 * 1:33496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda variant outbound connection (malware-cnc.rules)
 * 1:33513 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - XAgent - Operation Pawn Storm (malware-cnc.rules)
 * 1:33519 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ALIZER (malware-cnc.rules)
 * 1:33520 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy inbound CNC response (malware-cnc.rules)
 * 1:33521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (malware-cnc.rules)
 * 1:33522 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - DNS Changer (malware-cnc.rules)
 * 1:33523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (malware-cnc.rules)
 * 1:33524 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (malware-cnc.rules)
 * 1:33543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules)
 * 1:33545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules)
 * 1:33546 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules)
 * 1:33547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Turla outbound connection (malware-cnc.rules)
 * 1:33594 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules)
 * 1:33620 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.lubot outbound connection (malware-cnc.rules)
 * 1:33621 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.lubot outbound connection (malware-cnc.rules)
 * 1:33633 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Downing - Win.Trojan.Otwycal (malware-cnc.rules)
 * 1:33646 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:33647 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:33648 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:33649 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Google Omaha - Win.Trojan.ExtenBro (malware-cnc.rules)
 * 1:33650 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba outbound connection (malware-cnc.rules)
 * 1:33674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules)
 * 1:33675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules)
 * 1:33677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Babar outbound connection (malware-cnc.rules)
 * 1:33678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FannyWorm outbound connection (malware-cnc.rules)
 * 1:33704 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33745 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33749 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33750 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:33819 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:34286 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mudrop variant outbound connection (malware-cnc.rules)
 * 1:33822 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:31820 <-> DISABLED <-> MALWARE-CNC Win.Banker.Delf variant outbound connection (malware-cnc.rules)
 * 1:31824 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:31826 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant HTTP Response (malware-cnc.rules)
 * 1:31827 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules)
 * 1:31828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jabberbot variant outbound connection (malware-cnc.rules)
 * 1:31832 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pfinet outbound connection (malware-cnc.rules)
 * 1:31833 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chkbot outbound connection (malware-cnc.rules)
 * 1:31834 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Delorado variant outbound connection (malware-cnc.rules)
 * 1:31835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yesudac variant outbound connection (malware-cnc.rules)
 * 1:31836 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Seribe variant outbound connection (malware-cnc.rules)
 * 1:31837 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retgate variant outbound connection (malware-cnc.rules)
 * 1:31883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Waterspout outbound connection (malware-cnc.rules)
 * 1:31885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Threebyte variant outbound connection (malware-cnc.rules)
 * 1:31895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toupi variant outbound connection (malware-cnc.rules)
 * 1:31897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (malware-cnc.rules)
 * 1:31904 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:32017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Memlog SMB file transfer (malware-cnc.rules)
 * 1:32091 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.PcertStealer variant outbound connection (malware-cnc.rules)
 * 1:32093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:32096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Puver variant outbound connection (malware-cnc.rules)
 * 1:32121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (malware-cnc.rules)
 * 1:32123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:32125 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - update - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:32126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lizarbot outbound connection (malware-cnc.rules)
 * 1:32129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:32130 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:32175 <-> DISABLED <-> MALWARE-CNC Osx.Backdoor.iWorm variant outbound connection (malware-cnc.rules)
 * 1:32179 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Plugx variant outbound connection (malware-cnc.rules)
 * 1:32180 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.ZxShell connection incoming attempt (malware-cnc.rules)
 * 1:32181 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.ZxShell connection outgoing attempt (malware-cnc.rules)
 * 1:32192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zxshell variant outbound connection (malware-cnc.rules)
 * 1:32193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dubrute variant outbound connection (malware-cnc.rules)
 * 1:32194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dubrute variant outbound connection (malware-cnc.rules)
 * 1:32195 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Palebot variant outbound connection (malware-cnc.rules)
 * 1:32196 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:32197 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zerolocker variant outbound connection (malware-cnc.rules)
 * 1:32198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mujormel outbound connection (malware-cnc.rules)
 * 1:32202 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Soaphrish variant outbound connection (malware-cnc.rules)
 * 1:32220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy download detected (malware-cnc.rules)
 * 1:32221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy download detected (malware-cnc.rules)
 * 1:32222 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Liroospu variant outbound connection (malware-cnc.rules)
 * 1:32225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall variant outbound connection (malware-cnc.rules)
 * 1:32243 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Clemint variant outbound connection (malware-cnc.rules)
 * 1:32250 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hydraq.variant outbound detected (malware-cnc.rules)
 * 1:32270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba variant outbound connection (malware-cnc.rules)
 * 1:32272 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Hesechca variant outbound connection (malware-cnc.rules)
 * 1:32285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zoxpng variant outbound connection (malware-cnc.rules)
 * 1:32287 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sapertilz variant outbound connection (malware-cnc.rules)
 * 1:32289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules)
 * 1:32290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules)
 * 1:32291 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules)
 * 1:32292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules)
 * 1:32293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Acanas variant outbound connection (malware-cnc.rules)
 * 1:32294 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent BloodguyBrowser-_- (malware-cnc.rules)
 * 1:32295 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string http - Win.Trojan.Waski (malware-cnc.rules)
 * 1:32296 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string update - Win.Trojan.Waski (malware-cnc.rules)
 * 1:32310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli variant outbound connection (malware-cnc.rules)
 * 1:32311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rehtesyk outbound connection (malware-cnc.rules)
 * 1:32312 <-> DISABLED <-> MALWARE-CNC FrameworkPOS data exfiltration through DNS - beacon message (malware-cnc.rules)
 * 1:32328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant download request (malware-cnc.rules)
 * 1:32329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules)
 * 1:32330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules)
 * 1:32331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules)
 * 1:32332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hancitor variant outbound connection (malware-cnc.rules)
 * 1:32333 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string fast uax (malware-cnc.rules)
 * 1:32334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stantinko variant outbound connection (malware-cnc.rules)
 * 1:32338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ropest variant outbound connection (malware-cnc.rules)
 * 1:32341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cakwerd variant outbound connection (malware-cnc.rules)
 * 1:32343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant inbound spam attempt (malware-cnc.rules)
 * 1:32344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound spam attempt (malware-cnc.rules)
 * 1:32354 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsune variant outbound connection (malware-cnc.rules)
 * 1:32357 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Akaza variant outbound connection (malware-cnc.rules)
 * 1:32367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GameOverZeus variant outbound connection (malware-cnc.rules)
 * 1:32368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex variant outbound connection (malware-cnc.rules)
 * 1:32372 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drepitt variant outbound connection (malware-cnc.rules)
 * 1:32373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Broonject variant outbound connection (malware-cnc.rules)
 * 1:32374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:32379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Baccamun variant outbound connection (malware-cnc.rules)
 * 1:32383 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - connect - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:32384 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - myupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:32394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules)
 * 1:32395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules)
 * 1:32396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules)
 * 1:32397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules)
 * 1:32400 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Parama attempted outbound connection (malware-cnc.rules)
 * 1:32401 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Kivars outbound connection (malware-cnc.rules)
 * 1:32402 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent globalupdate - Osx.Trojan.Wirelurker (malware-cnc.rules)
 * 1:32451 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backoff initial outbound connection (malware-cnc.rules)
 * 1:32455 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VUPHTTP - Win.Trojan.Puvespia (malware-cnc.rules)
 * 1:32456 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Effseart variant outbound connection (malware-cnc.rules)
 * 1:32457 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Effseart variant inbound connection (malware-cnc.rules)
 * 1:32464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker variant outbound connection (malware-cnc.rules)
 * 1:32469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankeiya outbound connection (malware-cnc.rules)
 * 1:32486 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Exadog outbound connection (malware-cnc.rules)
 * 1:32487 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Exadog variant outbound connection (malware-cnc.rules)
 * 1:32493 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA variant outbound connection (malware-cnc.rules)
 * 1:32494 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA variant outbound connection (malware-cnc.rules)
 * 1:32504 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (malware-cnc.rules)
 * 1:32505 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (malware-cnc.rules)
 * 1:32506 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Secdeskinf outbound connection (malware-cnc.rules)
 * 1:32510 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.PiltabeA outbound connection (malware-cnc.rules)
 * 1:32511 <-> DISABLED <-> MALWARE-CNC PCRat variant outbound connection (malware-cnc.rules)
 * 1:32512 <-> DISABLED <-> MALWARE-CNC PCRat variant outbound connection (malware-cnc.rules)
 * 1:32513 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Havex outbound connection (malware-cnc.rules)
 * 1:32521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 2.0 possible TOR client retrieval attempt (malware-cnc.rules)
 * 1:32529 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Vkont variant outbound connection (malware-cnc.rules)
 * 1:32548 <-> DISABLED <-> MALWARE-CNC Mac.Backdoor.iWorm attempted outbound connection (malware-cnc.rules)
 * 1:32550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Extant variant outbound connection (malware-cnc.rules)
 * 1:32551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coreshell variant outbound connection (malware-cnc.rules)
 * 1:32556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayoboiz outbound connection (malware-cnc.rules)
 * 1:32557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayoboiz outbound connection (malware-cnc.rules)
 * 1:32583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:32584 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:32585 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:32586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:32598 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad file wipe attempt (malware-cnc.rules)
 * 1:32599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad outbound connection (malware-cnc.rules)
 * 1:32600 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad file wipe attempt (malware-cnc.rules)
 * 1:32604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Geodo variant outbound connection (malware-cnc.rules)
 * 1:32605 <-> DISABLED <-> MALWARE-CNC Win.Worm.Jenxcus variant outbound connection (malware-cnc.rules)
 * 1:32606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral variant outbound connection (malware-cnc.rules)
 * 1:32607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt (malware-cnc.rules)
 * 1:32608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt (malware-cnc.rules)
 * 1:32609 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (malware-cnc.rules)
 * 1:32610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive (malware-cnc.rules)
 * 1:32613 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jadowndec attempted outbound connection (malware-cnc.rules)
 * 1:32614 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jadowndec attempted outbound connection (malware-cnc.rules)
 * 1:32621 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules)
 * 1:32624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules)
 * 1:32645 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RUpdate (malware-cnc.rules)
 * 1:32665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chopstick variant outbound request (malware-cnc.rules)
 * 1:32667 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chopstick variant outbound request (malware-cnc.rules)
 * 1:32674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wiper variant outbound connection (malware-cnc.rules)
 * 1:32677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules)
 * 1:32678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules)
 * 1:32706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:32727 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Uclinu variant outbound connection (malware-cnc.rules)
 * 1:32728 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Olegb variant outbound connection (malware-cnc.rules)
 * 1:32734 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Typideg variant outbound connection (malware-cnc.rules)
 * 1:32735 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoPHP variant outbound connection (malware-cnc.rules)
 * 1:32736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoPHP variant outbound connection (malware-cnc.rules)
 * 1:32743 <-> DISABLED <-> MALWARE-CNC VGABot IRC communication attempt (malware-cnc.rules)
 * 1:32747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragebot variant outbound connection (malware-cnc.rules)
 * 1:32769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WOWCheckC Attempted CNC (malware-cnc.rules)
 * 1:32770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:32776 <-> DISABLED <-> MALWARE-CNC FIN4 VBA Macro credentials upload attempt (malware-cnc.rules)
 * 1:32780 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (malware-cnc.rules)
 * 1:32781 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (malware-cnc.rules)
 * 1:32791 <-> DISABLED <-> MALWARE-CNC Win.Virus.Ransomlock outbound connection (malware-cnc.rules)
 * 1:32792 <-> DISABLED <-> MALWARE-CNC Win.Virus.Ransomlock inbound connection (malware-cnc.rules)
 * 1:32823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection (malware-cnc.rules)
 * 1:32824 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel variant outbound connection (malware-cnc.rules)
 * 1:32825 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection (malware-cnc.rules)
 * 1:32826 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel data upload attempt (malware-cnc.rules)
 * 1:32827 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel response connection attempt (malware-cnc.rules)
 * 1:32852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection (malware-cnc.rules)
 * 1:32853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection (malware-cnc.rules)
 * 1:32854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Loodir outbound connection (malware-cnc.rules)
 * 1:32882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ksypypro outbound connection (malware-cnc.rules)
 * 1:32891 <-> DISABLED <-> MALWARE-CNC Php.Malware.SoakSoakRedirect Malware traffic containing WordPress Administrator credentials (malware-cnc.rules)
 * 1:32892 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorLocker variant outbound connection (malware-cnc.rules)
 * 1:32893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Finforst outbound connection (malware-cnc.rules)
 * 1:32908 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules)
 * 1:32909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules)
 * 1:32910 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules)
 * 1:32950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bladabindi variant outbound connection (malware-cnc.rules)
 * 1:32956 <-> DISABLED <-> MALWARE-CNC Android.CoolReaper.Trojan outbound connection (malware-cnc.rules)
 * 1:32957 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound SOAP connection attempt (malware-cnc.rules)
 * 1:32958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot response connection attempt (malware-cnc.rules)
 * 1:32973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Twerket variant outbound connection (malware-cnc.rules)
 * 1:32976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluos variant outbound connection (malware-cnc.rules)
 * 1:32977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluos variant outbound connection (malware-cnc.rules)
 * 1:32978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules)
 * 1:32979 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules)
 * 1:32980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - multi-browser (malware-cnc.rules)
 * 1:32986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toopu dll embedded in png download attempt (malware-cnc.rules)
 * 1:32987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:32988 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:32989 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:32990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toopu outbound connection (malware-cnc.rules)
 * 1:33047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - realupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Joanap outbound connection (malware-cnc.rules)
 * 1:33058 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant inbound connection (malware-cnc.rules)
 * 1:33059 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant outbound connection (malware-cnc.rules)
 * 1:33060 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant outbound connection (malware-cnc.rules)
 * 1:33061 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lagulon.A outbound connection (malware-cnc.rules)
 * 1:33081 <-> DISABLED <-> MALWARE-CNC OnionDuke variant outbound connection (malware-cnc.rules)
 * 1:33082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nocpos initial outbound connection (malware-cnc.rules)
 * 1:33083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nocpos information disclosure attempt (malware-cnc.rules)
 * 1:33084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tosct variant outbound connection (malware-cnc.rules)
 * 1:33145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules)
 * 1:33148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules)
 * 1:33149 <-> DISABLED <-> MALWARE-CNC Win.Worm.Ultramine outbound connection (malware-cnc.rules)
 * 1:33152 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nurjax.A outbound connection (malware-cnc.rules)
 * 1:33153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Heur variant outbound connection (malware-cnc.rules)
 * 1:33161 <-> DISABLED <-> MALWARE-CNC Win.Spyware.Rombertik outbound connection (malware-cnc.rules)
 * 1:33165 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poweliks outbound connection (malware-cnc.rules)
 * 1:33199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Sabeba outbound connection (malware-cnc.rules)
 * 1:33200 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pisces variant outbound connection (malware-cnc.rules)
 * 1:33207 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mazilla/5.0 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules)
 * 1:33217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuovoscor variant outbound connection (malware-cnc.rules)
 * 1:33218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cendode system information disclosure attempt (malware-cnc.rules)
 * 1:33219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue variant outbound connection (malware-cnc.rules)
 * 1:33220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye keylogger exfiltration attempt (malware-cnc.rules)
 * 1:33221 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules)
 * 1:33222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules)
 * 1:33223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules)
 * 1:33227 <-> DISABLED <-> MALWARE-CNC Win.Agent.BHHK variant outbound connection (malware-cnc.rules)
 * 1:33228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules)
 * 1:33230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33231 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox/5.0 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33232 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - AppUpdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33233 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-1 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33234 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2508Inst - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33235 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-2 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33236 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2808inst - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33237 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Player - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33238 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Wurst - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33239 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Installer/1.0 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33240 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - FixUpdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33242 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Explorer - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33243 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozilla - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)

2020-10-15 12:57:43 UTC

Snort Subscriber Rules Update

Date: 2020-10-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56004 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CMW 100 cross site scripting attempt (server-webapp.rules)
 * 1:56003 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant initial outbound request detected (malware-cnc.rules)
 * 1:55999 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules)
 * 1:56008 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt (browser-webkit.rules)
 * 1:56007 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules)
 * 1:56006 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules)
 * 1:56000 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules)
 * 1:56005 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules)
 * 1:56002 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CMW 100 SQL injection attempt (server-webapp.rules)
 * 1:56001 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules)
 * 1:56009 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt (browser-webkit.rules)

Modified Rules:


 * 1:34002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules)
 * 1:33865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33821 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:34282 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:34263 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:34246 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AAEH variant outbound connection (malware-cnc.rules)
 * 1:34038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:33885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules)
 * 1:34217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aytoke variant outbound connection (malware-cnc.rules)
 * 1:34181 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:33990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules)
 * 1:33852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules)
 * 1:33862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33966 <-> DISABLED <-> MALWARE-CNC Win.Worm.Mafusc variant outbound connection (malware-cnc.rules)
 * 1:34005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBPasswordStealer variant outbound connection (malware-cnc.rules)
 * 1:33851 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules)
 * 1:34136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant MSSQL response (malware-cnc.rules)
 * 1:34003 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules)
 * 1:34223 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Yebot variant outbound connection (malware-cnc.rules)
 * 1:33997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules)
 * 1:33857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PwnPOS data exfiltration attempt (malware-cnc.rules)
 * 1:33913 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Concbak outbound connection (malware-cnc.rules)
 * 1:34161 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Punkey outbound connection (malware-cnc.rules)
 * 1:34028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bruecimig variant outbound connection (malware-cnc.rules)
 * 1:34214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Capimac variant outbound connection (malware-cnc.rules)
 * 1:34050 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nepigon variant outbound connection (malware-cnc.rules)
 * 1:33891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Amasages variant outbound connection (malware-cnc.rules)
 * 1:34111 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chrozil variant outbound connection (malware-cnc.rules)
 * 1:34262 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:34216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (malware-cnc.rules)
 * 1:33863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33868 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:34032 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:33931 <-> DISABLED <-> MALWARE-CNC Win.Worm.Goldrv variant outbound connection (malware-cnc.rules)
 * 1:34011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:33992 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules)
 * 1:33933 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Penget variant outbound connection (malware-cnc.rules)
 * 1:34030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34049 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.EvilBunny variant outbound connection (malware-cnc.rules)
 * 1:33884 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string dolit (malware-cnc.rules)
 * 1:33912 <-> DISABLED <-> MALWARE-CNC Cryptofortress Decryption Software Purchase Tor Website (malware-cnc.rules)
 * 1:34143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypvault outbound connection (malware-cnc.rules)
 * 1:33930 <-> DISABLED <-> MALWARE-CNC Vicepass outbound connection initial request to the CNC sending system information (malware-cnc.rules)
 * 1:33886 <-> DISABLED <-> MALWARE-CNC WIn.Trojan.HawkEye keylogger variant outbound connection (malware-cnc.rules)
 * 1:33831 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent DownloadMR - Solimba (malware-cnc.rules)
 * 1:34036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:33864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:34128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WIntruder outbound connection (malware-cnc.rules)
 * 1:33859 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:34013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ayuther variant outbound connection (malware-cnc.rules)
 * 1:34009 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34138 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Netkrypt inbound response (malware-cnc.rules)
 * 1:34052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NewPos outbound connection (malware-cnc.rules)
 * 1:34117 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zupdax variant outbound connection (malware-cnc.rules)
 * 1:34045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eitenckay initial outbound connection (malware-cnc.rules)
 * 1:33907 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - KAIIOOOO871 - Win.Trojan.Dridex (malware-cnc.rules)
 * 1:33861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:34004 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34025 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules)
 * 1:33985 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.ChinaZ outbound connection (malware-cnc.rules)
 * 1:33876 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules)
 * 1:33878 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules)
 * 1:33994 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Beshida outbound connection (malware-cnc.rules)
 * 1:33877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules)
 * 1:34116 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules)
 * 1:34041 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Igliveforg variant initial outbound connection (malware-cnc.rules)
 * 1:34140 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbound connection (malware-cnc.rules)
 * 1:34182 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:33893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules)
 * 1:33866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:34001 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules)
 * 1:34037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nanocore variant outbound connection (malware-cnc.rules)
 * 1:34035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:33883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadtre variant outbound connection (malware-cnc.rules)
 * 1:33932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tempedreve Samba probe (malware-cnc.rules)
 * 1:34010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:33867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:34034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules)
 * 1:34130 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:34155 <-> DISABLED <-> MALWARE-CNC MacOS.Backdoor.Xslcmd outbound connection (malware-cnc.rules)
 * 1:33989 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules)
 * 1:33873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tepoyx outbound connection detection (malware-cnc.rules)
 * 1:34044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Exacrytion variant outbound connection (malware-cnc.rules)
 * 1:32397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules)
 * 1:34008 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:33914 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Barys (malware-cnc.rules)
 * 1:33993 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules)
 * 1:34183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:33854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LogPOS variant outbound connection (malware-cnc.rules)
 * 1:34042 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Igliveforg variant outbound connection (malware-cnc.rules)
 * 1:33892 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xerq outbound connection (malware-cnc.rules)
 * 1:34108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarsi variant outbound connection (malware-cnc.rules)
 * 1:34033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34046 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expilan variant outbound connection (malware-cnc.rules)
 * 1:33872 <-> DISABLED <-> MALWARE-CNC Win.Worm.Urahu outbound connection (malware-cnc.rules)
 * 1:34132 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Erotimpact variant outbound connection (malware-cnc.rules)
 * 1:33996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules)
 * 1:34039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banklaed variant outbound connection (malware-cnc.rules)
 * 1:34115 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules)
 * 1:34113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent beacon reply attempt (malware-cnc.rules)
 * 1:33860 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:34283 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:34261 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:34006 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:33879 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules)
 * 1:34007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34280 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules)
 * 1:31820 <-> DISABLED <-> MALWARE-CNC Win.Banker.Delf variant outbound connection (malware-cnc.rules)
 * 1:34286 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mudrop variant outbound connection (malware-cnc.rules)
 * 1:33822 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:32400 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Parama attempted outbound connection (malware-cnc.rules)
 * 1:32401 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Kivars outbound connection (malware-cnc.rules)
 * 1:32402 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent globalupdate - Osx.Trojan.Wirelurker (malware-cnc.rules)
 * 1:32451 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backoff initial outbound connection (malware-cnc.rules)
 * 1:32455 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VUPHTTP - Win.Trojan.Puvespia (malware-cnc.rules)
 * 1:32456 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Effseart variant outbound connection (malware-cnc.rules)
 * 1:32457 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Effseart variant inbound connection (malware-cnc.rules)
 * 1:32464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker variant outbound connection (malware-cnc.rules)
 * 1:32469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankeiya outbound connection (malware-cnc.rules)
 * 1:32486 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Exadog outbound connection (malware-cnc.rules)
 * 1:32487 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Exadog variant outbound connection (malware-cnc.rules)
 * 1:32493 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA variant outbound connection (malware-cnc.rules)
 * 1:32494 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA variant outbound connection (malware-cnc.rules)
 * 1:32504 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (malware-cnc.rules)
 * 1:32505 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (malware-cnc.rules)
 * 1:32506 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Secdeskinf outbound connection (malware-cnc.rules)
 * 1:31826 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant HTTP Response (malware-cnc.rules)
 * 1:31827 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules)
 * 1:31828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jabberbot variant outbound connection (malware-cnc.rules)
 * 1:31832 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pfinet outbound connection (malware-cnc.rules)
 * 1:31833 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chkbot outbound connection (malware-cnc.rules)
 * 1:31834 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Delorado variant outbound connection (malware-cnc.rules)
 * 1:31835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yesudac variant outbound connection (malware-cnc.rules)
 * 1:31836 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Seribe variant outbound connection (malware-cnc.rules)
 * 1:31837 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retgate variant outbound connection (malware-cnc.rules)
 * 1:31883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Waterspout outbound connection (malware-cnc.rules)
 * 1:31885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Threebyte variant outbound connection (malware-cnc.rules)
 * 1:31895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toupi variant outbound connection (malware-cnc.rules)
 * 1:31897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (malware-cnc.rules)
 * 1:31904 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:31907 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Honerep variant outbound connection (malware-cnc.rules)
 * 1:31909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Basostab variant outbound connection (malware-cnc.rules)
 * 1:31911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Gareme variant outbound connection (malware-cnc.rules)
 * 1:31913 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maozhi variant outbound connection (malware-cnc.rules)
 * 1:31915 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Ziyazo variant outbound connection (malware-cnc.rules)
 * 1:31916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:31923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant HTTP response attempt (malware-cnc.rules)
 * 1:31924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:31925 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Jynxkit outbound connection (malware-cnc.rules)
 * 1:31928 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Becontr variant outbound connection (malware-cnc.rules)
 * 1:31929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules)
 * 1:31930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules)
 * 1:31941 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Pedrp variant outbound connection (malware-cnc.rules)
 * 1:31947 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - HttpCall - Win.Trojan.Rukypee (malware-cnc.rules)
 * 1:31948 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MyProgramm - Win.Trojan.Rukypee (malware-cnc.rules)
 * 1:31949 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Skypee - Win.Trojan.Rukypee (malware-cnc.rules)
 * 1:31954 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules)
 * 1:31955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules)
 * 1:31957 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Torct variant outbound connection (malware-cnc.rules)
 * 1:31964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:31973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chebri variant outbound connection (malware-cnc.rules)
 * 1:31974 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zegorg variant outbound connection (malware-cnc.rules)
 * 1:31990 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Install - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:31991 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Treck - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:31992 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31993 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31994 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:32510 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.PiltabeA outbound connection (malware-cnc.rules)
 * 1:31996 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31997 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31998 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31999 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:32000 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:32001 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:32002 <-> DISABLED <-> MALWARE-CNC Win.Worm.Zorenium variant outbound connection (malware-cnc.rules)
 * 1:32009 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder inbound connection attempt - command (malware-cnc.rules)
 * 1:32010 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder outbound telnet connection attempt (malware-cnc.rules)
 * 1:32011 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder outbound connection (malware-cnc.rules)
 * 1:32012 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Bipamid variant outbound connection (malware-cnc.rules)
 * 1:32013 <-> DISABLED <-> MALWARE-CNC Linux.Worm.Darlloz variant outbound connection (malware-cnc.rules)
 * 1:32015 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zeus variant outbound connection (malware-cnc.rules)
 * 1:32016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Menteni variant outbound connection (malware-cnc.rules)
 * 1:32017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Memlog SMB file transfer (malware-cnc.rules)
 * 1:32018 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Hupigon.NYK variant outbound connection (malware-cnc.rules)
 * 1:32020 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Krompt variant outbound connection (malware-cnc.rules)
 * 1:32023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinpid variant outbound connection (malware-cnc.rules)
 * 1:32028 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Klabcon variant outbound connection (malware-cnc.rules)
 * 1:32030 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Decibal - Win.Trojan.Decibal (malware-cnc.rules)
 * 1:32031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Decibal variant outbound connection (malware-cnc.rules)
 * 1:32033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larosden variant outbound connection (malware-cnc.rules)
 * 1:32034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larefervt variant outbound connection (malware-cnc.rules)
 * 1:32035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boleteiro variant outbound connection (malware-cnc.rules)
 * 1:32036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Somoca vaniant outbound connection (malware-cnc.rules)
 * 1:32037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload.awt variant outbound connection (malware-cnc.rules)
 * 1:32048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lecpetex variant outbound connection (malware-cnc.rules)
 * 1:32050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Larosden variant outbound connection (malware-cnc.rules)
 * 1:31995 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:32052 <-> DISABLED <-> MALWARE-CNC User-Agent Xsser mRAT user-agent (malware-cnc.rules)
 * 1:32511 <-> DISABLED <-> MALWARE-CNC PCRat variant outbound connection (malware-cnc.rules)
 * 1:32512 <-> DISABLED <-> MALWARE-CNC PCRat variant outbound connection (malware-cnc.rules)
 * 1:32513 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Havex outbound connection (malware-cnc.rules)
 * 1:32521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 2.0 possible TOR client retrieval attempt (malware-cnc.rules)
 * 1:32529 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Vkont variant outbound connection (malware-cnc.rules)
 * 1:32548 <-> DISABLED <-> MALWARE-CNC Mac.Backdoor.iWorm attempted outbound connection (malware-cnc.rules)
 * 1:32550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Extant variant outbound connection (malware-cnc.rules)
 * 1:32551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coreshell variant outbound connection (malware-cnc.rules)
 * 1:32556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayoboiz outbound connection (malware-cnc.rules)
 * 1:32557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayoboiz outbound connection (malware-cnc.rules)
 * 1:32583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:32584 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:32585 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:32586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:32598 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad file wipe attempt (malware-cnc.rules)
 * 1:32599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad outbound connection (malware-cnc.rules)
 * 1:32600 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad file wipe attempt (malware-cnc.rules)
 * 1:32604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Geodo variant outbound connection (malware-cnc.rules)
 * 1:32605 <-> DISABLED <-> MALWARE-CNC Win.Worm.Jenxcus variant outbound connection (malware-cnc.rules)
 * 1:32606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral variant outbound connection (malware-cnc.rules)
 * 1:32607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt (malware-cnc.rules)
 * 1:32608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt (malware-cnc.rules)
 * 1:32609 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (malware-cnc.rules)
 * 1:32610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive (malware-cnc.rules)
 * 1:32613 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jadowndec attempted outbound connection (malware-cnc.rules)
 * 1:32614 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jadowndec attempted outbound connection (malware-cnc.rules)
 * 1:32621 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules)
 * 1:32624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules)
 * 1:32645 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RUpdate (malware-cnc.rules)
 * 1:32665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chopstick variant outbound request (malware-cnc.rules)
 * 1:32667 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chopstick variant outbound request (malware-cnc.rules)
 * 1:32674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wiper variant outbound connection (malware-cnc.rules)
 * 1:32677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules)
 * 1:32678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules)
 * 1:32706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:32727 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Uclinu variant outbound connection (malware-cnc.rules)
 * 1:32728 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Olegb variant outbound connection (malware-cnc.rules)
 * 1:32734 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Typideg variant outbound connection (malware-cnc.rules)
 * 1:32735 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoPHP variant outbound connection (malware-cnc.rules)
 * 1:32736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoPHP variant outbound connection (malware-cnc.rules)
 * 1:32743 <-> DISABLED <-> MALWARE-CNC VGABot IRC communication attempt (malware-cnc.rules)
 * 1:32747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragebot variant outbound connection (malware-cnc.rules)
 * 1:32769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WOWCheckC Attempted CNC (malware-cnc.rules)
 * 1:32770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:32776 <-> DISABLED <-> MALWARE-CNC FIN4 VBA Macro credentials upload attempt (malware-cnc.rules)
 * 1:32780 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (malware-cnc.rules)
 * 1:32781 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (malware-cnc.rules)
 * 1:32791 <-> DISABLED <-> MALWARE-CNC Win.Virus.Ransomlock outbound connection (malware-cnc.rules)
 * 1:32792 <-> DISABLED <-> MALWARE-CNC Win.Virus.Ransomlock inbound connection (malware-cnc.rules)
 * 1:32823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection (malware-cnc.rules)
 * 1:32824 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel variant outbound connection (malware-cnc.rules)
 * 1:32825 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection (malware-cnc.rules)
 * 1:32826 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel data upload attempt (malware-cnc.rules)
 * 1:32827 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel response connection attempt (malware-cnc.rules)
 * 1:32852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection (malware-cnc.rules)
 * 1:32853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection (malware-cnc.rules)
 * 1:32854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Loodir outbound connection (malware-cnc.rules)
 * 1:32882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ksypypro outbound connection (malware-cnc.rules)
 * 1:32891 <-> DISABLED <-> MALWARE-CNC Php.Malware.SoakSoakRedirect Malware traffic containing WordPress Administrator credentials (malware-cnc.rules)
 * 1:32892 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorLocker variant outbound connection (malware-cnc.rules)
 * 1:32893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Finforst outbound connection (malware-cnc.rules)
 * 1:32908 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules)
 * 1:32909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules)
 * 1:32910 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules)
 * 1:32950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bladabindi variant outbound connection (malware-cnc.rules)
 * 1:32956 <-> DISABLED <-> MALWARE-CNC Android.CoolReaper.Trojan outbound connection (malware-cnc.rules)
 * 1:32957 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound SOAP connection attempt (malware-cnc.rules)
 * 1:32958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot response connection attempt (malware-cnc.rules)
 * 1:32973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Twerket variant outbound connection (malware-cnc.rules)
 * 1:32976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluos variant outbound connection (malware-cnc.rules)
 * 1:32977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluos variant outbound connection (malware-cnc.rules)
 * 1:32978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules)
 * 1:32979 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules)
 * 1:32980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - multi-browser (malware-cnc.rules)
 * 1:32986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toopu dll embedded in png download attempt (malware-cnc.rules)
 * 1:32987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:32988 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:32989 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:32990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toopu outbound connection (malware-cnc.rules)
 * 1:33047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - realupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Joanap outbound connection (malware-cnc.rules)
 * 1:33058 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant inbound connection (malware-cnc.rules)
 * 1:33059 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant outbound connection (malware-cnc.rules)
 * 1:33060 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant outbound connection (malware-cnc.rules)
 * 1:33061 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lagulon.A outbound connection (malware-cnc.rules)
 * 1:33081 <-> DISABLED <-> MALWARE-CNC OnionDuke variant outbound connection (malware-cnc.rules)
 * 1:33082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nocpos initial outbound connection (malware-cnc.rules)
 * 1:33083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nocpos information disclosure attempt (malware-cnc.rules)
 * 1:33084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tosct variant outbound connection (malware-cnc.rules)
 * 1:33145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules)
 * 1:33148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules)
 * 1:33149 <-> DISABLED <-> MALWARE-CNC Win.Worm.Ultramine outbound connection (malware-cnc.rules)
 * 1:33152 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nurjax.A outbound connection (malware-cnc.rules)
 * 1:33153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Heur variant outbound connection (malware-cnc.rules)
 * 1:33161 <-> DISABLED <-> MALWARE-CNC Win.Spyware.Rombertik outbound connection (malware-cnc.rules)
 * 1:33165 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poweliks outbound connection (malware-cnc.rules)
 * 1:33199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Sabeba outbound connection (malware-cnc.rules)
 * 1:33200 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pisces variant outbound connection (malware-cnc.rules)
 * 1:33207 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mazilla/5.0 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules)
 * 1:33217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuovoscor variant outbound connection (malware-cnc.rules)
 * 1:33218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cendode system information disclosure attempt (malware-cnc.rules)
 * 1:33219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue variant outbound connection (malware-cnc.rules)
 * 1:33220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye keylogger exfiltration attempt (malware-cnc.rules)
 * 1:33221 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules)
 * 1:33222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules)
 * 1:33223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules)
 * 1:33227 <-> DISABLED <-> MALWARE-CNC Win.Agent.BHHK variant outbound connection (malware-cnc.rules)
 * 1:33228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules)
 * 1:33230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33231 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox/5.0 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33232 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - AppUpdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33233 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-1 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33234 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2508Inst - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33235 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-2 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33236 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2808inst - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33237 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Player - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33238 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Wurst - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33239 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Installer/1.0 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33240 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - FixUpdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33242 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Explorer - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33243 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozilla - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33244 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33245 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera10 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33246 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - OperaMini - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33248 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Peers12 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33249 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SLSSoapClient - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33250 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Tintin - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33251 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - USER_CHECK - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33252 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - WATClient - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33253 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - bbbbbbbbbb - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33254 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - hi - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33255 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - iMacros - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33256 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - macrotest - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33257 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlymacros - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33258 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Updates downloader - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33259 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - testupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33260 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlyupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33282 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules)
 * 1:33284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.OnLineGames variant outbound connection (malware-cnc.rules)
 * 1:33285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bavload outbound download request attempt (malware-cnc.rules)
 * 1:33289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rawpos incoming backdoor connection attempt (malware-cnc.rules)
 * 1:33299 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foxy variant outbound connection (malware-cnc.rules)
 * 1:33305 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rubinurd variant outbound connection (malware-cnc.rules)
 * 1:33328 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules)
 * 1:33329 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules)
 * 1:33330 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules)
 * 1:33342 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules)
 * 1:33411 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules)
 * 1:33431 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gefetroe variant outbound connection (malware-cnc.rules)
 * 1:33443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:33444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules)
 * 1:33449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileEncoder IP geolocation checkin attempt (malware-cnc.rules)
 * 1:33450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileEncoder variant outbound connection (malware-cnc.rules)
 * 1:33453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules)
 * 1:33456 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules)
 * 1:33457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:33464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dynamer variant outbound connection (malware-cnc.rules)
 * 1:33481 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Xnote outbound connection (malware-cnc.rules)
 * 1:33482 <-> DISABLED <-> MALWARE-CNC Win.Worm.Enosch variant outbound connection (malware-cnc.rules)
 * 1:33496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda variant outbound connection (malware-cnc.rules)
 * 1:33513 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - XAgent - Operation Pawn Storm (malware-cnc.rules)
 * 1:33519 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ALIZER (malware-cnc.rules)
 * 1:33520 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy inbound CNC response (malware-cnc.rules)
 * 1:33521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (malware-cnc.rules)
 * 1:33522 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - DNS Changer (malware-cnc.rules)
 * 1:33523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (malware-cnc.rules)
 * 1:33524 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (malware-cnc.rules)
 * 1:33543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules)
 * 1:33545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules)
 * 1:33546 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules)
 * 1:33547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Turla outbound connection (malware-cnc.rules)
 * 1:33594 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules)
 * 1:33620 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.lubot outbound connection (malware-cnc.rules)
 * 1:33621 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.lubot outbound connection (malware-cnc.rules)
 * 1:33633 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Downing - Win.Trojan.Otwycal (malware-cnc.rules)
 * 1:33646 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:33647 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:33648 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:33649 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Google Omaha - Win.Trojan.ExtenBro (malware-cnc.rules)
 * 1:33650 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba outbound connection (malware-cnc.rules)
 * 1:33674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules)
 * 1:33675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules)
 * 1:33677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Babar outbound connection (malware-cnc.rules)
 * 1:33678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FannyWorm outbound connection (malware-cnc.rules)
 * 1:33704 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33745 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33749 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33750 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:33819 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:33820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:32054 <-> DISABLED <-> MALWARE-CNC Xsser mRAT file upload (malware-cnc.rules)
 * 1:32053 <-> DISABLED <-> MALWARE-CNC Xsser mRAT GPS data upload (malware-cnc.rules)
 * 1:32058 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Masatekar variant outbound connection (malware-cnc.rules)
 * 1:32060 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent string - httptestman - Win.Backdoor.Rabasheeta (malware-cnc.rules)
 * 1:32061 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Nekill variant outbound connection (malware-cnc.rules)
 * 1:32065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox inbound connection (malware-cnc.rules)
 * 1:32066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox outbound connection (malware-cnc.rules)
 * 1:32067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox outbound connection (malware-cnc.rules)
 * 1:32071 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zapchast variant outbound connection (malware-cnc.rules)
 * 1:32072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot configuration download attempt (malware-cnc.rules)
 * 1:31824 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:32073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot outbound connection (malware-cnc.rules)
 * 1:32074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot payload download attempt (malware-cnc.rules)
 * 1:32075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small variant outbound connection (malware-cnc.rules)
 * 1:32086 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Corkow variant outbound connection (malware-cnc.rules)
 * 1:32090 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saaglup variant outbound connection (malware-cnc.rules)
 * 1:32091 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.PcertStealer variant outbound connection (malware-cnc.rules)
 * 1:32093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:32096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Puver variant outbound connection (malware-cnc.rules)
 * 1:32121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (malware-cnc.rules)
 * 1:32123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:32125 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - update - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:32126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lizarbot outbound connection (malware-cnc.rules)
 * 1:32129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:32130 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:32175 <-> DISABLED <-> MALWARE-CNC Osx.Backdoor.iWorm variant outbound connection (malware-cnc.rules)
 * 1:32179 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Plugx variant outbound connection (malware-cnc.rules)
 * 1:32180 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.ZxShell connection incoming attempt (malware-cnc.rules)
 * 1:32181 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.ZxShell connection outgoing attempt (malware-cnc.rules)
 * 1:32192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zxshell variant outbound connection (malware-cnc.rules)
 * 1:32193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dubrute variant outbound connection (malware-cnc.rules)
 * 1:32194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dubrute variant outbound connection (malware-cnc.rules)
 * 1:32195 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Palebot variant outbound connection (malware-cnc.rules)
 * 1:32196 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:32197 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zerolocker variant outbound connection (malware-cnc.rules)
 * 1:32198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mujormel outbound connection (malware-cnc.rules)
 * 1:32202 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Soaphrish variant outbound connection (malware-cnc.rules)
 * 1:32220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy download detected (malware-cnc.rules)
 * 1:32221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy download detected (malware-cnc.rules)
 * 1:32222 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Liroospu variant outbound connection (malware-cnc.rules)
 * 1:32225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall variant outbound connection (malware-cnc.rules)
 * 1:32243 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Clemint variant outbound connection (malware-cnc.rules)
 * 1:32250 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hydraq.variant outbound detected (malware-cnc.rules)
 * 1:32270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba variant outbound connection (malware-cnc.rules)
 * 1:32272 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Hesechca variant outbound connection (malware-cnc.rules)
 * 1:32285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zoxpng variant outbound connection (malware-cnc.rules)
 * 1:32287 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sapertilz variant outbound connection (malware-cnc.rules)
 * 1:32289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules)
 * 1:32290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules)
 * 1:32291 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules)
 * 1:32292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules)
 * 1:32293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Acanas variant outbound connection (malware-cnc.rules)
 * 1:32294 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent BloodguyBrowser-_- (malware-cnc.rules)
 * 1:32295 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string http - Win.Trojan.Waski (malware-cnc.rules)
 * 1:32296 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string update - Win.Trojan.Waski (malware-cnc.rules)
 * 1:32310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli variant outbound connection (malware-cnc.rules)
 * 1:32311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rehtesyk outbound connection (malware-cnc.rules)
 * 1:32312 <-> DISABLED <-> MALWARE-CNC FrameworkPOS data exfiltration through DNS - beacon message (malware-cnc.rules)
 * 1:32328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant download request (malware-cnc.rules)
 * 1:32329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules)
 * 1:32330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules)
 * 1:32331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules)
 * 1:32332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hancitor variant outbound connection (malware-cnc.rules)
 * 1:32333 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string fast uax (malware-cnc.rules)
 * 1:32334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stantinko variant outbound connection (malware-cnc.rules)
 * 1:32338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ropest variant outbound connection (malware-cnc.rules)
 * 1:32341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cakwerd variant outbound connection (malware-cnc.rules)
 * 1:32343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant inbound spam attempt (malware-cnc.rules)
 * 1:32344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound spam attempt (malware-cnc.rules)
 * 1:32354 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsune variant outbound connection (malware-cnc.rules)
 * 1:32357 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Akaza variant outbound connection (malware-cnc.rules)
 * 1:32367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GameOverZeus variant outbound connection (malware-cnc.rules)
 * 1:32368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex variant outbound connection (malware-cnc.rules)
 * 1:32372 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drepitt variant outbound connection (malware-cnc.rules)
 * 1:32373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Broonject variant outbound connection (malware-cnc.rules)
 * 1:32374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:32379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Baccamun variant outbound connection (malware-cnc.rules)
 * 1:32383 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - connect - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:32384 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - myupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:32394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules)
 * 1:34281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:32396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules)
 * 1:34289 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Plez outbound connection (malware-cnc.rules)
 * 1:34290 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Plez outbound connection (malware-cnc.rules)
 * 1:34291 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string crackim (malware-cnc.rules)
 * 1:34292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kraken outbound connection (malware-cnc.rules)
 * 1:34296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules)
 * 1:34297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules)
 * 1:34307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34308 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:40066 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.LokiBot (malware-cnc.rules)
 * 1:40067 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LokiBot outbound connection (malware-cnc.rules)
 * 1:46062 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules)
 * 1:46063 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules)
 * 1:46064 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules)
 * 1:48818 <-> ENABLED <-> MALWARE-CNC Js.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:32395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules)

2020-10-15 12:57:43 UTC

Snort Subscriber Rules Update

Date: 2020-10-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56000 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules)
 * 1:56007 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules)
 * 1:56005 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules)
 * 1:56006 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules)
 * 1:56009 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt (browser-webkit.rules)
 * 1:56008 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt (browser-webkit.rules)
 * 1:55999 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules)
 * 1:56003 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant initial outbound request detected (malware-cnc.rules)
 * 1:56002 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CMW 100 SQL injection attempt (server-webapp.rules)
 * 1:56004 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CMW 100 cross site scripting attempt (server-webapp.rules)
 * 1:56001 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules)

Modified Rules:


 * 1:34283 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:33851 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules)
 * 1:33864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33886 <-> DISABLED <-> MALWARE-CNC WIn.Trojan.HawkEye keylogger variant outbound connection (malware-cnc.rules)
 * 1:34009 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ayuther variant outbound connection (malware-cnc.rules)
 * 1:34138 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Netkrypt inbound response (malware-cnc.rules)
 * 1:34117 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zupdax variant outbound connection (malware-cnc.rules)
 * 1:34217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aytoke variant outbound connection (malware-cnc.rules)
 * 1:34038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:33990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules)
 * 1:34214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Capimac variant outbound connection (malware-cnc.rules)
 * 1:34008 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:33860 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules)
 * 1:34003 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules)
 * 1:33913 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Concbak outbound connection (malware-cnc.rules)
 * 1:34136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant MSSQL response (malware-cnc.rules)
 * 1:33931 <-> DISABLED <-> MALWARE-CNC Win.Worm.Goldrv variant outbound connection (malware-cnc.rules)
 * 1:34223 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Yebot variant outbound connection (malware-cnc.rules)
 * 1:34161 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Punkey outbound connection (malware-cnc.rules)
 * 1:34111 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chrozil variant outbound connection (malware-cnc.rules)
 * 1:34216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (malware-cnc.rules)
 * 1:33891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Amasages variant outbound connection (malware-cnc.rules)
 * 1:33879 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules)
 * 1:34002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules)
 * 1:34007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34006 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:33932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tempedreve Samba probe (malware-cnc.rules)
 * 1:34010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:33966 <-> DISABLED <-> MALWARE-CNC Win.Worm.Mafusc variant outbound connection (malware-cnc.rules)
 * 1:34012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34050 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nepigon variant outbound connection (malware-cnc.rules)
 * 1:34130 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:34155 <-> DISABLED <-> MALWARE-CNC MacOS.Backdoor.Xslcmd outbound connection (malware-cnc.rules)
 * 1:33873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tepoyx outbound connection detection (malware-cnc.rules)
 * 1:33989 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules)
 * 1:33884 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string dolit (malware-cnc.rules)
 * 1:34044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Exacrytion variant outbound connection (malware-cnc.rules)
 * 1:34183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:34042 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Igliveforg variant outbound connection (malware-cnc.rules)
 * 1:34047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBPasswordStealer variant outbound connection (malware-cnc.rules)
 * 1:34113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent beacon reply attempt (malware-cnc.rules)
 * 1:33862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules)
 * 1:34039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banklaed variant outbound connection (malware-cnc.rules)
 * 1:34132 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Erotimpact variant outbound connection (malware-cnc.rules)
 * 1:34128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WIntruder outbound connection (malware-cnc.rules)
 * 1:34026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules)
 * 1:33859 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:34045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eitenckay initial outbound connection (malware-cnc.rules)
 * 1:34025 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules)
 * 1:34004 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:33985 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.ChinaZ outbound connection (malware-cnc.rules)
 * 1:34049 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.EvilBunny variant outbound connection (malware-cnc.rules)
 * 1:33878 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules)
 * 1:33872 <-> DISABLED <-> MALWARE-CNC Win.Worm.Urahu outbound connection (malware-cnc.rules)
 * 1:34181 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:34041 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Igliveforg variant initial outbound connection (malware-cnc.rules)
 * 1:34140 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbound connection (malware-cnc.rules)
 * 1:34116 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules)
 * 1:34031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34001 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules)
 * 1:33863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadtre variant outbound connection (malware-cnc.rules)
 * 1:34261 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:33914 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Barys (malware-cnc.rules)
 * 1:34262 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:33745 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:34046 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expilan variant outbound connection (malware-cnc.rules)
 * 1:34280 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules)
 * 1:34246 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AAEH variant outbound connection (malware-cnc.rules)
 * 1:34263 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:34282 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:33876 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules)
 * 1:33930 <-> DISABLED <-> MALWARE-CNC Vicepass outbound connection initial request to the CNC sending system information (malware-cnc.rules)
 * 1:34030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:33933 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Penget variant outbound connection (malware-cnc.rules)
 * 1:33912 <-> DISABLED <-> MALWARE-CNC Cryptofortress Decryption Software Purchase Tor Website (malware-cnc.rules)
 * 1:34108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarsi variant outbound connection (malware-cnc.rules)
 * 1:33868 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:34011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:33857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PwnPOS data exfiltration attempt (malware-cnc.rules)
 * 1:33893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules)
 * 1:34035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypvault outbound connection (malware-cnc.rules)
 * 1:34219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nanocore variant outbound connection (malware-cnc.rules)
 * 1:33704 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33992 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules)
 * 1:33861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33821 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:33865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:34281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:33746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33749 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33750 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:33819 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:33820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:34286 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mudrop variant outbound connection (malware-cnc.rules)
 * 1:34289 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Plez outbound connection (malware-cnc.rules)
 * 1:34290 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Plez outbound connection (malware-cnc.rules)
 * 1:34291 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string crackim (malware-cnc.rules)
 * 1:34292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kraken outbound connection (malware-cnc.rules)
 * 1:34296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules)
 * 1:34297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules)
 * 1:34307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34308 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:40066 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.LokiBot (malware-cnc.rules)
 * 1:40067 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LokiBot outbound connection (malware-cnc.rules)
 * 1:46062 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules)
 * 1:46063 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules)
 * 1:46064 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules)
 * 1:48818 <-> ENABLED <-> MALWARE-CNC Js.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:33822 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:31820 <-> DISABLED <-> MALWARE-CNC Win.Banker.Delf variant outbound connection (malware-cnc.rules)
 * 1:31824 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:31826 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant HTTP Response (malware-cnc.rules)
 * 1:31827 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules)
 * 1:33242 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Explorer - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:31832 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pfinet outbound connection (malware-cnc.rules)
 * 1:31833 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chkbot outbound connection (malware-cnc.rules)
 * 1:31834 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Delorado variant outbound connection (malware-cnc.rules)
 * 1:31835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yesudac variant outbound connection (malware-cnc.rules)
 * 1:31836 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Seribe variant outbound connection (malware-cnc.rules)
 * 1:31837 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retgate variant outbound connection (malware-cnc.rules)
 * 1:31883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Waterspout outbound connection (malware-cnc.rules)
 * 1:31885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Threebyte variant outbound connection (malware-cnc.rules)
 * 1:31895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toupi variant outbound connection (malware-cnc.rules)
 * 1:31897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (malware-cnc.rules)
 * 1:31904 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:31907 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Honerep variant outbound connection (malware-cnc.rules)
 * 1:31909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Basostab variant outbound connection (malware-cnc.rules)
 * 1:31911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Gareme variant outbound connection (malware-cnc.rules)
 * 1:31913 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maozhi variant outbound connection (malware-cnc.rules)
 * 1:31915 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Ziyazo variant outbound connection (malware-cnc.rules)
 * 1:31916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:31923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant HTTP response attempt (malware-cnc.rules)
 * 1:31924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:31925 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Jynxkit outbound connection (malware-cnc.rules)
 * 1:31928 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Becontr variant outbound connection (malware-cnc.rules)
 * 1:31929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules)
 * 1:31930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules)
 * 1:31941 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Pedrp variant outbound connection (malware-cnc.rules)
 * 1:31947 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - HttpCall - Win.Trojan.Rukypee (malware-cnc.rules)
 * 1:31948 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MyProgramm - Win.Trojan.Rukypee (malware-cnc.rules)
 * 1:31949 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Skypee - Win.Trojan.Rukypee (malware-cnc.rules)
 * 1:31954 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules)
 * 1:31955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules)
 * 1:31957 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Torct variant outbound connection (malware-cnc.rules)
 * 1:31964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:31973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chebri variant outbound connection (malware-cnc.rules)
 * 1:31974 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zegorg variant outbound connection (malware-cnc.rules)
 * 1:31990 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Install - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:31991 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Treck - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:31992 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31993 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31994 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31995 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31996 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31997 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jabberbot variant outbound connection (malware-cnc.rules)
 * 1:32058 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Masatekar variant outbound connection (malware-cnc.rules)
 * 1:31999 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:32000 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:32001 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:32002 <-> DISABLED <-> MALWARE-CNC Win.Worm.Zorenium variant outbound connection (malware-cnc.rules)
 * 1:32009 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder inbound connection attempt - command (malware-cnc.rules)
 * 1:32010 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder outbound telnet connection attempt (malware-cnc.rules)
 * 1:32011 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder outbound connection (malware-cnc.rules)
 * 1:32012 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Bipamid variant outbound connection (malware-cnc.rules)
 * 1:32013 <-> DISABLED <-> MALWARE-CNC Linux.Worm.Darlloz variant outbound connection (malware-cnc.rules)
 * 1:32015 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zeus variant outbound connection (malware-cnc.rules)
 * 1:32016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Menteni variant outbound connection (malware-cnc.rules)
 * 1:32017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Memlog SMB file transfer (malware-cnc.rules)
 * 1:32018 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Hupigon.NYK variant outbound connection (malware-cnc.rules)
 * 1:32020 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Krompt variant outbound connection (malware-cnc.rules)
 * 1:32023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinpid variant outbound connection (malware-cnc.rules)
 * 1:32028 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Klabcon variant outbound connection (malware-cnc.rules)
 * 1:32030 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Decibal - Win.Trojan.Decibal (malware-cnc.rules)
 * 1:32031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Decibal variant outbound connection (malware-cnc.rules)
 * 1:32033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larosden variant outbound connection (malware-cnc.rules)
 * 1:32034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larefervt variant outbound connection (malware-cnc.rules)
 * 1:32035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boleteiro variant outbound connection (malware-cnc.rules)
 * 1:32036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Somoca vaniant outbound connection (malware-cnc.rules)
 * 1:32037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload.awt variant outbound connection (malware-cnc.rules)
 * 1:32048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lecpetex variant outbound connection (malware-cnc.rules)
 * 1:32050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Larosden variant outbound connection (malware-cnc.rules)
 * 1:32052 <-> DISABLED <-> MALWARE-CNC User-Agent Xsser mRAT user-agent (malware-cnc.rules)
 * 1:32053 <-> DISABLED <-> MALWARE-CNC Xsser mRAT GPS data upload (malware-cnc.rules)
 * 1:32054 <-> DISABLED <-> MALWARE-CNC Xsser mRAT file upload (malware-cnc.rules)
 * 1:31998 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:32061 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Nekill variant outbound connection (malware-cnc.rules)
 * 1:32065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox inbound connection (malware-cnc.rules)
 * 1:32066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox outbound connection (malware-cnc.rules)
 * 1:32067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox outbound connection (malware-cnc.rules)
 * 1:32071 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zapchast variant outbound connection (malware-cnc.rules)
 * 1:32072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot configuration download attempt (malware-cnc.rules)
 * 1:32073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot outbound connection (malware-cnc.rules)
 * 1:32074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot payload download attempt (malware-cnc.rules)
 * 1:32075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small variant outbound connection (malware-cnc.rules)
 * 1:32086 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Corkow variant outbound connection (malware-cnc.rules)
 * 1:32090 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saaglup variant outbound connection (malware-cnc.rules)
 * 1:32091 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.PcertStealer variant outbound connection (malware-cnc.rules)
 * 1:32093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:32096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Puver variant outbound connection (malware-cnc.rules)
 * 1:32121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (malware-cnc.rules)
 * 1:32123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:32125 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - update - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:32126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lizarbot outbound connection (malware-cnc.rules)
 * 1:32129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:32130 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:32175 <-> DISABLED <-> MALWARE-CNC Osx.Backdoor.iWorm variant outbound connection (malware-cnc.rules)
 * 1:32179 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Plugx variant outbound connection (malware-cnc.rules)
 * 1:32180 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.ZxShell connection incoming attempt (malware-cnc.rules)
 * 1:32181 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.ZxShell connection outgoing attempt (malware-cnc.rules)
 * 1:32192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zxshell variant outbound connection (malware-cnc.rules)
 * 1:32193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dubrute variant outbound connection (malware-cnc.rules)
 * 1:32194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dubrute variant outbound connection (malware-cnc.rules)
 * 1:32195 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Palebot variant outbound connection (malware-cnc.rules)
 * 1:32196 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:32197 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zerolocker variant outbound connection (malware-cnc.rules)
 * 1:32198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mujormel outbound connection (malware-cnc.rules)
 * 1:32202 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Soaphrish variant outbound connection (malware-cnc.rules)
 * 1:32220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy download detected (malware-cnc.rules)
 * 1:32221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy download detected (malware-cnc.rules)
 * 1:32222 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Liroospu variant outbound connection (malware-cnc.rules)
 * 1:32225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall variant outbound connection (malware-cnc.rules)
 * 1:32243 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Clemint variant outbound connection (malware-cnc.rules)
 * 1:32250 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hydraq.variant outbound detected (malware-cnc.rules)
 * 1:32270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba variant outbound connection (malware-cnc.rules)
 * 1:32272 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Hesechca variant outbound connection (malware-cnc.rules)
 * 1:32285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zoxpng variant outbound connection (malware-cnc.rules)
 * 1:32287 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sapertilz variant outbound connection (malware-cnc.rules)
 * 1:32289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules)
 * 1:32290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules)
 * 1:32291 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules)
 * 1:32292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules)
 * 1:32293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Acanas variant outbound connection (malware-cnc.rules)
 * 1:32294 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent BloodguyBrowser-_- (malware-cnc.rules)
 * 1:32295 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string http - Win.Trojan.Waski (malware-cnc.rules)
 * 1:32296 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string update - Win.Trojan.Waski (malware-cnc.rules)
 * 1:32310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli variant outbound connection (malware-cnc.rules)
 * 1:32311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rehtesyk outbound connection (malware-cnc.rules)
 * 1:32312 <-> DISABLED <-> MALWARE-CNC FrameworkPOS data exfiltration through DNS - beacon message (malware-cnc.rules)
 * 1:32328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant download request (malware-cnc.rules)
 * 1:32329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules)
 * 1:32330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules)
 * 1:32331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules)
 * 1:32332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hancitor variant outbound connection (malware-cnc.rules)
 * 1:32333 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string fast uax (malware-cnc.rules)
 * 1:32334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stantinko variant outbound connection (malware-cnc.rules)
 * 1:32338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ropest variant outbound connection (malware-cnc.rules)
 * 1:32341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cakwerd variant outbound connection (malware-cnc.rules)
 * 1:32343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant inbound spam attempt (malware-cnc.rules)
 * 1:32344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound spam attempt (malware-cnc.rules)
 * 1:32354 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsune variant outbound connection (malware-cnc.rules)
 * 1:32357 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Akaza variant outbound connection (malware-cnc.rules)
 * 1:32367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GameOverZeus variant outbound connection (malware-cnc.rules)
 * 1:32368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex variant outbound connection (malware-cnc.rules)
 * 1:32372 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drepitt variant outbound connection (malware-cnc.rules)
 * 1:32373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Broonject variant outbound connection (malware-cnc.rules)
 * 1:32374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:32379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Baccamun variant outbound connection (malware-cnc.rules)
 * 1:32383 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - connect - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:32384 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - myupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:32394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules)
 * 1:32395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules)
 * 1:32396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules)
 * 1:32397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules)
 * 1:32400 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Parama attempted outbound connection (malware-cnc.rules)
 * 1:32401 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Kivars outbound connection (malware-cnc.rules)
 * 1:32402 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent globalupdate - Osx.Trojan.Wirelurker (malware-cnc.rules)
 * 1:32451 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backoff initial outbound connection (malware-cnc.rules)
 * 1:32455 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VUPHTTP - Win.Trojan.Puvespia (malware-cnc.rules)
 * 1:32456 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Effseart variant outbound connection (malware-cnc.rules)
 * 1:32457 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Effseart variant inbound connection (malware-cnc.rules)
 * 1:32464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker variant outbound connection (malware-cnc.rules)
 * 1:32469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankeiya outbound connection (malware-cnc.rules)
 * 1:32486 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Exadog outbound connection (malware-cnc.rules)
 * 1:32487 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Exadog variant outbound connection (malware-cnc.rules)
 * 1:32493 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA variant outbound connection (malware-cnc.rules)
 * 1:32494 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA variant outbound connection (malware-cnc.rules)
 * 1:32504 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (malware-cnc.rules)
 * 1:32505 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (malware-cnc.rules)
 * 1:32506 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Secdeskinf outbound connection (malware-cnc.rules)
 * 1:32510 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.PiltabeA outbound connection (malware-cnc.rules)
 * 1:32511 <-> DISABLED <-> MALWARE-CNC PCRat variant outbound connection (malware-cnc.rules)
 * 1:32512 <-> DISABLED <-> MALWARE-CNC PCRat variant outbound connection (malware-cnc.rules)
 * 1:32513 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Havex outbound connection (malware-cnc.rules)
 * 1:32521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 2.0 possible TOR client retrieval attempt (malware-cnc.rules)
 * 1:32529 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Vkont variant outbound connection (malware-cnc.rules)
 * 1:32548 <-> DISABLED <-> MALWARE-CNC Mac.Backdoor.iWorm attempted outbound connection (malware-cnc.rules)
 * 1:32550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Extant variant outbound connection (malware-cnc.rules)
 * 1:32551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coreshell variant outbound connection (malware-cnc.rules)
 * 1:32556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayoboiz outbound connection (malware-cnc.rules)
 * 1:32557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayoboiz outbound connection (malware-cnc.rules)
 * 1:32583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:32584 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:32585 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:32586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:32598 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad file wipe attempt (malware-cnc.rules)
 * 1:32599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad outbound connection (malware-cnc.rules)
 * 1:32600 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad file wipe attempt (malware-cnc.rules)
 * 1:32604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Geodo variant outbound connection (malware-cnc.rules)
 * 1:32605 <-> DISABLED <-> MALWARE-CNC Win.Worm.Jenxcus variant outbound connection (malware-cnc.rules)
 * 1:32606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral variant outbound connection (malware-cnc.rules)
 * 1:32607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt (malware-cnc.rules)
 * 1:32608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt (malware-cnc.rules)
 * 1:32609 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (malware-cnc.rules)
 * 1:32610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive (malware-cnc.rules)
 * 1:32613 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jadowndec attempted outbound connection (malware-cnc.rules)
 * 1:32614 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jadowndec attempted outbound connection (malware-cnc.rules)
 * 1:32621 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules)
 * 1:32624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules)
 * 1:32645 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RUpdate (malware-cnc.rules)
 * 1:32665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chopstick variant outbound request (malware-cnc.rules)
 * 1:32667 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chopstick variant outbound request (malware-cnc.rules)
 * 1:32674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wiper variant outbound connection (malware-cnc.rules)
 * 1:32677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules)
 * 1:32678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules)
 * 1:32706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:32727 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Uclinu variant outbound connection (malware-cnc.rules)
 * 1:32728 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Olegb variant outbound connection (malware-cnc.rules)
 * 1:32734 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Typideg variant outbound connection (malware-cnc.rules)
 * 1:32735 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoPHP variant outbound connection (malware-cnc.rules)
 * 1:32736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoPHP variant outbound connection (malware-cnc.rules)
 * 1:32743 <-> DISABLED <-> MALWARE-CNC VGABot IRC communication attempt (malware-cnc.rules)
 * 1:32747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragebot variant outbound connection (malware-cnc.rules)
 * 1:32769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WOWCheckC Attempted CNC (malware-cnc.rules)
 * 1:32770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:32776 <-> DISABLED <-> MALWARE-CNC FIN4 VBA Macro credentials upload attempt (malware-cnc.rules)
 * 1:32780 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (malware-cnc.rules)
 * 1:32781 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (malware-cnc.rules)
 * 1:32791 <-> DISABLED <-> MALWARE-CNC Win.Virus.Ransomlock outbound connection (malware-cnc.rules)
 * 1:32792 <-> DISABLED <-> MALWARE-CNC Win.Virus.Ransomlock inbound connection (malware-cnc.rules)
 * 1:32823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection (malware-cnc.rules)
 * 1:32824 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel variant outbound connection (malware-cnc.rules)
 * 1:32825 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection (malware-cnc.rules)
 * 1:32826 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel data upload attempt (malware-cnc.rules)
 * 1:32827 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel response connection attempt (malware-cnc.rules)
 * 1:32852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection (malware-cnc.rules)
 * 1:32853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection (malware-cnc.rules)
 * 1:32854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Loodir outbound connection (malware-cnc.rules)
 * 1:32882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ksypypro outbound connection (malware-cnc.rules)
 * 1:32891 <-> DISABLED <-> MALWARE-CNC Php.Malware.SoakSoakRedirect Malware traffic containing WordPress Administrator credentials (malware-cnc.rules)
 * 1:32892 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorLocker variant outbound connection (malware-cnc.rules)
 * 1:32893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Finforst outbound connection (malware-cnc.rules)
 * 1:32908 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules)
 * 1:32909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules)
 * 1:32910 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules)
 * 1:32950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bladabindi variant outbound connection (malware-cnc.rules)
 * 1:32956 <-> DISABLED <-> MALWARE-CNC Android.CoolReaper.Trojan outbound connection (malware-cnc.rules)
 * 1:32957 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound SOAP connection attempt (malware-cnc.rules)
 * 1:32958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot response connection attempt (malware-cnc.rules)
 * 1:32973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Twerket variant outbound connection (malware-cnc.rules)
 * 1:32976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluos variant outbound connection (malware-cnc.rules)
 * 1:32977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluos variant outbound connection (malware-cnc.rules)
 * 1:32978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules)
 * 1:32979 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules)
 * 1:32980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - multi-browser (malware-cnc.rules)
 * 1:32986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toopu dll embedded in png download attempt (malware-cnc.rules)
 * 1:32987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:32988 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:32989 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:32990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toopu outbound connection (malware-cnc.rules)
 * 1:33047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - realupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Joanap outbound connection (malware-cnc.rules)
 * 1:33058 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant inbound connection (malware-cnc.rules)
 * 1:33059 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant outbound connection (malware-cnc.rules)
 * 1:33060 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant outbound connection (malware-cnc.rules)
 * 1:33061 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lagulon.A outbound connection (malware-cnc.rules)
 * 1:33081 <-> DISABLED <-> MALWARE-CNC OnionDuke variant outbound connection (malware-cnc.rules)
 * 1:33082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nocpos initial outbound connection (malware-cnc.rules)
 * 1:33083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nocpos information disclosure attempt (malware-cnc.rules)
 * 1:33084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tosct variant outbound connection (malware-cnc.rules)
 * 1:33145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules)
 * 1:33148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules)
 * 1:33149 <-> DISABLED <-> MALWARE-CNC Win.Worm.Ultramine outbound connection (malware-cnc.rules)
 * 1:33152 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nurjax.A outbound connection (malware-cnc.rules)
 * 1:33153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Heur variant outbound connection (malware-cnc.rules)
 * 1:33161 <-> DISABLED <-> MALWARE-CNC Win.Spyware.Rombertik outbound connection (malware-cnc.rules)
 * 1:33165 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poweliks outbound connection (malware-cnc.rules)
 * 1:33199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Sabeba outbound connection (malware-cnc.rules)
 * 1:33200 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pisces variant outbound connection (malware-cnc.rules)
 * 1:33207 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mazilla/5.0 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules)
 * 1:33217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuovoscor variant outbound connection (malware-cnc.rules)
 * 1:33218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cendode system information disclosure attempt (malware-cnc.rules)
 * 1:33219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue variant outbound connection (malware-cnc.rules)
 * 1:33220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye keylogger exfiltration attempt (malware-cnc.rules)
 * 1:33221 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules)
 * 1:33222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules)
 * 1:33223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules)
 * 1:33227 <-> DISABLED <-> MALWARE-CNC Win.Agent.BHHK variant outbound connection (malware-cnc.rules)
 * 1:33228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules)
 * 1:33994 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Beshida outbound connection (malware-cnc.rules)
 * 1:34037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:33232 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - AppUpdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:32060 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent string - httptestman - Win.Backdoor.Rabasheeta (malware-cnc.rules)
 * 1:33231 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox/5.0 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33233 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-1 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33234 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2508Inst - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33235 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-2 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33236 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2808inst - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33237 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Player - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33238 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Wurst - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33239 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Installer/1.0 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33240 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - FixUpdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33243 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozilla - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33244 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33245 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera10 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33246 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - OperaMini - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33248 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Peers12 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33249 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SLSSoapClient - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33250 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Tintin - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33251 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - USER_CHECK - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33252 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - WATClient - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33253 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - bbbbbbbbbb - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33254 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - hi - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33255 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - iMacros - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33256 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - macrotest - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33257 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlymacros - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33258 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Updates downloader - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33259 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - testupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33260 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlyupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33282 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules)
 * 1:33284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.OnLineGames variant outbound connection (malware-cnc.rules)
 * 1:33285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bavload outbound download request attempt (malware-cnc.rules)
 * 1:33289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rawpos incoming backdoor connection attempt (malware-cnc.rules)
 * 1:33299 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foxy variant outbound connection (malware-cnc.rules)
 * 1:33305 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rubinurd variant outbound connection (malware-cnc.rules)
 * 1:33328 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules)
 * 1:33329 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules)
 * 1:33330 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules)
 * 1:33342 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules)
 * 1:33411 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules)
 * 1:33431 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gefetroe variant outbound connection (malware-cnc.rules)
 * 1:33443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:33444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules)
 * 1:33449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileEncoder IP geolocation checkin attempt (malware-cnc.rules)
 * 1:33450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileEncoder variant outbound connection (malware-cnc.rules)
 * 1:33453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules)
 * 1:33456 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules)
 * 1:33457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:33464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dynamer variant outbound connection (malware-cnc.rules)
 * 1:33481 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Xnote outbound connection (malware-cnc.rules)
 * 1:33482 <-> DISABLED <-> MALWARE-CNC Win.Worm.Enosch variant outbound connection (malware-cnc.rules)
 * 1:33496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda variant outbound connection (malware-cnc.rules)
 * 1:33513 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - XAgent - Operation Pawn Storm (malware-cnc.rules)
 * 1:33519 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ALIZER (malware-cnc.rules)
 * 1:33520 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy inbound CNC response (malware-cnc.rules)
 * 1:33521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (malware-cnc.rules)
 * 1:33522 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - DNS Changer (malware-cnc.rules)
 * 1:33523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (malware-cnc.rules)
 * 1:33524 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (malware-cnc.rules)
 * 1:33543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules)
 * 1:33545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules)
 * 1:33546 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules)
 * 1:33547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Turla outbound connection (malware-cnc.rules)
 * 1:33594 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules)
 * 1:33620 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.lubot outbound connection (malware-cnc.rules)
 * 1:33621 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.lubot outbound connection (malware-cnc.rules)
 * 1:33633 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Downing - Win.Trojan.Otwycal (malware-cnc.rules)
 * 1:33646 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:33647 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:33648 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:33649 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Google Omaha - Win.Trojan.ExtenBro (malware-cnc.rules)
 * 1:33650 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba outbound connection (malware-cnc.rules)
 * 1:33674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules)
 * 1:33675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules)
 * 1:33677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Babar outbound connection (malware-cnc.rules)
 * 1:33678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FannyWorm outbound connection (malware-cnc.rules)
 * 1:33230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:34036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NewPos outbound connection (malware-cnc.rules)
 * 1:33885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules)
 * 1:34032 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:33997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules)
 * 1:33831 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent DownloadMR - Solimba (malware-cnc.rules)
 * 1:34028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bruecimig variant outbound connection (malware-cnc.rules)
 * 1:33854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LogPOS variant outbound connection (malware-cnc.rules)
 * 1:33867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:34115 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules)
 * 1:34033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:33892 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xerq outbound connection (malware-cnc.rules)
 * 1:33993 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules)
 * 1:33907 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - KAIIOOOO871 - Win.Trojan.Dridex (malware-cnc.rules)
 * 1:34005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:33877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules)
 * 1:34182 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)

2020-10-15 12:57:43 UTC

Snort Subscriber Rules Update

Date: 2020-10-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:55999 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules)
 * 1:56008 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt (browser-webkit.rules)
 * 1:56005 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules)
 * 1:56007 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules)
 * 1:56004 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CMW 100 cross site scripting attempt (server-webapp.rules)
 * 1:56006 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules)
 * 1:56009 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt (browser-webkit.rules)
 * 1:56001 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules)
 * 1:56000 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules)
 * 1:56003 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant initial outbound request detected (malware-cnc.rules)
 * 1:56002 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CMW 100 SQL injection attempt (server-webapp.rules)

Modified Rules:


 * 1:33912 <-> DISABLED <-> MALWARE-CNC Cryptofortress Decryption Software Purchase Tor Website (malware-cnc.rules)
 * 1:33820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:33746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules)
 * 1:33704 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33819 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:33865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:34246 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AAEH variant outbound connection (malware-cnc.rules)
 * 1:33747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33851 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules)
 * 1:33745 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:33755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33876 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules)
 * 1:34297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules)
 * 1:34161 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Punkey outbound connection (malware-cnc.rules)
 * 1:34308 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:40066 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.LokiBot (malware-cnc.rules)
 * 1:34217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aytoke variant outbound connection (malware-cnc.rules)
 * 1:34292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kraken outbound connection (malware-cnc.rules)
 * 1:34117 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zupdax variant outbound connection (malware-cnc.rules)
 * 1:33879 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules)
 * 1:48818 <-> ENABLED <-> MALWARE-CNC Js.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:33931 <-> DISABLED <-> MALWARE-CNC Win.Worm.Goldrv variant outbound connection (malware-cnc.rules)
 * 1:34037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ayuther variant outbound connection (malware-cnc.rules)
 * 1:46062 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules)
 * 1:33873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tepoyx outbound connection detection (malware-cnc.rules)
 * 1:33877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules)
 * 1:33854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LogPOS variant outbound connection (malware-cnc.rules)
 * 1:40067 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LokiBot outbound connection (malware-cnc.rules)
 * 1:34033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:33749 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:34262 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:33821 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:33677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Babar outbound connection (malware-cnc.rules)
 * 1:46063 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules)
 * 1:33748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:34012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:33753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:34181 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:46064 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules)
 * 1:34007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34286 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mudrop variant outbound connection (malware-cnc.rules)
 * 1:34290 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Plez outbound connection (malware-cnc.rules)
 * 1:33989 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules)
 * 1:34289 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Plez outbound connection (malware-cnc.rules)
 * 1:34296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules)
 * 1:34219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nanocore variant outbound connection (malware-cnc.rules)
 * 1:34283 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:34291 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string crackim (malware-cnc.rules)
 * 1:34036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:33822 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:34001 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules)
 * 1:34111 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chrozil variant outbound connection (malware-cnc.rules)
 * 1:34008 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules)
 * 1:34030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NewPos outbound connection (malware-cnc.rules)
 * 1:33966 <-> DISABLED <-> MALWARE-CNC Win.Worm.Mafusc variant outbound connection (malware-cnc.rules)
 * 1:34031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (malware-cnc.rules)
 * 1:33913 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Concbak outbound connection (malware-cnc.rules)
 * 1:34050 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nepigon variant outbound connection (malware-cnc.rules)
 * 1:34025 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules)
 * 1:34130 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:33893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules)
 * 1:34041 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Igliveforg variant initial outbound connection (malware-cnc.rules)
 * 1:33867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33994 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Beshida outbound connection (malware-cnc.rules)
 * 1:34155 <-> DISABLED <-> MALWARE-CNC MacOS.Backdoor.Xslcmd outbound connection (malware-cnc.rules)
 * 1:34108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarsi variant outbound connection (malware-cnc.rules)
 * 1:33861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:34182 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:34011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34115 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules)
 * 1:33831 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent DownloadMR - Solimba (malware-cnc.rules)
 * 1:33872 <-> DISABLED <-> MALWARE-CNC Win.Worm.Urahu outbound connection (malware-cnc.rules)
 * 1:33866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:34042 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Igliveforg variant outbound connection (malware-cnc.rules)
 * 1:33907 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - KAIIOOOO871 - Win.Trojan.Dridex (malware-cnc.rules)
 * 1:33932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tempedreve Samba probe (malware-cnc.rules)
 * 1:33997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules)
 * 1:33878 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules)
 * 1:34138 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Netkrypt inbound response (malware-cnc.rules)
 * 1:33863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:34010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:33933 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Penget variant outbound connection (malware-cnc.rules)
 * 1:33891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Amasages variant outbound connection (malware-cnc.rules)
 * 1:34281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:33240 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - FixUpdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:31996 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31827 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules)
 * 1:31828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jabberbot variant outbound connection (malware-cnc.rules)
 * 1:31832 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pfinet outbound connection (malware-cnc.rules)
 * 1:31833 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chkbot outbound connection (malware-cnc.rules)
 * 1:31834 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Delorado variant outbound connection (malware-cnc.rules)
 * 1:31835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yesudac variant outbound connection (malware-cnc.rules)
 * 1:31836 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Seribe variant outbound connection (malware-cnc.rules)
 * 1:31837 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retgate variant outbound connection (malware-cnc.rules)
 * 1:31883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Waterspout outbound connection (malware-cnc.rules)
 * 1:31885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Threebyte variant outbound connection (malware-cnc.rules)
 * 1:31895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toupi variant outbound connection (malware-cnc.rules)
 * 1:31897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (malware-cnc.rules)
 * 1:31904 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:31907 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Honerep variant outbound connection (malware-cnc.rules)
 * 1:31909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Basostab variant outbound connection (malware-cnc.rules)
 * 1:31911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Gareme variant outbound connection (malware-cnc.rules)
 * 1:31913 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maozhi variant outbound connection (malware-cnc.rules)
 * 1:31915 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Ziyazo variant outbound connection (malware-cnc.rules)
 * 1:31916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:31923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant HTTP response attempt (malware-cnc.rules)
 * 1:31924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:31925 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Jynxkit outbound connection (malware-cnc.rules)
 * 1:31928 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Becontr variant outbound connection (malware-cnc.rules)
 * 1:31929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules)
 * 1:31930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules)
 * 1:31941 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Pedrp variant outbound connection (malware-cnc.rules)
 * 1:31947 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - HttpCall - Win.Trojan.Rukypee (malware-cnc.rules)
 * 1:31948 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MyProgramm - Win.Trojan.Rukypee (malware-cnc.rules)
 * 1:31949 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Skypee - Win.Trojan.Rukypee (malware-cnc.rules)
 * 1:31954 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules)
 * 1:31955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules)
 * 1:31957 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Torct variant outbound connection (malware-cnc.rules)
 * 1:31964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:31973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chebri variant outbound connection (malware-cnc.rules)
 * 1:31974 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zegorg variant outbound connection (malware-cnc.rules)
 * 1:31990 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Install - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:31991 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Treck - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:31992 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31993 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31994 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:34280 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules)
 * 1:32053 <-> DISABLED <-> MALWARE-CNC Xsser mRAT GPS data upload (malware-cnc.rules)
 * 1:32054 <-> DISABLED <-> MALWARE-CNC Xsser mRAT file upload (malware-cnc.rules)
 * 1:31998 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31999 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:32000 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:32001 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:32002 <-> DISABLED <-> MALWARE-CNC Win.Worm.Zorenium variant outbound connection (malware-cnc.rules)
 * 1:32009 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder inbound connection attempt - command (malware-cnc.rules)
 * 1:32010 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder outbound telnet connection attempt (malware-cnc.rules)
 * 1:32011 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder outbound connection (malware-cnc.rules)
 * 1:32012 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Bipamid variant outbound connection (malware-cnc.rules)
 * 1:32013 <-> DISABLED <-> MALWARE-CNC Linux.Worm.Darlloz variant outbound connection (malware-cnc.rules)
 * 1:32015 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zeus variant outbound connection (malware-cnc.rules)
 * 1:32016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Menteni variant outbound connection (malware-cnc.rules)
 * 1:32017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Memlog SMB file transfer (malware-cnc.rules)
 * 1:32018 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Hupigon.NYK variant outbound connection (malware-cnc.rules)
 * 1:32020 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Krompt variant outbound connection (malware-cnc.rules)
 * 1:32023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinpid variant outbound connection (malware-cnc.rules)
 * 1:32028 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Klabcon variant outbound connection (malware-cnc.rules)
 * 1:32030 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Decibal - Win.Trojan.Decibal (malware-cnc.rules)
 * 1:32031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Decibal variant outbound connection (malware-cnc.rules)
 * 1:32033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larosden variant outbound connection (malware-cnc.rules)
 * 1:32034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larefervt variant outbound connection (malware-cnc.rules)
 * 1:32035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boleteiro variant outbound connection (malware-cnc.rules)
 * 1:32036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Somoca vaniant outbound connection (malware-cnc.rules)
 * 1:32037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload.awt variant outbound connection (malware-cnc.rules)
 * 1:32048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lecpetex variant outbound connection (malware-cnc.rules)
 * 1:32050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Larosden variant outbound connection (malware-cnc.rules)
 * 1:32052 <-> DISABLED <-> MALWARE-CNC User-Agent Xsser mRAT user-agent (malware-cnc.rules)
 * 1:34183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:31997 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:33232 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - AppUpdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FannyWorm outbound connection (malware-cnc.rules)
 * 1:33230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33233 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-1 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33234 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2508Inst - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33235 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-2 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33236 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2808inst - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33237 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Player - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33238 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Wurst - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33239 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Installer/1.0 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:31826 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant HTTP Response (malware-cnc.rules)
 * 1:33242 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Explorer - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33243 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozilla - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33244 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33245 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera10 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33246 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - OperaMini - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33248 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Peers12 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33249 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SLSSoapClient - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33250 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Tintin - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33251 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - USER_CHECK - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33252 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - WATClient - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33253 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - bbbbbbbbbb - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33254 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - hi - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33255 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - iMacros - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33256 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - macrotest - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33257 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlymacros - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33258 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Updates downloader - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33259 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - testupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33260 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlyupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33282 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules)
 * 1:33284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.OnLineGames variant outbound connection (malware-cnc.rules)
 * 1:33285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bavload outbound download request attempt (malware-cnc.rules)
 * 1:33289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rawpos incoming backdoor connection attempt (malware-cnc.rules)
 * 1:33299 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foxy variant outbound connection (malware-cnc.rules)
 * 1:33305 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rubinurd variant outbound connection (malware-cnc.rules)
 * 1:33328 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules)
 * 1:33329 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules)
 * 1:33330 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules)
 * 1:33342 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules)
 * 1:33411 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules)
 * 1:33431 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gefetroe variant outbound connection (malware-cnc.rules)
 * 1:33443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:33444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules)
 * 1:33449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileEncoder IP geolocation checkin attempt (malware-cnc.rules)
 * 1:33450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileEncoder variant outbound connection (malware-cnc.rules)
 * 1:33453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules)
 * 1:33456 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules)
 * 1:33457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:33464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dynamer variant outbound connection (malware-cnc.rules)
 * 1:33481 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Xnote outbound connection (malware-cnc.rules)
 * 1:33482 <-> DISABLED <-> MALWARE-CNC Win.Worm.Enosch variant outbound connection (malware-cnc.rules)
 * 1:33496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda variant outbound connection (malware-cnc.rules)
 * 1:33513 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - XAgent - Operation Pawn Storm (malware-cnc.rules)
 * 1:33519 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ALIZER (malware-cnc.rules)
 * 1:33520 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy inbound CNC response (malware-cnc.rules)
 * 1:33521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (malware-cnc.rules)
 * 1:33522 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - DNS Changer (malware-cnc.rules)
 * 1:33523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (malware-cnc.rules)
 * 1:33524 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (malware-cnc.rules)
 * 1:33543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules)
 * 1:33545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules)
 * 1:33546 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules)
 * 1:33547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Turla outbound connection (malware-cnc.rules)
 * 1:33594 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules)
 * 1:33620 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.lubot outbound connection (malware-cnc.rules)
 * 1:33621 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.lubot outbound connection (malware-cnc.rules)
 * 1:33633 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Downing - Win.Trojan.Otwycal (malware-cnc.rules)
 * 1:33646 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:33647 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:33648 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:33649 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Google Omaha - Win.Trojan.ExtenBro (malware-cnc.rules)
 * 1:33650 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba outbound connection (malware-cnc.rules)
 * 1:33674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules)
 * 1:33675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules)
 * 1:33223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules)
 * 1:33884 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string dolit (malware-cnc.rules)
 * 1:33886 <-> DISABLED <-> MALWARE-CNC WIn.Trojan.HawkEye keylogger variant outbound connection (malware-cnc.rules)
 * 1:34116 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules)
 * 1:33885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules)
 * 1:34143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypvault outbound connection (malware-cnc.rules)
 * 1:34049 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.EvilBunny variant outbound connection (malware-cnc.rules)
 * 1:33862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:34136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant MSSQL response (malware-cnc.rules)
 * 1:34028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bruecimig variant outbound connection (malware-cnc.rules)
 * 1:34032 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:33990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules)
 * 1:34038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:33996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules)
 * 1:34005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:33868 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33860 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:34044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Exacrytion variant outbound connection (malware-cnc.rules)
 * 1:33857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PwnPOS data exfiltration attempt (malware-cnc.rules)
 * 1:34004 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34140 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbound connection (malware-cnc.rules)
 * 1:33864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:34214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Capimac variant outbound connection (malware-cnc.rules)
 * 1:34039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banklaed variant outbound connection (malware-cnc.rules)
 * 1:33883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadtre variant outbound connection (malware-cnc.rules)
 * 1:33859 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:34113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent beacon reply attempt (malware-cnc.rules)
 * 1:33750 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33227 <-> DISABLED <-> MALWARE-CNC Win.Agent.BHHK variant outbound connection (malware-cnc.rules)
 * 1:34282 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:34263 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:34026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules)
 * 1:34223 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Yebot variant outbound connection (malware-cnc.rules)
 * 1:33892 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xerq outbound connection (malware-cnc.rules)
 * 1:33992 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules)
 * 1:34006 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:33914 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Barys (malware-cnc.rules)
 * 1:34045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eitenckay initial outbound connection (malware-cnc.rules)
 * 1:34035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:33930 <-> DISABLED <-> MALWARE-CNC Vicepass outbound connection initial request to the CNC sending system information (malware-cnc.rules)
 * 1:34009 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:33985 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.ChinaZ outbound connection (malware-cnc.rules)
 * 1:33852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules)
 * 1:34047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBPasswordStealer variant outbound connection (malware-cnc.rules)
 * 1:33993 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules)
 * 1:34128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WIntruder outbound connection (malware-cnc.rules)
 * 1:34003 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules)
 * 1:34046 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expilan variant outbound connection (malware-cnc.rules)
 * 1:34132 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Erotimpact variant outbound connection (malware-cnc.rules)
 * 1:34261 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:31820 <-> DISABLED <-> MALWARE-CNC Win.Banker.Delf variant outbound connection (malware-cnc.rules)
 * 1:31824 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:31995 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:33231 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox/5.0 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:32058 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Masatekar variant outbound connection (malware-cnc.rules)
 * 1:32060 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent string - httptestman - Win.Backdoor.Rabasheeta (malware-cnc.rules)
 * 1:32061 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Nekill variant outbound connection (malware-cnc.rules)
 * 1:32065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox inbound connection (malware-cnc.rules)
 * 1:32066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox outbound connection (malware-cnc.rules)
 * 1:32067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox outbound connection (malware-cnc.rules)
 * 1:32071 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zapchast variant outbound connection (malware-cnc.rules)
 * 1:32072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot configuration download attempt (malware-cnc.rules)
 * 1:32073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot outbound connection (malware-cnc.rules)
 * 1:32074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot payload download attempt (malware-cnc.rules)
 * 1:32075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small variant outbound connection (malware-cnc.rules)
 * 1:32086 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Corkow variant outbound connection (malware-cnc.rules)
 * 1:32090 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saaglup variant outbound connection (malware-cnc.rules)
 * 1:32091 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.PcertStealer variant outbound connection (malware-cnc.rules)
 * 1:32093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:32096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Puver variant outbound connection (malware-cnc.rules)
 * 1:32121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (malware-cnc.rules)
 * 1:32123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:32125 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - update - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:32126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lizarbot outbound connection (malware-cnc.rules)
 * 1:32129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:32130 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:32175 <-> DISABLED <-> MALWARE-CNC Osx.Backdoor.iWorm variant outbound connection (malware-cnc.rules)
 * 1:32179 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Plugx variant outbound connection (malware-cnc.rules)
 * 1:32180 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.ZxShell connection incoming attempt (malware-cnc.rules)
 * 1:32181 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.ZxShell connection outgoing attempt (malware-cnc.rules)
 * 1:32192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zxshell variant outbound connection (malware-cnc.rules)
 * 1:32193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dubrute variant outbound connection (malware-cnc.rules)
 * 1:32194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dubrute variant outbound connection (malware-cnc.rules)
 * 1:32195 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Palebot variant outbound connection (malware-cnc.rules)
 * 1:32196 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:32197 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zerolocker variant outbound connection (malware-cnc.rules)
 * 1:32198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mujormel outbound connection (malware-cnc.rules)
 * 1:32202 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Soaphrish variant outbound connection (malware-cnc.rules)
 * 1:32220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy download detected (malware-cnc.rules)
 * 1:32221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy download detected (malware-cnc.rules)
 * 1:32222 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Liroospu variant outbound connection (malware-cnc.rules)
 * 1:32225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall variant outbound connection (malware-cnc.rules)
 * 1:32243 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Clemint variant outbound connection (malware-cnc.rules)
 * 1:32250 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hydraq.variant outbound detected (malware-cnc.rules)
 * 1:32270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba variant outbound connection (malware-cnc.rules)
 * 1:32272 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Hesechca variant outbound connection (malware-cnc.rules)
 * 1:32285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zoxpng variant outbound connection (malware-cnc.rules)
 * 1:32287 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sapertilz variant outbound connection (malware-cnc.rules)
 * 1:32289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules)
 * 1:32290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules)
 * 1:32291 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules)
 * 1:32292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules)
 * 1:32293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Acanas variant outbound connection (malware-cnc.rules)
 * 1:32294 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent BloodguyBrowser-_- (malware-cnc.rules)
 * 1:32295 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string http - Win.Trojan.Waski (malware-cnc.rules)
 * 1:32296 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string update - Win.Trojan.Waski (malware-cnc.rules)
 * 1:32310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli variant outbound connection (malware-cnc.rules)
 * 1:32311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rehtesyk outbound connection (malware-cnc.rules)
 * 1:32312 <-> DISABLED <-> MALWARE-CNC FrameworkPOS data exfiltration through DNS - beacon message (malware-cnc.rules)
 * 1:32328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant download request (malware-cnc.rules)
 * 1:32329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules)
 * 1:32330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules)
 * 1:32331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules)
 * 1:32332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hancitor variant outbound connection (malware-cnc.rules)
 * 1:32333 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string fast uax (malware-cnc.rules)
 * 1:32334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stantinko variant outbound connection (malware-cnc.rules)
 * 1:32338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ropest variant outbound connection (malware-cnc.rules)
 * 1:32341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cakwerd variant outbound connection (malware-cnc.rules)
 * 1:32343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant inbound spam attempt (malware-cnc.rules)
 * 1:32344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound spam attempt (malware-cnc.rules)
 * 1:32354 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsune variant outbound connection (malware-cnc.rules)
 * 1:32357 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Akaza variant outbound connection (malware-cnc.rules)
 * 1:32367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GameOverZeus variant outbound connection (malware-cnc.rules)
 * 1:32368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex variant outbound connection (malware-cnc.rules)
 * 1:32372 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drepitt variant outbound connection (malware-cnc.rules)
 * 1:32373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Broonject variant outbound connection (malware-cnc.rules)
 * 1:32374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:32379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Baccamun variant outbound connection (malware-cnc.rules)
 * 1:32383 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - connect - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:32384 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - myupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:32394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules)
 * 1:32395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules)
 * 1:32396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules)
 * 1:32397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules)
 * 1:32400 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Parama attempted outbound connection (malware-cnc.rules)
 * 1:32401 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Kivars outbound connection (malware-cnc.rules)
 * 1:32402 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent globalupdate - Osx.Trojan.Wirelurker (malware-cnc.rules)
 * 1:32451 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backoff initial outbound connection (malware-cnc.rules)
 * 1:32455 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VUPHTTP - Win.Trojan.Puvespia (malware-cnc.rules)
 * 1:32456 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Effseart variant outbound connection (malware-cnc.rules)
 * 1:32457 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Effseart variant inbound connection (malware-cnc.rules)
 * 1:32464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker variant outbound connection (malware-cnc.rules)
 * 1:32469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankeiya outbound connection (malware-cnc.rules)
 * 1:32486 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Exadog outbound connection (malware-cnc.rules)
 * 1:32487 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Exadog variant outbound connection (malware-cnc.rules)
 * 1:32493 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA variant outbound connection (malware-cnc.rules)
 * 1:32494 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA variant outbound connection (malware-cnc.rules)
 * 1:32504 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (malware-cnc.rules)
 * 1:32505 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (malware-cnc.rules)
 * 1:32506 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Secdeskinf outbound connection (malware-cnc.rules)
 * 1:32510 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.PiltabeA outbound connection (malware-cnc.rules)
 * 1:32511 <-> DISABLED <-> MALWARE-CNC PCRat variant outbound connection (malware-cnc.rules)
 * 1:32512 <-> DISABLED <-> MALWARE-CNC PCRat variant outbound connection (malware-cnc.rules)
 * 1:32513 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Havex outbound connection (malware-cnc.rules)
 * 1:32521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 2.0 possible TOR client retrieval attempt (malware-cnc.rules)
 * 1:32529 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Vkont variant outbound connection (malware-cnc.rules)
 * 1:32548 <-> DISABLED <-> MALWARE-CNC Mac.Backdoor.iWorm attempted outbound connection (malware-cnc.rules)
 * 1:32550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Extant variant outbound connection (malware-cnc.rules)
 * 1:32551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coreshell variant outbound connection (malware-cnc.rules)
 * 1:32556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayoboiz outbound connection (malware-cnc.rules)
 * 1:32557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayoboiz outbound connection (malware-cnc.rules)
 * 1:32583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:32584 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:32585 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:32586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:32598 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad file wipe attempt (malware-cnc.rules)
 * 1:32599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad outbound connection (malware-cnc.rules)
 * 1:32600 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad file wipe attempt (malware-cnc.rules)
 * 1:32604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Geodo variant outbound connection (malware-cnc.rules)
 * 1:32605 <-> DISABLED <-> MALWARE-CNC Win.Worm.Jenxcus variant outbound connection (malware-cnc.rules)
 * 1:32606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral variant outbound connection (malware-cnc.rules)
 * 1:32607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt (malware-cnc.rules)
 * 1:32608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt (malware-cnc.rules)
 * 1:32609 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (malware-cnc.rules)
 * 1:32610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive (malware-cnc.rules)
 * 1:32613 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jadowndec attempted outbound connection (malware-cnc.rules)
 * 1:32614 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jadowndec attempted outbound connection (malware-cnc.rules)
 * 1:32621 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules)
 * 1:32624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules)
 * 1:32645 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RUpdate (malware-cnc.rules)
 * 1:32665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chopstick variant outbound request (malware-cnc.rules)
 * 1:32667 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chopstick variant outbound request (malware-cnc.rules)
 * 1:32674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wiper variant outbound connection (malware-cnc.rules)
 * 1:32677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules)
 * 1:32678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules)
 * 1:32706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:32727 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Uclinu variant outbound connection (malware-cnc.rules)
 * 1:32728 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Olegb variant outbound connection (malware-cnc.rules)
 * 1:32734 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Typideg variant outbound connection (malware-cnc.rules)
 * 1:32735 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoPHP variant outbound connection (malware-cnc.rules)
 * 1:32736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoPHP variant outbound connection (malware-cnc.rules)
 * 1:32743 <-> DISABLED <-> MALWARE-CNC VGABot IRC communication attempt (malware-cnc.rules)
 * 1:32747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragebot variant outbound connection (malware-cnc.rules)
 * 1:32769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WOWCheckC Attempted CNC (malware-cnc.rules)
 * 1:32770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:32776 <-> DISABLED <-> MALWARE-CNC FIN4 VBA Macro credentials upload attempt (malware-cnc.rules)
 * 1:32780 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (malware-cnc.rules)
 * 1:32781 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (malware-cnc.rules)
 * 1:32791 <-> DISABLED <-> MALWARE-CNC Win.Virus.Ransomlock outbound connection (malware-cnc.rules)
 * 1:32792 <-> DISABLED <-> MALWARE-CNC Win.Virus.Ransomlock inbound connection (malware-cnc.rules)
 * 1:32823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection (malware-cnc.rules)
 * 1:32824 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel variant outbound connection (malware-cnc.rules)
 * 1:32825 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection (malware-cnc.rules)
 * 1:32826 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel data upload attempt (malware-cnc.rules)
 * 1:32827 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel response connection attempt (malware-cnc.rules)
 * 1:32852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection (malware-cnc.rules)
 * 1:32853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection (malware-cnc.rules)
 * 1:32854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Loodir outbound connection (malware-cnc.rules)
 * 1:32882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ksypypro outbound connection (malware-cnc.rules)
 * 1:32891 <-> DISABLED <-> MALWARE-CNC Php.Malware.SoakSoakRedirect Malware traffic containing WordPress Administrator credentials (malware-cnc.rules)
 * 1:32892 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorLocker variant outbound connection (malware-cnc.rules)
 * 1:32893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Finforst outbound connection (malware-cnc.rules)
 * 1:32908 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules)
 * 1:32909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules)
 * 1:32910 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules)
 * 1:32950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bladabindi variant outbound connection (malware-cnc.rules)
 * 1:32956 <-> DISABLED <-> MALWARE-CNC Android.CoolReaper.Trojan outbound connection (malware-cnc.rules)
 * 1:32957 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound SOAP connection attempt (malware-cnc.rules)
 * 1:32958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot response connection attempt (malware-cnc.rules)
 * 1:32973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Twerket variant outbound connection (malware-cnc.rules)
 * 1:32976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluos variant outbound connection (malware-cnc.rules)
 * 1:32977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluos variant outbound connection (malware-cnc.rules)
 * 1:32978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules)
 * 1:32979 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules)
 * 1:32980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - multi-browser (malware-cnc.rules)
 * 1:32986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toopu dll embedded in png download attempt (malware-cnc.rules)
 * 1:32987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:32988 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:32989 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:32990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toopu outbound connection (malware-cnc.rules)
 * 1:33047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - realupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Joanap outbound connection (malware-cnc.rules)
 * 1:33058 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant inbound connection (malware-cnc.rules)
 * 1:33059 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant outbound connection (malware-cnc.rules)
 * 1:33060 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant outbound connection (malware-cnc.rules)
 * 1:33061 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lagulon.A outbound connection (malware-cnc.rules)
 * 1:33081 <-> DISABLED <-> MALWARE-CNC OnionDuke variant outbound connection (malware-cnc.rules)
 * 1:33082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nocpos initial outbound connection (malware-cnc.rules)
 * 1:33083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nocpos information disclosure attempt (malware-cnc.rules)
 * 1:33084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tosct variant outbound connection (malware-cnc.rules)
 * 1:33145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules)
 * 1:33148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules)
 * 1:33149 <-> DISABLED <-> MALWARE-CNC Win.Worm.Ultramine outbound connection (malware-cnc.rules)
 * 1:33152 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nurjax.A outbound connection (malware-cnc.rules)
 * 1:33153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Heur variant outbound connection (malware-cnc.rules)
 * 1:33161 <-> DISABLED <-> MALWARE-CNC Win.Spyware.Rombertik outbound connection (malware-cnc.rules)
 * 1:33165 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poweliks outbound connection (malware-cnc.rules)
 * 1:33199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Sabeba outbound connection (malware-cnc.rules)
 * 1:33200 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pisces variant outbound connection (malware-cnc.rules)
 * 1:33207 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mazilla/5.0 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules)
 * 1:33217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuovoscor variant outbound connection (malware-cnc.rules)
 * 1:33218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cendode system information disclosure attempt (malware-cnc.rules)
 * 1:33219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue variant outbound connection (malware-cnc.rules)
 * 1:33220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye keylogger exfiltration attempt (malware-cnc.rules)
 * 1:33221 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules)
 * 1:33222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules)

2020-10-15 12:57:43 UTC

Snort Subscriber Rules Update

Date: 2020-10-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56003 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant initial outbound request detected (snort3-malware-cnc.rules)
 * 1:56004 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CMW 100 cross site scripting attempt (snort3-server-webapp.rules)
 * 1:56001 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (snort3-server-apache.rules)
 * 1:56002 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CMW 100 SQL injection attempt (snort3-server-webapp.rules)
 * 1:56007 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (snort3-server-webapp.rules)
 * 1:56006 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (snort3-server-webapp.rules)
 * 1:56005 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (snort3-server-webapp.rules)
 * 1:56008 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt (snort3-browser-webkit.rules)
 * 1:56009 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt (snort3-browser-webkit.rules)
 * 1:55999 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (snort3-server-apache.rules)
 * 1:56000 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (snort3-server-apache.rules)

Modified Rules:


 * 1:34002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (snort3-malware-cnc.rules)
 * 1:32397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (snort3-malware-cnc.rules)
 * 1:34006 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (snort3-malware-cnc.rules)
 * 1:32455 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VUPHTTP - Win.Trojan.Puvespia (snort3-malware-cnc.rules)
 * 1:33912 <-> DISABLED <-> MALWARE-CNC Cryptofortress Decryption Software Purchase Tor Website (snort3-malware-cnc.rules)
 * 1:33933 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Penget variant outbound connection (snort3-malware-cnc.rules)
 * 1:31996 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (snort3-malware-cnc.rules)
 * 1:32384 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - myupdate - Win.Backdoor.Upatre (snort3-malware-cnc.rules)
 * 1:32383 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - connect - Win.Backdoor.Upatre (snort3-malware-cnc.rules)
 * 1:33821 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (snort3-malware-cnc.rules)
 * 1:32368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex variant outbound connection (snort3-malware-cnc.rules)
 * 1:32294 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent BloodguyBrowser-_- (snort3-malware-cnc.rules)
 * 1:32333 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string fast uax (snort3-malware-cnc.rules)
 * 1:32505 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (snort3-malware-cnc.rules)
 * 1:34289 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Plez outbound connection (snort3-malware-cnc.rules)
 * 1:32506 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Secdeskinf outbound connection (snort3-malware-cnc.rules)
 * 1:33868 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (snort3-malware-cnc.rules)
 * 1:33861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (snort3-malware-cnc.rules)
 * 1:32395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (snort3-malware-cnc.rules)
 * 1:33992 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (snort3-malware-cnc.rules)
 * 1:33851 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (snort3-malware-cnc.rules)
 * 1:34138 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Netkrypt inbound response (snort3-malware-cnc.rules)
 * 1:34117 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zupdax variant outbound connection (snort3-malware-cnc.rules)
 * 1:34143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypvault outbound connection (snort3-malware-cnc.rules)
 * 1:34013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ayuther variant outbound connection (snort3-malware-cnc.rules)
 * 1:34011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (snort3-malware-cnc.rules)
 * 1:33930 <-> DISABLED <-> MALWARE-CNC Vicepass outbound connection initial request to the CNC sending system information (snort3-malware-cnc.rules)
 * 1:33879 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (snort3-malware-cnc.rules)
 * 1:34009 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (snort3-malware-cnc.rules)
 * 1:33864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (snort3-malware-cnc.rules)
 * 1:34005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (snort3-malware-cnc.rules)
 * 1:34030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (snort3-malware-cnc.rules)
 * 1:33886 <-> DISABLED <-> MALWARE-CNC WIn.Trojan.HawkEye keylogger variant outbound connection (snort3-malware-cnc.rules)
 * 1:33859 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (snort3-malware-cnc.rules)
 * 1:34136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant MSSQL response (snort3-malware-cnc.rules)
 * 1:33883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadtre variant outbound connection (snort3-malware-cnc.rules)
 * 1:33872 <-> DISABLED <-> MALWARE-CNC Win.Worm.Urahu outbound connection (snort3-malware-cnc.rules)
 * 1:33885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (snort3-malware-cnc.rules)
 * 1:33852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (snort3-malware-cnc.rules)
 * 1:34008 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (snort3-malware-cnc.rules)
 * 1:34214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Capimac variant outbound connection (snort3-malware-cnc.rules)
 * 1:33860 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (snort3-malware-cnc.rules)
 * 1:34052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NewPos outbound connection (snort3-malware-cnc.rules)
 * 1:33990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (snort3-malware-cnc.rules)
 * 1:34181 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (snort3-malware-cnc.rules)
 * 1:34217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aytoke variant outbound connection (snort3-malware-cnc.rules)
 * 1:34216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (snort3-malware-cnc.rules)
 * 1:33854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LogPOS variant outbound connection (snort3-malware-cnc.rules)
 * 1:34111 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chrozil variant outbound connection (snort3-malware-cnc.rules)
 * 1:33862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (snort3-malware-cnc.rules)
 * 1:33913 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Concbak outbound connection (snort3-malware-cnc.rules)
 * 1:34032 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (snort3-malware-cnc.rules)
 * 1:34223 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Yebot variant outbound connection (snort3-malware-cnc.rules)
 * 1:33831 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent DownloadMR - Solimba (snort3-malware-cnc.rules)
 * 1:33997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (snort3-malware-cnc.rules)
 * 1:33989 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (snort3-malware-cnc.rules)
 * 1:34050 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nepigon variant outbound connection (snort3-malware-cnc.rules)
 * 1:34130 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (snort3-malware-cnc.rules)
 * 1:34034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (snort3-malware-cnc.rules)
 * 1:34012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (snort3-malware-cnc.rules)
 * 1:34010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (snort3-malware-cnc.rules)
 * 1:34007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (snort3-malware-cnc.rules)
 * 1:33867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (snort3-malware-cnc.rules)
 * 1:34047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBPasswordStealer variant outbound connection (snort3-malware-cnc.rules)
 * 1:34003 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (snort3-malware-cnc.rules)
 * 1:34039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banklaed variant outbound connection (snort3-malware-cnc.rules)
 * 1:34115 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (snort3-malware-cnc.rules)
 * 1:34046 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expilan variant outbound connection (snort3-malware-cnc.rules)
 * 1:34132 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Erotimpact variant outbound connection (snort3-malware-cnc.rules)
 * 1:33996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (snort3-malware-cnc.rules)
 * 1:34042 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Igliveforg variant outbound connection (snort3-malware-cnc.rules)
 * 1:33892 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xerq outbound connection (snort3-malware-cnc.rules)
 * 1:34161 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Punkey outbound connection (snort3-malware-cnc.rules)
 * 1:34286 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mudrop variant outbound connection (snort3-malware-cnc.rules)
 * 1:31993 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (snort3-malware-cnc.rules)
 * 1:33985 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.ChinaZ outbound connection (snort3-malware-cnc.rules)
 * 1:34049 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.EvilBunny variant outbound connection (snort3-malware-cnc.rules)
 * 1:34025 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (snort3-malware-cnc.rules)
 * 1:34004 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (snort3-malware-cnc.rules)
 * 1:33893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (snort3-malware-cnc.rules)
 * 1:33993 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (snort3-malware-cnc.rules)
 * 1:34045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eitenckay initial outbound connection (snort3-malware-cnc.rules)
 * 1:34035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (snort3-malware-cnc.rules)
 * 1:34219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nanocore variant outbound connection (snort3-malware-cnc.rules)
 * 1:34037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (snort3-malware-cnc.rules)
 * 1:33994 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Beshida outbound connection (snort3-malware-cnc.rules)
 * 1:34001 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (snort3-malware-cnc.rules)
 * 1:34280 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (snort3-malware-cnc.rules)
 * 1:32396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (snort3-malware-cnc.rules)
 * 1:34281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (snort3-malware-cnc.rules)
 * 1:33884 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string dolit (snort3-malware-cnc.rules)
 * 1:34031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (snort3-malware-cnc.rules)
 * 1:32456 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Effseart variant outbound connection (snort3-malware-cnc.rules)
 * 1:32296 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string update - Win.Trojan.Waski (snort3-malware-cnc.rules)
 * 1:32332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hancitor variant outbound connection (snort3-malware-cnc.rules)
 * 1:32451 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backoff initial outbound connection (snort3-malware-cnc.rules)
 * 1:32329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (snort3-malware-cnc.rules)
 * 1:32331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (snort3-malware-cnc.rules)
 * 1:32344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound spam attempt (snort3-malware-cnc.rules)
 * 1:32401 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Kivars outbound connection (snort3-malware-cnc.rules)
 * 1:34282 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (snort3-malware-cnc.rules)
 * 1:32504 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (snort3-malware-cnc.rules)
 * 1:32338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ropest variant outbound connection (snort3-malware-cnc.rules)
 * 1:32343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant inbound spam attempt (snort3-malware-cnc.rules)
 * 1:32330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (snort3-malware-cnc.rules)
 * 1:32310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli variant outbound connection (snort3-malware-cnc.rules)
 * 1:34263 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (snort3-malware-cnc.rules)
 * 1:32374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (snort3-malware-cnc.rules)
 * 1:34246 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AAEH variant outbound connection (snort3-malware-cnc.rules)
 * 1:32379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Baccamun variant outbound connection (snort3-malware-cnc.rules)
 * 1:32341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cakwerd variant outbound connection (snort3-malware-cnc.rules)
 * 1:32334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stantinko variant outbound connection (snort3-malware-cnc.rules)
 * 1:32311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rehtesyk outbound connection (snort3-malware-cnc.rules)
 * 1:33866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (snort3-malware-cnc.rules)
 * 1:34182 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (snort3-malware-cnc.rules)
 * 1:34041 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Igliveforg variant initial outbound connection (snort3-malware-cnc.rules)
 * 1:34140 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbound connection (snort3-malware-cnc.rules)
 * 1:33877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (snort3-malware-cnc.rules)
 * 1:33878 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (snort3-malware-cnc.rules)
 * 1:31883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Waterspout outbound connection (snort3-malware-cnc.rules)
 * 1:33822 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (snort3-malware-cnc.rules)
 * 1:34290 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Plez outbound connection (snort3-malware-cnc.rules)
 * 1:32511 <-> DISABLED <-> MALWARE-CNC PCRat variant outbound connection (snort3-malware-cnc.rules)
 * 1:32513 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Havex outbound connection (snort3-malware-cnc.rules)
 * 1:32011 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder outbound connection (snort3-malware-cnc.rules)
 * 1:31820 <-> DISABLED <-> MALWARE-CNC Win.Banker.Delf variant outbound connection (snort3-malware-cnc.rules)
 * 1:31824 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (snort3-malware-cnc.rules)
 * 1:31826 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant HTTP Response (snort3-malware-cnc.rules)
 * 1:31827 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (snort3-malware-cnc.rules)
 * 1:31828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jabberbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:31832 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pfinet outbound connection (snort3-malware-cnc.rules)
 * 1:31833 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chkbot outbound connection (snort3-malware-cnc.rules)
 * 1:31834 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Delorado variant outbound connection (snort3-malware-cnc.rules)
 * 1:31835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yesudac variant outbound connection (snort3-malware-cnc.rules)
 * 1:31836 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Seribe variant outbound connection (snort3-malware-cnc.rules)
 * 1:34155 <-> DISABLED <-> MALWARE-CNC MacOS.Backdoor.Xslcmd outbound connection (snort3-malware-cnc.rules)
 * 1:31837 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retgate variant outbound connection (snort3-malware-cnc.rules)
 * 1:31885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Threebyte variant outbound connection (snort3-malware-cnc.rules)
 * 1:31994 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (snort3-malware-cnc.rules)
 * 1:31897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (snort3-malware-cnc.rules)
 * 1:31904 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (snort3-malware-cnc.rules)
 * 1:31907 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Honerep variant outbound connection (snort3-malware-cnc.rules)
 * 1:31909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Basostab variant outbound connection (snort3-malware-cnc.rules)
 * 1:31911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Gareme variant outbound connection (snort3-malware-cnc.rules)
 * 1:31913 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maozhi variant outbound connection (snort3-malware-cnc.rules)
 * 1:31915 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Ziyazo variant outbound connection (snort3-malware-cnc.rules)
 * 1:31916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (snort3-malware-cnc.rules)
 * 1:31923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant HTTP response attempt (snort3-malware-cnc.rules)
 * 1:31924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (snort3-malware-cnc.rules)
 * 1:31925 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Jynxkit outbound connection (snort3-malware-cnc.rules)
 * 1:31928 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Becontr variant outbound connection (snort3-malware-cnc.rules)
 * 1:31929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (snort3-malware-cnc.rules)
 * 1:31930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (snort3-malware-cnc.rules)
 * 1:31941 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Pedrp variant outbound connection (snort3-malware-cnc.rules)
 * 1:31947 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - HttpCall - Win.Trojan.Rukypee (snort3-malware-cnc.rules)
 * 1:31948 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MyProgramm - Win.Trojan.Rukypee (snort3-malware-cnc.rules)
 * 1:31949 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Skypee - Win.Trojan.Rukypee (snort3-malware-cnc.rules)
 * 1:31954 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (snort3-malware-cnc.rules)
 * 1:31955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (snort3-malware-cnc.rules)
 * 1:31957 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Torct variant outbound connection (snort3-malware-cnc.rules)
 * 1:31964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (snort3-malware-cnc.rules)
 * 1:31973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chebri variant outbound connection (snort3-malware-cnc.rules)
 * 1:31974 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zegorg variant outbound connection (snort3-malware-cnc.rules)
 * 1:31990 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Install - Win.Backdoor.Upatre (snort3-malware-cnc.rules)
 * 1:31991 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Treck - Win.Backdoor.Upatre (snort3-malware-cnc.rules)
 * 1:31992 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (snort3-malware-cnc.rules)
 * 1:31997 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (snort3-malware-cnc.rules)
 * 1:31895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toupi variant outbound connection (snort3-malware-cnc.rules)
 * 1:32529 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Vkont variant outbound connection (snort3-malware-cnc.rules)
 * 1:32548 <-> DISABLED <-> MALWARE-CNC Mac.Backdoor.iWorm attempted outbound connection (snort3-malware-cnc.rules)
 * 1:32550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Extant variant outbound connection (snort3-malware-cnc.rules)
 * 1:32551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coreshell variant outbound connection (snort3-malware-cnc.rules)
 * 1:32556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayoboiz outbound connection (snort3-malware-cnc.rules)
 * 1:32557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayoboiz outbound connection (snort3-malware-cnc.rules)
 * 1:32583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (snort3-malware-cnc.rules)
 * 1:32584 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (snort3-malware-cnc.rules)
 * 1:32585 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (snort3-malware-cnc.rules)
 * 1:32586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (snort3-malware-cnc.rules)
 * 1:32598 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad file wipe attempt (snort3-malware-cnc.rules)
 * 1:32599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad outbound connection (snort3-malware-cnc.rules)
 * 1:32600 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad file wipe attempt (snort3-malware-cnc.rules)
 * 1:32604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Geodo variant outbound connection (snort3-malware-cnc.rules)
 * 1:32605 <-> DISABLED <-> MALWARE-CNC Win.Worm.Jenxcus variant outbound connection (snort3-malware-cnc.rules)
 * 1:32606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral variant outbound connection (snort3-malware-cnc.rules)
 * 1:32607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt (snort3-malware-cnc.rules)
 * 1:32608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt (snort3-malware-cnc.rules)
 * 1:32609 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (snort3-malware-cnc.rules)
 * 1:32610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive (snort3-malware-cnc.rules)
 * 1:32613 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jadowndec attempted outbound connection (snort3-malware-cnc.rules)
 * 1:32614 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jadowndec attempted outbound connection (snort3-malware-cnc.rules)
 * 1:32621 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (snort3-malware-cnc.rules)
 * 1:32624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (snort3-malware-cnc.rules)
 * 1:32645 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RUpdate (snort3-malware-cnc.rules)
 * 1:32665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chopstick variant outbound request (snort3-malware-cnc.rules)
 * 1:32667 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chopstick variant outbound request (snort3-malware-cnc.rules)
 * 1:32674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wiper variant outbound connection (snort3-malware-cnc.rules)
 * 1:32677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (snort3-malware-cnc.rules)
 * 1:32678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (snort3-malware-cnc.rules)
 * 1:32706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (snort3-malware-cnc.rules)
 * 1:32727 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Uclinu variant outbound connection (snort3-malware-cnc.rules)
 * 1:32728 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Olegb variant outbound connection (snort3-malware-cnc.rules)
 * 1:32734 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Typideg variant outbound connection (snort3-malware-cnc.rules)
 * 1:32735 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoPHP variant outbound connection (snort3-malware-cnc.rules)
 * 1:32736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoPHP variant outbound connection (snort3-malware-cnc.rules)
 * 1:32743 <-> DISABLED <-> MALWARE-CNC VGABot IRC communication attempt (snort3-malware-cnc.rules)
 * 1:32747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragebot variant outbound connection (snort3-malware-cnc.rules)
 * 1:32769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WOWCheckC Attempted CNC (snort3-malware-cnc.rules)
 * 1:32770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (snort3-malware-cnc.rules)
 * 1:32776 <-> DISABLED <-> MALWARE-CNC FIN4 VBA Macro credentials upload attempt (snort3-malware-cnc.rules)
 * 1:32780 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (snort3-malware-cnc.rules)
 * 1:32781 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (snort3-malware-cnc.rules)
 * 1:32791 <-> DISABLED <-> MALWARE-CNC Win.Virus.Ransomlock outbound connection (snort3-malware-cnc.rules)
 * 1:32792 <-> DISABLED <-> MALWARE-CNC Win.Virus.Ransomlock inbound connection (snort3-malware-cnc.rules)
 * 1:32823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection (snort3-malware-cnc.rules)
 * 1:32824 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel variant outbound connection (snort3-malware-cnc.rules)
 * 1:32825 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection (snort3-malware-cnc.rules)
 * 1:32826 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel data upload attempt (snort3-malware-cnc.rules)
 * 1:32827 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel response connection attempt (snort3-malware-cnc.rules)
 * 1:32852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection (snort3-malware-cnc.rules)
 * 1:32853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection (snort3-malware-cnc.rules)
 * 1:32854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Loodir outbound connection (snort3-malware-cnc.rules)
 * 1:32882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ksypypro outbound connection (snort3-malware-cnc.rules)
 * 1:32891 <-> DISABLED <-> MALWARE-CNC Php.Malware.SoakSoakRedirect Malware traffic containing WordPress Administrator credentials (snort3-malware-cnc.rules)
 * 1:32892 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorLocker variant outbound connection (snort3-malware-cnc.rules)
 * 1:32893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Finforst outbound connection (snort3-malware-cnc.rules)
 * 1:32908 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (snort3-malware-cnc.rules)
 * 1:32909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (snort3-malware-cnc.rules)
 * 1:32910 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (snort3-malware-cnc.rules)
 * 1:32950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bladabindi variant outbound connection (snort3-malware-cnc.rules)
 * 1:32956 <-> DISABLED <-> MALWARE-CNC Android.CoolReaper.Trojan outbound connection (snort3-malware-cnc.rules)
 * 1:32957 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound SOAP connection attempt (snort3-malware-cnc.rules)
 * 1:32958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot response connection attempt (snort3-malware-cnc.rules)
 * 1:32973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Twerket variant outbound connection (snort3-malware-cnc.rules)
 * 1:32976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluos variant outbound connection (snort3-malware-cnc.rules)
 * 1:32977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluos variant outbound connection (snort3-malware-cnc.rules)
 * 1:32978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (snort3-malware-cnc.rules)
 * 1:32979 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (snort3-malware-cnc.rules)
 * 1:32980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - multi-browser (snort3-malware-cnc.rules)
 * 1:32986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toopu dll embedded in png download attempt (snort3-malware-cnc.rules)
 * 1:32987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (snort3-malware-cnc.rules)
 * 1:32988 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (snort3-malware-cnc.rules)
 * 1:32989 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (snort3-malware-cnc.rules)
 * 1:32990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toopu outbound connection (snort3-malware-cnc.rules)
 * 1:33047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - realupdate - Win.Backdoor.Upatre (snort3-malware-cnc.rules)
 * 1:33054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Joanap outbound connection (snort3-malware-cnc.rules)
 * 1:33058 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant inbound connection (snort3-malware-cnc.rules)
 * 1:33059 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant outbound connection (snort3-malware-cnc.rules)
 * 1:33060 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant outbound connection (snort3-malware-cnc.rules)
 * 1:33061 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lagulon.A outbound connection (snort3-malware-cnc.rules)
 * 1:33081 <-> DISABLED <-> MALWARE-CNC OnionDuke variant outbound connection (snort3-malware-cnc.rules)
 * 1:33082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nocpos initial outbound connection (snort3-malware-cnc.rules)
 * 1:33083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nocpos information disclosure attempt (snort3-malware-cnc.rules)
 * 1:33084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tosct variant outbound connection (snort3-malware-cnc.rules)
 * 1:33145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (snort3-malware-cnc.rules)
 * 1:33147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (snort3-malware-cnc.rules)
 * 1:33148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (snort3-malware-cnc.rules)
 * 1:33149 <-> DISABLED <-> MALWARE-CNC Win.Worm.Ultramine outbound connection (snort3-malware-cnc.rules)
 * 1:33152 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nurjax.A outbound connection (snort3-malware-cnc.rules)
 * 1:33153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Heur variant outbound connection (snort3-malware-cnc.rules)
 * 1:33161 <-> DISABLED <-> MALWARE-CNC Win.Spyware.Rombertik outbound connection (snort3-malware-cnc.rules)
 * 1:33165 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poweliks outbound connection (snort3-malware-cnc.rules)
 * 1:33199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Sabeba outbound connection (snort3-malware-cnc.rules)
 * 1:33200 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pisces variant outbound connection (snort3-malware-cnc.rules)
 * 1:33207 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mazilla/5.0 - Win.Backdoor.Upatre (snort3-malware-cnc.rules)
 * 1:33211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (snort3-malware-cnc.rules)
 * 1:33217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuovoscor variant outbound connection (snort3-malware-cnc.rules)
 * 1:33218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cendode system information disclosure attempt (snort3-malware-cnc.rules)
 * 1:33219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue variant outbound connection (snort3-malware-cnc.rules)
 * 1:33220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye keylogger exfiltration attempt (snort3-malware-cnc.rules)
 * 1:33221 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (snort3-malware-cnc.rules)
 * 1:33222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (snort3-malware-cnc.rules)
 * 1:33223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (snort3-malware-cnc.rules)
 * 1:33227 <-> DISABLED <-> MALWARE-CNC Win.Agent.BHHK variant outbound connection (snort3-malware-cnc.rules)
 * 1:33228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (snort3-malware-cnc.rules)
 * 1:33230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox - Win.Backdoor.Upatre (snort3-malware-cnc.rules)
 * 1:33231 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox/5.0 - Win.Backdoor.Upatre (snort3-malware-cnc.rules)
 * 1:33232 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - AppUpdate - Win.Backdoor.Upatre (snort3-malware-cnc.rules)
 * 1:33233 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-1 - Win.Backdoor.Upatre (snort3-malware-cnc.rules)
 * 1:33234 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2508Inst - Win.Backdoor.Upatre (snort3-malware-cnc.rules)
 * 1:33235 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-2 - Win.Backdoor.Upatre (snort3-malware-cnc.rules)
 * 1:33236 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2808inst - Win.Backdoor.Upatre (snort3-malware-cnc.rules)
 * 1:33237 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Player - Win.Backdoor.Upatre (snort3-malware-cnc.rules)
 * 1:33238 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Wurst - Win.Backdoor.Upatre (snort3-malware-cnc.rules)
 * 1:33239 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Installer/1.0 - Win.Backdoor.Upatre (snort3-malware-cnc.rules)
 * 1:33240 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - FixUpdate - Win.Backdoor.Upatre (snort3-malware-cnc.rules)
 * 1:33242 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Explorer - Win.Backdoor.Upatre (snort3-malware-cnc.rules)
 * 1:33243 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozilla - Win.Backdoor.Upatre (snort3-malware-cnc.rules)
 * 1:33244 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera - Win.Backdoor.Upatre (snort3-malware-cnc.rules)
 * 1:33245 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera10 - Win.Backdoor.Upatre (snort3-malware-cnc.rules)
 * 1:33246 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - OperaMini - Win.Backdoor.Upatre (snort3-malware-cnc.rules)
 * 1:33248 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Peers12 - Win.Backdoor.Upatre (snort3-malware-cnc.rules)
 * 1:33249 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SLSSoapClient - Win.Backdoor.Upatre (snort3-malware-cnc.rules)
 * 1:33250 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Tintin - Win.Backdoor.Upatre (snort3-malware-cnc.rules)
 * 1:33251 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - USER_CHECK - Win.Backdoor.Upatre (snort3-malware-cnc.rules)
 * 1:33252 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - WATClient - Win.Backdoor.Upatre (snort3-malware-cnc.rules)
 * 1:33253 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - bbbbbbbbbb - Win.Backdoor.Upatre (snort3-malware-cnc.rules)
 * 1:33254 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - hi - Win.Backdoor.Upatre (snort3-malware-cnc.rules)
 * 1:33255 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - iMacros - Win.Backdoor.Upatre (snort3-malware-cnc.rules)
 * 1:33256 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - macrotest - Win.Backdoor.Upatre (snort3-malware-cnc.rules)
 * 1:33257 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlymacros - Win.Backdoor.Upatre (snort3-malware-cnc.rules)
 * 1:33258 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Updates downloader - Win.Backdoor.Upatre (snort3-malware-cnc.rules)
 * 1:33259 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - testupdate - Win.Backdoor.Upatre (snort3-malware-cnc.rules)
 * 1:33260 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlyupdate - Win.Backdoor.Upatre (snort3-malware-cnc.rules)
 * 1:33282 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (snort3-malware-cnc.rules)
 * 1:33284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.OnLineGames variant outbound connection (snort3-malware-cnc.rules)
 * 1:33285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bavload outbound download request attempt (snort3-malware-cnc.rules)
 * 1:33289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rawpos incoming backdoor connection attempt (snort3-malware-cnc.rules)
 * 1:33299 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foxy variant outbound connection (snort3-malware-cnc.rules)
 * 1:33305 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rubinurd variant outbound connection (snort3-malware-cnc.rules)
 * 1:33328 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (snort3-malware-cnc.rules)
 * 1:33329 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (snort3-malware-cnc.rules)
 * 1:33330 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (snort3-malware-cnc.rules)
 * 1:33342 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (snort3-malware-cnc.rules)
 * 1:33411 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (snort3-malware-cnc.rules)
 * 1:33431 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (snort3-malware-cnc.rules)
 * 1:33432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (snort3-malware-cnc.rules)
 * 1:33433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (snort3-malware-cnc.rules)
 * 1:33434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (snort3-malware-cnc.rules)
 * 1:33435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (snort3-malware-cnc.rules)
 * 1:33439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gefetroe variant outbound connection (snort3-malware-cnc.rules)
 * 1:33443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (snort3-malware-cnc.rules)
 * 1:33444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (snort3-malware-cnc.rules)
 * 1:33449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileEncoder IP geolocation checkin attempt (snort3-malware-cnc.rules)
 * 1:33450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileEncoder variant outbound connection (snort3-malware-cnc.rules)
 * 1:33453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (snort3-malware-cnc.rules)
 * 1:33456 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (snort3-malware-cnc.rules)
 * 1:33457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (snort3-malware-cnc.rules)
 * 1:33464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dynamer variant outbound connection (snort3-malware-cnc.rules)
 * 1:33481 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Xnote outbound connection (snort3-malware-cnc.rules)
 * 1:33482 <-> DISABLED <-> MALWARE-CNC Win.Worm.Enosch variant outbound connection (snort3-malware-cnc.rules)
 * 1:33496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda variant outbound connection (snort3-malware-cnc.rules)
 * 1:33513 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - XAgent - Operation Pawn Storm (snort3-malware-cnc.rules)
 * 1:33519 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ALIZER (snort3-malware-cnc.rules)
 * 1:33520 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy inbound CNC response (snort3-malware-cnc.rules)
 * 1:33521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (snort3-malware-cnc.rules)
 * 1:33522 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - DNS Changer (snort3-malware-cnc.rules)
 * 1:33523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (snort3-malware-cnc.rules)
 * 1:33524 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (snort3-malware-cnc.rules)
 * 1:33543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (snort3-malware-cnc.rules)
 * 1:33545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (snort3-malware-cnc.rules)
 * 1:33546 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (snort3-malware-cnc.rules)
 * 1:33547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Turla outbound connection (snort3-malware-cnc.rules)
 * 1:33594 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (snort3-malware-cnc.rules)
 * 1:33620 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.lubot outbound connection (snort3-malware-cnc.rules)
 * 1:33621 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.lubot outbound connection (snort3-malware-cnc.rules)
 * 1:33633 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Downing - Win.Trojan.Otwycal (snort3-malware-cnc.rules)
 * 1:33646 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (snort3-malware-cnc.rules)
 * 1:33647 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (snort3-malware-cnc.rules)
 * 1:33648 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (snort3-malware-cnc.rules)
 * 1:33649 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Google Omaha - Win.Trojan.ExtenBro (snort3-malware-cnc.rules)
 * 1:33650 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba outbound connection (snort3-malware-cnc.rules)
 * 1:33674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (snort3-malware-cnc.rules)
 * 1:33675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (snort3-malware-cnc.rules)
 * 1:33677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Babar outbound connection (snort3-malware-cnc.rules)
 * 1:33678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FannyWorm outbound connection (snort3-malware-cnc.rules)
 * 1:33704 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (snort3-malware-cnc.rules)
 * 1:33745 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (snort3-malware-cnc.rules)
 * 1:33746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (snort3-malware-cnc.rules)
 * 1:33747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (snort3-malware-cnc.rules)
 * 1:33748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (snort3-malware-cnc.rules)
 * 1:33749 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (snort3-malware-cnc.rules)
 * 1:33750 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (snort3-malware-cnc.rules)
 * 1:33751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (snort3-malware-cnc.rules)
 * 1:33752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (snort3-malware-cnc.rules)
 * 1:33753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (snort3-malware-cnc.rules)
 * 1:33754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (snort3-malware-cnc.rules)
 * 1:33755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (snort3-malware-cnc.rules)
 * 1:33818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (snort3-malware-cnc.rules)
 * 1:33819 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (snort3-malware-cnc.rules)
 * 1:33820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (snort3-malware-cnc.rules)
 * 1:32521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 2.0 possible TOR client retrieval attempt (snort3-malware-cnc.rules)
 * 1:31995 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (snort3-malware-cnc.rules)
 * 1:31998 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (snort3-malware-cnc.rules)
 * 1:31999 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (snort3-malware-cnc.rules)
 * 1:32000 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (snort3-malware-cnc.rules)
 * 1:32001 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (snort3-malware-cnc.rules)
 * 1:32002 <-> DISABLED <-> MALWARE-CNC Win.Worm.Zorenium variant outbound connection (snort3-malware-cnc.rules)
 * 1:32009 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder inbound connection attempt - command (snort3-malware-cnc.rules)
 * 1:32010 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder outbound telnet connection attempt (snort3-malware-cnc.rules)
 * 1:32512 <-> DISABLED <-> MALWARE-CNC PCRat variant outbound connection (snort3-malware-cnc.rules)
 * 1:32012 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Bipamid variant outbound connection (snort3-malware-cnc.rules)
 * 1:32013 <-> DISABLED <-> MALWARE-CNC Linux.Worm.Darlloz variant outbound connection (snort3-malware-cnc.rules)
 * 1:32015 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zeus variant outbound connection (snort3-malware-cnc.rules)
 * 1:32016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Menteni variant outbound connection (snort3-malware-cnc.rules)
 * 1:32017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Memlog SMB file transfer (snort3-malware-cnc.rules)
 * 1:32018 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Hupigon.NYK variant outbound connection (snort3-malware-cnc.rules)
 * 1:32020 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Krompt variant outbound connection (snort3-malware-cnc.rules)
 * 1:32023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinpid variant outbound connection (snort3-malware-cnc.rules)
 * 1:32028 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Klabcon variant outbound connection (snort3-malware-cnc.rules)
 * 1:32030 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Decibal - Win.Trojan.Decibal (snort3-malware-cnc.rules)
 * 1:32031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Decibal variant outbound connection (snort3-malware-cnc.rules)
 * 1:32033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larosden variant outbound connection (snort3-malware-cnc.rules)
 * 1:32034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larefervt variant outbound connection (snort3-malware-cnc.rules)
 * 1:32035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boleteiro variant outbound connection (snort3-malware-cnc.rules)
 * 1:32036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Somoca vaniant outbound connection (snort3-malware-cnc.rules)
 * 1:32037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload.awt variant outbound connection (snort3-malware-cnc.rules)
 * 1:32048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lecpetex variant outbound connection (snort3-malware-cnc.rules)
 * 1:32050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Larosden variant outbound connection (snort3-malware-cnc.rules)
 * 1:32052 <-> DISABLED <-> MALWARE-CNC User-Agent Xsser mRAT user-agent (snort3-malware-cnc.rules)
 * 1:32053 <-> DISABLED <-> MALWARE-CNC Xsser mRAT GPS data upload (snort3-malware-cnc.rules)
 * 1:32054 <-> DISABLED <-> MALWARE-CNC Xsser mRAT file upload (snort3-malware-cnc.rules)
 * 1:32058 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Masatekar variant outbound connection (snort3-malware-cnc.rules)
 * 1:32060 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent string - httptestman - Win.Backdoor.Rabasheeta (snort3-malware-cnc.rules)
 * 1:32061 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Nekill variant outbound connection (snort3-malware-cnc.rules)
 * 1:32065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox inbound connection (snort3-malware-cnc.rules)
 * 1:32066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox outbound connection (snort3-malware-cnc.rules)
 * 1:32067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox outbound connection (snort3-malware-cnc.rules)
 * 1:32071 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zapchast variant outbound connection (snort3-malware-cnc.rules)
 * 1:32072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot configuration download attempt (snort3-malware-cnc.rules)
 * 1:32073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot outbound connection (snort3-malware-cnc.rules)
 * 1:32074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot payload download attempt (snort3-malware-cnc.rules)
 * 1:32075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small variant outbound connection (snort3-malware-cnc.rules)
 * 1:32086 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Corkow variant outbound connection (snort3-malware-cnc.rules)
 * 1:32090 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saaglup variant outbound connection (snort3-malware-cnc.rules)
 * 1:32091 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.PcertStealer variant outbound connection (snort3-malware-cnc.rules)
 * 1:32093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (snort3-malware-cnc.rules)
 * 1:32096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Puver variant outbound connection (snort3-malware-cnc.rules)
 * 1:32121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (snort3-malware-cnc.rules)
 * 1:32123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:32125 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - update - Win.Backdoor.Upatre (snort3-malware-cnc.rules)
 * 1:32126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lizarbot outbound connection (snort3-malware-cnc.rules)
 * 1:32129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (snort3-malware-cnc.rules)
 * 1:32130 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (snort3-malware-cnc.rules)
 * 1:32175 <-> DISABLED <-> MALWARE-CNC Osx.Backdoor.iWorm variant outbound connection (snort3-malware-cnc.rules)
 * 1:32179 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Plugx variant outbound connection (snort3-malware-cnc.rules)
 * 1:32180 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.ZxShell connection incoming attempt (snort3-malware-cnc.rules)
 * 1:32181 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.ZxShell connection outgoing attempt (snort3-malware-cnc.rules)
 * 1:32192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zxshell variant outbound connection (snort3-malware-cnc.rules)
 * 1:32193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dubrute variant outbound connection (snort3-malware-cnc.rules)
 * 1:32194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dubrute variant outbound connection (snort3-malware-cnc.rules)
 * 1:32195 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Palebot variant outbound connection (snort3-malware-cnc.rules)
 * 1:32196 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (snort3-malware-cnc.rules)
 * 1:32197 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zerolocker variant outbound connection (snort3-malware-cnc.rules)
 * 1:32198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mujormel outbound connection (snort3-malware-cnc.rules)
 * 1:32202 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Soaphrish variant outbound connection (snort3-malware-cnc.rules)
 * 1:32220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy download detected (snort3-malware-cnc.rules)
 * 1:32221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy download detected (snort3-malware-cnc.rules)
 * 1:32222 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Liroospu variant outbound connection (snort3-malware-cnc.rules)
 * 1:32225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall variant outbound connection (snort3-malware-cnc.rules)
 * 1:32243 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Clemint variant outbound connection (snort3-malware-cnc.rules)
 * 1:32250 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hydraq.variant outbound detected (snort3-malware-cnc.rules)
 * 1:32270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba variant outbound connection (snort3-malware-cnc.rules)
 * 1:32272 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Hesechca variant outbound connection (snort3-malware-cnc.rules)
 * 1:32285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zoxpng variant outbound connection (snort3-malware-cnc.rules)
 * 1:32287 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sapertilz variant outbound connection (snort3-malware-cnc.rules)
 * 1:32289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (snort3-malware-cnc.rules)
 * 1:32290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (snort3-malware-cnc.rules)
 * 1:34036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (snort3-malware-cnc.rules)
 * 1:34262 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (snort3-malware-cnc.rules)
 * 1:33914 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Barys (snort3-malware-cnc.rules)
 * 1:33891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Amasages variant outbound connection (snort3-malware-cnc.rules)
 * 1:34028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bruecimig variant outbound connection (snort3-malware-cnc.rules)
 * 1:33931 <-> DISABLED <-> MALWARE-CNC Win.Worm.Goldrv variant outbound connection (snort3-malware-cnc.rules)
 * 1:34033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (snort3-malware-cnc.rules)
 * 1:33873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tepoyx outbound connection detection (snort3-malware-cnc.rules)
 * 1:34026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (snort3-malware-cnc.rules)
 * 1:34113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent beacon reply attempt (snort3-malware-cnc.rules)
 * 1:33966 <-> DISABLED <-> MALWARE-CNC Win.Worm.Mafusc variant outbound connection (snort3-malware-cnc.rules)
 * 1:34128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WIntruder outbound connection (snort3-malware-cnc.rules)
 * 1:33932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tempedreve Samba probe (snort3-malware-cnc.rules)
 * 1:34183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (snort3-malware-cnc.rules)
 * 1:34108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarsi variant outbound connection (snort3-malware-cnc.rules)
 * 1:34044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Exacrytion variant outbound connection (snort3-malware-cnc.rules)
 * 1:33863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (snort3-malware-cnc.rules)
 * 1:33907 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - KAIIOOOO871 - Win.Trojan.Dridex (snort3-malware-cnc.rules)
 * 1:33857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PwnPOS data exfiltration attempt (snort3-malware-cnc.rules)
 * 1:34116 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (snort3-malware-cnc.rules)
 * 1:34038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (snort3-malware-cnc.rules)
 * 1:34283 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (snort3-malware-cnc.rules)
 * 1:32295 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string http - Win.Trojan.Waski (snort3-malware-cnc.rules)
 * 1:32354 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsune variant outbound connection (snort3-malware-cnc.rules)
 * 1:32373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Broonject variant outbound connection (snort3-malware-cnc.rules)
 * 1:32328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant download request (snort3-malware-cnc.rules)
 * 1:32493 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA variant outbound connection (snort3-malware-cnc.rules)
 * 1:32457 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Effseart variant inbound connection (snort3-malware-cnc.rules)
 * 1:32487 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Exadog variant outbound connection (snort3-malware-cnc.rules)
 * 1:32372 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drepitt variant outbound connection (snort3-malware-cnc.rules)
 * 1:32400 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Parama attempted outbound connection (snort3-malware-cnc.rules)
 * 1:32312 <-> DISABLED <-> MALWARE-CNC FrameworkPOS data exfiltration through DNS - beacon message (snort3-malware-cnc.rules)
 * 1:32464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker variant outbound connection (snort3-malware-cnc.rules)
 * 1:32394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (snort3-malware-cnc.rules)
 * 1:32510 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.PiltabeA outbound connection (snort3-malware-cnc.rules)
 * 1:34291 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string crackim (snort3-malware-cnc.rules)
 * 1:32292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (snort3-malware-cnc.rules)
 * 1:33865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (snort3-malware-cnc.rules)
 * 1:34292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kraken outbound connection (snort3-malware-cnc.rules)
 * 1:34261 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (snort3-malware-cnc.rules)
 * 1:32291 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (snort3-malware-cnc.rules)
 * 1:32293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Acanas variant outbound connection (snort3-malware-cnc.rules)
 * 1:32486 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Exadog outbound connection (snort3-malware-cnc.rules)
 * 1:32357 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Akaza variant outbound connection (snort3-malware-cnc.rules)
 * 1:32367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GameOverZeus variant outbound connection (snort3-malware-cnc.rules)
 * 1:33876 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (snort3-malware-cnc.rules)
 * 1:32494 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA variant outbound connection (snort3-malware-cnc.rules)
 * 1:32469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankeiya outbound connection (snort3-malware-cnc.rules)
 * 1:32402 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent globalupdate - Osx.Trojan.Wirelurker (snort3-malware-cnc.rules)
 * 1:34296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (snort3-malware-cnc.rules)
 * 1:34297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (snort3-malware-cnc.rules)
 * 1:34307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (snort3-malware-cnc.rules)
 * 1:34308 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (snort3-malware-cnc.rules)
 * 1:40066 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.LokiBot (snort3-malware-cnc.rules)
 * 1:40067 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LokiBot outbound connection (snort3-malware-cnc.rules)
 * 1:46062 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (snort3-server-webapp.rules)
 * 1:46063 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (snort3-server-webapp.rules)
 * 1:46064 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (snort3-server-webapp.rules)
 * 1:48818 <-> ENABLED <-> MALWARE-CNC Js.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules)

2020-10-15 12:57:43 UTC

Snort Subscriber Rules Update

Date: 2020-10-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56004 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CMW 100 cross site scripting attempt (server-webapp.rules)
 * 1:55999 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules)
 * 1:56009 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt (browser-webkit.rules)
 * 1:56006 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules)
 * 1:56003 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant initial outbound request detected (malware-cnc.rules)
 * 1:56000 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules)
 * 1:56005 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules)
 * 1:56001 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules)
 * 1:56002 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CMW 100 SQL injection attempt (server-webapp.rules)
 * 1:56008 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt (browser-webkit.rules)
 * 1:56007 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules)

Modified Rules:


 * 1:33985 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.ChinaZ outbound connection (malware-cnc.rules)
 * 1:33543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules)
 * 1:33862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:34001 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules)
 * 1:34025 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules)
 * 1:34010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:33859 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PwnPOS data exfiltration attempt (malware-cnc.rules)
 * 1:33914 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Barys (malware-cnc.rules)
 * 1:33868 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:34007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34041 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Igliveforg variant initial outbound connection (malware-cnc.rules)
 * 1:33885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules)
 * 1:34032 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:33893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules)
 * 1:34136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant MSSQL response (malware-cnc.rules)
 * 1:33989 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules)
 * 1:34216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (malware-cnc.rules)
 * 1:34006 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:33933 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Penget variant outbound connection (malware-cnc.rules)
 * 1:34052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NewPos outbound connection (malware-cnc.rules)
 * 1:33912 <-> DISABLED <-> MALWARE-CNC Cryptofortress Decryption Software Purchase Tor Website (malware-cnc.rules)
 * 1:33884 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string dolit (malware-cnc.rules)
 * 1:34045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eitenckay initial outbound connection (malware-cnc.rules)
 * 1:34217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aytoke variant outbound connection (malware-cnc.rules)
 * 1:33879 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules)
 * 1:34004 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34261 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:33851 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules)
 * 1:34036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:33886 <-> DISABLED <-> MALWARE-CNC WIn.Trojan.HawkEye keylogger variant outbound connection (malware-cnc.rules)
 * 1:34008 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34155 <-> DISABLED <-> MALWARE-CNC MacOS.Backdoor.Xslcmd outbound connection (malware-cnc.rules)
 * 1:33872 <-> DISABLED <-> MALWARE-CNC Win.Worm.Urahu outbound connection (malware-cnc.rules)
 * 1:33883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadtre variant outbound connection (malware-cnc.rules)
 * 1:34140 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbound connection (malware-cnc.rules)
 * 1:33891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Amasages variant outbound connection (malware-cnc.rules)
 * 1:34042 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Igliveforg variant outbound connection (malware-cnc.rules)
 * 1:34003 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules)
 * 1:34117 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zupdax variant outbound connection (malware-cnc.rules)
 * 1:33482 <-> DISABLED <-> MALWARE-CNC Win.Worm.Enosch variant outbound connection (malware-cnc.rules)
 * 1:33431 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33878 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules)
 * 1:33907 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - KAIIOOOO871 - Win.Trojan.Dridex (malware-cnc.rules)
 * 1:33866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33992 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules)
 * 1:33861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tempedreve Samba probe (malware-cnc.rules)
 * 1:33854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LogPOS variant outbound connection (malware-cnc.rules)
 * 1:34037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:33876 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules)
 * 1:33620 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.lubot outbound connection (malware-cnc.rules)
 * 1:34046 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expilan variant outbound connection (malware-cnc.rules)
 * 1:34050 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nepigon variant outbound connection (malware-cnc.rules)
 * 1:34026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules)
 * 1:34035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:33464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dynamer variant outbound connection (malware-cnc.rules)
 * 1:33621 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.lubot outbound connection (malware-cnc.rules)
 * 1:34182 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:33821 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:34262 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:33867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:33450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileEncoder variant outbound connection (malware-cnc.rules)
 * 1:33513 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - XAgent - Operation Pawn Storm (malware-cnc.rules)
 * 1:31836 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Seribe variant outbound connection (malware-cnc.rules)
 * 1:34263 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:33433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules)
 * 1:33444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules)
 * 1:33411 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules)
 * 1:34049 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.EvilBunny variant outbound connection (malware-cnc.rules)
 * 1:33443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:34282 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:33650 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba outbound connection (malware-cnc.rules)
 * 1:33496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda variant outbound connection (malware-cnc.rules)
 * 1:33449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileEncoder IP geolocation checkin attempt (malware-cnc.rules)
 * 1:33520 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy inbound CNC response (malware-cnc.rules)
 * 1:33747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33481 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Xnote outbound connection (malware-cnc.rules)
 * 1:33930 <-> DISABLED <-> MALWARE-CNC Vicepass outbound connection initial request to the CNC sending system information (malware-cnc.rules)
 * 1:33521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (malware-cnc.rules)
 * 1:33864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:34034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:33545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules)
 * 1:34281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:34033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:33439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gefetroe variant outbound connection (malware-cnc.rules)
 * 1:33432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:34039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banklaed variant outbound connection (malware-cnc.rules)
 * 1:33519 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ALIZER (malware-cnc.rules)
 * 1:33994 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Beshida outbound connection (malware-cnc.rules)
 * 1:34044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Exacrytion variant outbound connection (malware-cnc.rules)
 * 1:34183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:33931 <-> DISABLED <-> MALWARE-CNC Win.Worm.Goldrv variant outbound connection (malware-cnc.rules)
 * 1:34038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Capimac variant outbound connection (malware-cnc.rules)
 * 1:33852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules)
 * 1:34128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WIntruder outbound connection (malware-cnc.rules)
 * 1:33877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules)
 * 1:34002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules)
 * 1:34161 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Punkey outbound connection (malware-cnc.rules)
 * 1:34009 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:33892 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xerq outbound connection (malware-cnc.rules)
 * 1:34181 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:34013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ayuther variant outbound connection (malware-cnc.rules)
 * 1:33745 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33633 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Downing - Win.Trojan.Otwycal (malware-cnc.rules)
 * 1:33523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (malware-cnc.rules)
 * 1:33750 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33594 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules)
 * 1:33547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Turla outbound connection (malware-cnc.rules)
 * 1:46064 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules)
 * 1:34111 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chrozil variant outbound connection (malware-cnc.rules)
 * 1:33648 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:34286 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mudrop variant outbound connection (malware-cnc.rules)
 * 1:33674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules)
 * 1:33751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:33819 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:33820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:48818 <-> ENABLED <-> MALWARE-CNC Js.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:33822 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules)
 * 1:33647 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:33054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Joanap outbound connection (malware-cnc.rules)
 * 1:31820 <-> DISABLED <-> MALWARE-CNC Win.Banker.Delf variant outbound connection (malware-cnc.rules)
 * 1:31824 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:31826 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant HTTP Response (malware-cnc.rules)
 * 1:31827 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules)
 * 1:31828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jabberbot variant outbound connection (malware-cnc.rules)
 * 1:31832 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pfinet outbound connection (malware-cnc.rules)
 * 1:31833 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chkbot outbound connection (malware-cnc.rules)
 * 1:31834 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Delorado variant outbound connection (malware-cnc.rules)
 * 1:31835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yesudac variant outbound connection (malware-cnc.rules)
 * 1:33058 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant inbound connection (malware-cnc.rules)
 * 1:31993 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toupi variant outbound connection (malware-cnc.rules)
 * 1:31897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (malware-cnc.rules)
 * 1:31904 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:31907 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Honerep variant outbound connection (malware-cnc.rules)
 * 1:31909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Basostab variant outbound connection (malware-cnc.rules)
 * 1:31911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Gareme variant outbound connection (malware-cnc.rules)
 * 1:31913 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maozhi variant outbound connection (malware-cnc.rules)
 * 1:31915 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Ziyazo variant outbound connection (malware-cnc.rules)
 * 1:31916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:31923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant HTTP response attempt (malware-cnc.rules)
 * 1:31924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:31925 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Jynxkit outbound connection (malware-cnc.rules)
 * 1:31928 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Becontr variant outbound connection (malware-cnc.rules)
 * 1:31929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules)
 * 1:31930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules)
 * 1:31941 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Pedrp variant outbound connection (malware-cnc.rules)
 * 1:31947 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - HttpCall - Win.Trojan.Rukypee (malware-cnc.rules)
 * 1:31948 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MyProgramm - Win.Trojan.Rukypee (malware-cnc.rules)
 * 1:31949 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Skypee - Win.Trojan.Rukypee (malware-cnc.rules)
 * 1:31954 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules)
 * 1:31955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules)
 * 1:31957 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Torct variant outbound connection (malware-cnc.rules)
 * 1:31964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:31973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chebri variant outbound connection (malware-cnc.rules)
 * 1:31974 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zegorg variant outbound connection (malware-cnc.rules)
 * 1:33678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FannyWorm outbound connection (malware-cnc.rules)
 * 1:31990 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Install - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:34011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:31883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Waterspout outbound connection (malware-cnc.rules)
 * 1:32979 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules)
 * 1:31994 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31995 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31996 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31997 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31998 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:31999 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:32000 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:32001 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:32002 <-> DISABLED <-> MALWARE-CNC Win.Worm.Zorenium variant outbound connection (malware-cnc.rules)
 * 1:32009 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder inbound connection attempt - command (malware-cnc.rules)
 * 1:32010 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder outbound telnet connection attempt (malware-cnc.rules)
 * 1:32011 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder outbound connection (malware-cnc.rules)
 * 1:32012 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Bipamid variant outbound connection (malware-cnc.rules)
 * 1:32013 <-> DISABLED <-> MALWARE-CNC Linux.Worm.Darlloz variant outbound connection (malware-cnc.rules)
 * 1:32015 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zeus variant outbound connection (malware-cnc.rules)
 * 1:32016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Menteni variant outbound connection (malware-cnc.rules)
 * 1:32017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Memlog SMB file transfer (malware-cnc.rules)
 * 1:32018 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Hupigon.NYK variant outbound connection (malware-cnc.rules)
 * 1:32020 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Krompt variant outbound connection (malware-cnc.rules)
 * 1:32023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinpid variant outbound connection (malware-cnc.rules)
 * 1:32028 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Klabcon variant outbound connection (malware-cnc.rules)
 * 1:32030 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Decibal - Win.Trojan.Decibal (malware-cnc.rules)
 * 1:32031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Decibal variant outbound connection (malware-cnc.rules)
 * 1:32033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larosden variant outbound connection (malware-cnc.rules)
 * 1:32034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larefervt variant outbound connection (malware-cnc.rules)
 * 1:32035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boleteiro variant outbound connection (malware-cnc.rules)
 * 1:32036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Somoca vaniant outbound connection (malware-cnc.rules)
 * 1:32037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload.awt variant outbound connection (malware-cnc.rules)
 * 1:32048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lecpetex variant outbound connection (malware-cnc.rules)
 * 1:32050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Larosden variant outbound connection (malware-cnc.rules)
 * 1:32052 <-> DISABLED <-> MALWARE-CNC User-Agent Xsser mRAT user-agent (malware-cnc.rules)
 * 1:32053 <-> DISABLED <-> MALWARE-CNC Xsser mRAT GPS data upload (malware-cnc.rules)
 * 1:32054 <-> DISABLED <-> MALWARE-CNC Xsser mRAT file upload (malware-cnc.rules)
 * 1:32058 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Masatekar variant outbound connection (malware-cnc.rules)
 * 1:32060 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent string - httptestman - Win.Backdoor.Rabasheeta (malware-cnc.rules)
 * 1:32061 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Nekill variant outbound connection (malware-cnc.rules)
 * 1:32065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox inbound connection (malware-cnc.rules)
 * 1:32066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox outbound connection (malware-cnc.rules)
 * 1:32067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox outbound connection (malware-cnc.rules)
 * 1:32071 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zapchast variant outbound connection (malware-cnc.rules)
 * 1:32072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot configuration download attempt (malware-cnc.rules)
 * 1:32073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot outbound connection (malware-cnc.rules)
 * 1:32074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot payload download attempt (malware-cnc.rules)
 * 1:32075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small variant outbound connection (malware-cnc.rules)
 * 1:32086 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Corkow variant outbound connection (malware-cnc.rules)
 * 1:32090 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saaglup variant outbound connection (malware-cnc.rules)
 * 1:32091 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.PcertStealer variant outbound connection (malware-cnc.rules)
 * 1:32093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:32096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Puver variant outbound connection (malware-cnc.rules)
 * 1:32121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (malware-cnc.rules)
 * 1:32123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:32125 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - update - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:32126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lizarbot outbound connection (malware-cnc.rules)
 * 1:32129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:32130 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:32175 <-> DISABLED <-> MALWARE-CNC Osx.Backdoor.iWorm variant outbound connection (malware-cnc.rules)
 * 1:32179 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Plugx variant outbound connection (malware-cnc.rules)
 * 1:32180 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.ZxShell connection incoming attempt (malware-cnc.rules)
 * 1:32181 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.ZxShell connection outgoing attempt (malware-cnc.rules)
 * 1:32192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zxshell variant outbound connection (malware-cnc.rules)
 * 1:32193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dubrute variant outbound connection (malware-cnc.rules)
 * 1:32194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dubrute variant outbound connection (malware-cnc.rules)
 * 1:32195 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Palebot variant outbound connection (malware-cnc.rules)
 * 1:32196 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:32197 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zerolocker variant outbound connection (malware-cnc.rules)
 * 1:32198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mujormel outbound connection (malware-cnc.rules)
 * 1:32202 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Soaphrish variant outbound connection (malware-cnc.rules)
 * 1:32220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy download detected (malware-cnc.rules)
 * 1:32221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy download detected (malware-cnc.rules)
 * 1:32222 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Liroospu variant outbound connection (malware-cnc.rules)
 * 1:32225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall variant outbound connection (malware-cnc.rules)
 * 1:32243 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Clemint variant outbound connection (malware-cnc.rules)
 * 1:32250 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hydraq.variant outbound detected (malware-cnc.rules)
 * 1:32270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba variant outbound connection (malware-cnc.rules)
 * 1:32272 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Hesechca variant outbound connection (malware-cnc.rules)
 * 1:32285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zoxpng variant outbound connection (malware-cnc.rules)
 * 1:32287 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sapertilz variant outbound connection (malware-cnc.rules)
 * 1:32289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules)
 * 1:32290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules)
 * 1:32291 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules)
 * 1:32292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules)
 * 1:32293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Acanas variant outbound connection (malware-cnc.rules)
 * 1:32294 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent BloodguyBrowser-_- (malware-cnc.rules)
 * 1:32295 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string http - Win.Trojan.Waski (malware-cnc.rules)
 * 1:32296 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string update - Win.Trojan.Waski (malware-cnc.rules)
 * 1:32310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli variant outbound connection (malware-cnc.rules)
 * 1:32311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rehtesyk outbound connection (malware-cnc.rules)
 * 1:32312 <-> DISABLED <-> MALWARE-CNC FrameworkPOS data exfiltration through DNS - beacon message (malware-cnc.rules)
 * 1:32328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant download request (malware-cnc.rules)
 * 1:32329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules)
 * 1:32330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules)
 * 1:32331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules)
 * 1:32332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hancitor variant outbound connection (malware-cnc.rules)
 * 1:32333 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string fast uax (malware-cnc.rules)
 * 1:32334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stantinko variant outbound connection (malware-cnc.rules)
 * 1:32338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ropest variant outbound connection (malware-cnc.rules)
 * 1:32341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cakwerd variant outbound connection (malware-cnc.rules)
 * 1:32343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant inbound spam attempt (malware-cnc.rules)
 * 1:32344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound spam attempt (malware-cnc.rules)
 * 1:32354 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsune variant outbound connection (malware-cnc.rules)
 * 1:32357 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Akaza variant outbound connection (malware-cnc.rules)
 * 1:32367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GameOverZeus variant outbound connection (malware-cnc.rules)
 * 1:32368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex variant outbound connection (malware-cnc.rules)
 * 1:32372 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drepitt variant outbound connection (malware-cnc.rules)
 * 1:32373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Broonject variant outbound connection (malware-cnc.rules)
 * 1:32374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:32379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Baccamun variant outbound connection (malware-cnc.rules)
 * 1:32383 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - connect - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:32384 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - myupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:32394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules)
 * 1:32395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules)
 * 1:32396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules)
 * 1:32397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules)
 * 1:32400 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Parama attempted outbound connection (malware-cnc.rules)
 * 1:32401 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Kivars outbound connection (malware-cnc.rules)
 * 1:32402 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent globalupdate - Osx.Trojan.Wirelurker (malware-cnc.rules)
 * 1:32451 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backoff initial outbound connection (malware-cnc.rules)
 * 1:32455 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VUPHTTP - Win.Trojan.Puvespia (malware-cnc.rules)
 * 1:32456 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Effseart variant outbound connection (malware-cnc.rules)
 * 1:32457 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Effseart variant inbound connection (malware-cnc.rules)
 * 1:32464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker variant outbound connection (malware-cnc.rules)
 * 1:32469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankeiya outbound connection (malware-cnc.rules)
 * 1:32486 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Exadog outbound connection (malware-cnc.rules)
 * 1:32487 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Exadog variant outbound connection (malware-cnc.rules)
 * 1:32493 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA variant outbound connection (malware-cnc.rules)
 * 1:32494 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA variant outbound connection (malware-cnc.rules)
 * 1:32504 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (malware-cnc.rules)
 * 1:32505 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (malware-cnc.rules)
 * 1:32506 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Secdeskinf outbound connection (malware-cnc.rules)
 * 1:32510 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.PiltabeA outbound connection (malware-cnc.rules)
 * 1:32511 <-> DISABLED <-> MALWARE-CNC PCRat variant outbound connection (malware-cnc.rules)
 * 1:32512 <-> DISABLED <-> MALWARE-CNC PCRat variant outbound connection (malware-cnc.rules)
 * 1:32513 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Havex outbound connection (malware-cnc.rules)
 * 1:32521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 2.0 possible TOR client retrieval attempt (malware-cnc.rules)
 * 1:32529 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Vkont variant outbound connection (malware-cnc.rules)
 * 1:32548 <-> DISABLED <-> MALWARE-CNC Mac.Backdoor.iWorm attempted outbound connection (malware-cnc.rules)
 * 1:32550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Extant variant outbound connection (malware-cnc.rules)
 * 1:32551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coreshell variant outbound connection (malware-cnc.rules)
 * 1:32556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayoboiz outbound connection (malware-cnc.rules)
 * 1:32557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayoboiz outbound connection (malware-cnc.rules)
 * 1:32583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:32584 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:32585 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:32586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:32598 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad file wipe attempt (malware-cnc.rules)
 * 1:32599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad outbound connection (malware-cnc.rules)
 * 1:32600 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad file wipe attempt (malware-cnc.rules)
 * 1:32604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Geodo variant outbound connection (malware-cnc.rules)
 * 1:32605 <-> DISABLED <-> MALWARE-CNC Win.Worm.Jenxcus variant outbound connection (malware-cnc.rules)
 * 1:32606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral variant outbound connection (malware-cnc.rules)
 * 1:32607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt (malware-cnc.rules)
 * 1:32608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt (malware-cnc.rules)
 * 1:32609 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (malware-cnc.rules)
 * 1:32610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive (malware-cnc.rules)
 * 1:32613 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jadowndec attempted outbound connection (malware-cnc.rules)
 * 1:32614 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jadowndec attempted outbound connection (malware-cnc.rules)
 * 1:32621 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules)
 * 1:32624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules)
 * 1:32645 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RUpdate (malware-cnc.rules)
 * 1:32665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chopstick variant outbound request (malware-cnc.rules)
 * 1:32667 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chopstick variant outbound request (malware-cnc.rules)
 * 1:32674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wiper variant outbound connection (malware-cnc.rules)
 * 1:32677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules)
 * 1:32678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules)
 * 1:32706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:32727 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Uclinu variant outbound connection (malware-cnc.rules)
 * 1:32728 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Olegb variant outbound connection (malware-cnc.rules)
 * 1:32734 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Typideg variant outbound connection (malware-cnc.rules)
 * 1:32735 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoPHP variant outbound connection (malware-cnc.rules)
 * 1:32736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoPHP variant outbound connection (malware-cnc.rules)
 * 1:32743 <-> DISABLED <-> MALWARE-CNC VGABot IRC communication attempt (malware-cnc.rules)
 * 1:32747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragebot variant outbound connection (malware-cnc.rules)
 * 1:32769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WOWCheckC Attempted CNC (malware-cnc.rules)
 * 1:32770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:32776 <-> DISABLED <-> MALWARE-CNC FIN4 VBA Macro credentials upload attempt (malware-cnc.rules)
 * 1:32780 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (malware-cnc.rules)
 * 1:32781 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (malware-cnc.rules)
 * 1:32791 <-> DISABLED <-> MALWARE-CNC Win.Virus.Ransomlock outbound connection (malware-cnc.rules)
 * 1:32792 <-> DISABLED <-> MALWARE-CNC Win.Virus.Ransomlock inbound connection (malware-cnc.rules)
 * 1:32823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection (malware-cnc.rules)
 * 1:32824 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel variant outbound connection (malware-cnc.rules)
 * 1:32825 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection (malware-cnc.rules)
 * 1:32826 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel data upload attempt (malware-cnc.rules)
 * 1:32827 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel response connection attempt (malware-cnc.rules)
 * 1:32852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection (malware-cnc.rules)
 * 1:32853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection (malware-cnc.rules)
 * 1:32854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Loodir outbound connection (malware-cnc.rules)
 * 1:32882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ksypypro outbound connection (malware-cnc.rules)
 * 1:32891 <-> DISABLED <-> MALWARE-CNC Php.Malware.SoakSoakRedirect Malware traffic containing WordPress Administrator credentials (malware-cnc.rules)
 * 1:32892 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorLocker variant outbound connection (malware-cnc.rules)
 * 1:32893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Finforst outbound connection (malware-cnc.rules)
 * 1:32908 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules)
 * 1:32909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules)
 * 1:32910 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules)
 * 1:32950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bladabindi variant outbound connection (malware-cnc.rules)
 * 1:32956 <-> DISABLED <-> MALWARE-CNC Android.CoolReaper.Trojan outbound connection (malware-cnc.rules)
 * 1:32957 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound SOAP connection attempt (malware-cnc.rules)
 * 1:32958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot response connection attempt (malware-cnc.rules)
 * 1:32973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Twerket variant outbound connection (malware-cnc.rules)
 * 1:32976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluos variant outbound connection (malware-cnc.rules)
 * 1:32977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluos variant outbound connection (malware-cnc.rules)
 * 1:33677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Babar outbound connection (malware-cnc.rules)
 * 1:33863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:31885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Threebyte variant outbound connection (malware-cnc.rules)
 * 1:31992 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules)
 * 1:32986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toopu dll embedded in png download attempt (malware-cnc.rules)
 * 1:32987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:32988 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:32989 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:32990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toopu outbound connection (malware-cnc.rules)
 * 1:33047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - realupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33059 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant outbound connection (malware-cnc.rules)
 * 1:33060 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant outbound connection (malware-cnc.rules)
 * 1:33061 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lagulon.A outbound connection (malware-cnc.rules)
 * 1:33081 <-> DISABLED <-> MALWARE-CNC OnionDuke variant outbound connection (malware-cnc.rules)
 * 1:33082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nocpos initial outbound connection (malware-cnc.rules)
 * 1:33083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nocpos information disclosure attempt (malware-cnc.rules)
 * 1:33084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tosct variant outbound connection (malware-cnc.rules)
 * 1:33145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules)
 * 1:33148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules)
 * 1:33149 <-> DISABLED <-> MALWARE-CNC Win.Worm.Ultramine outbound connection (malware-cnc.rules)
 * 1:33152 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nurjax.A outbound connection (malware-cnc.rules)
 * 1:33153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Heur variant outbound connection (malware-cnc.rules)
 * 1:33161 <-> DISABLED <-> MALWARE-CNC Win.Spyware.Rombertik outbound connection (malware-cnc.rules)
 * 1:33165 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poweliks outbound connection (malware-cnc.rules)
 * 1:33199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Sabeba outbound connection (malware-cnc.rules)
 * 1:33200 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pisces variant outbound connection (malware-cnc.rules)
 * 1:33207 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mazilla/5.0 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules)
 * 1:33217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuovoscor variant outbound connection (malware-cnc.rules)
 * 1:33218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cendode system information disclosure attempt (malware-cnc.rules)
 * 1:33219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue variant outbound connection (malware-cnc.rules)
 * 1:33220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye keylogger exfiltration attempt (malware-cnc.rules)
 * 1:33221 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules)
 * 1:33222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules)
 * 1:33223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules)
 * 1:33227 <-> DISABLED <-> MALWARE-CNC Win.Agent.BHHK variant outbound connection (malware-cnc.rules)
 * 1:33228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules)
 * 1:33230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33231 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox/5.0 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33232 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - AppUpdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33233 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-1 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33234 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2508Inst - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33235 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-2 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33236 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2808inst - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33237 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Player - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33238 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Wurst - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33239 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Installer/1.0 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33240 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - FixUpdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33242 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Explorer - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33243 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozilla - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33244 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33245 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera10 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33246 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - OperaMini - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33248 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Peers12 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33249 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SLSSoapClient - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33250 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Tintin - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33251 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - USER_CHECK - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33252 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - WATClient - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33253 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - bbbbbbbbbb - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33254 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - hi - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33255 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - iMacros - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33256 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - macrotest - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33257 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlymacros - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33258 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Updates downloader - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33259 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - testupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33260 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlyupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33282 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules)
 * 1:33284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.OnLineGames variant outbound connection (malware-cnc.rules)
 * 1:33285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bavload outbound download request attempt (malware-cnc.rules)
 * 1:33289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rawpos incoming backdoor connection attempt (malware-cnc.rules)
 * 1:32978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules)
 * 1:33299 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foxy variant outbound connection (malware-cnc.rules)
 * 1:33305 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rubinurd variant outbound connection (malware-cnc.rules)
 * 1:33328 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules)
 * 1:33329 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules)
 * 1:33330 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules)
 * 1:33342 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules)
 * 1:33704 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:34138 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Netkrypt inbound response (malware-cnc.rules)
 * 1:34116 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules)
 * 1:34219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nanocore variant outbound connection (malware-cnc.rules)
 * 1:34115 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules)
 * 1:34030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34223 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Yebot variant outbound connection (malware-cnc.rules)
 * 1:34246 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AAEH variant outbound connection (malware-cnc.rules)
 * 1:34028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bruecimig variant outbound connection (malware-cnc.rules)
 * 1:33913 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Concbak outbound connection (malware-cnc.rules)
 * 1:34047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBPasswordStealer variant outbound connection (malware-cnc.rules)
 * 1:34130 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:34132 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Erotimpact variant outbound connection (malware-cnc.rules)
 * 1:33997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules)
 * 1:34108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarsi variant outbound connection (malware-cnc.rules)
 * 1:34113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent beacon reply attempt (malware-cnc.rules)
 * 1:33966 <-> DISABLED <-> MALWARE-CNC Win.Worm.Mafusc variant outbound connection (malware-cnc.rules)
 * 1:33831 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent DownloadMR - Solimba (malware-cnc.rules)
 * 1:34283 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules)
 * 1:34280 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules)
 * 1:33434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33860 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules)
 * 1:34290 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Plez outbound connection (malware-cnc.rules)
 * 1:34291 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string crackim (malware-cnc.rules)
 * 1:34292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kraken outbound connection (malware-cnc.rules)
 * 1:34289 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Plez outbound connection (malware-cnc.rules)
 * 1:34297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules)
 * 1:34307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34308 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules)
 * 1:40067 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LokiBot outbound connection (malware-cnc.rules)
 * 1:46062 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules)
 * 1:46063 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules)
 * 1:40066 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.LokiBot (malware-cnc.rules)
 * 1:31991 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Treck - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33524 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (malware-cnc.rules)
 * 1:33748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33546 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules)
 * 1:33649 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Google Omaha - Win.Trojan.ExtenBro (malware-cnc.rules)
 * 1:34143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypvault outbound connection (malware-cnc.rules)
 * 1:32980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - multi-browser (malware-cnc.rules)
 * 1:34031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:33873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tepoyx outbound connection detection (malware-cnc.rules)
 * 1:33646 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:31837 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retgate variant outbound connection (malware-cnc.rules)
 * 1:33990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules)
 * 1:33993 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules)
 * 1:33522 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - DNS Changer (malware-cnc.rules)
 * 1:33749 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules)
 * 1:33456 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules)